Tady log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:47:47, on 2.1.2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programy\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\Program Files\ICQLite\ICQLite.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\Mixer.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\D-Tools\daemon.exe
C:\Programy\Spyware Terminator\SpywareTerminatorShield.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\System32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - D:\Program Files\ActivationManager\ActivationManager.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ICQ Lite] "D:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programy\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download Using &BitSpirit - C:\Programy\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A932C09-2155-4D65-A643-14BD6D9297AE}: NameServer = 10.0.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - D:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programy\Spyware Terminator\sp_rsser.exe
--
End of file - 5602 bytes
////Díky
Prosím o kontrolu logu, nelze psát háčky a čárky
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Vítej na fóru
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + dej sem zároveň nový log z HJT.
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + dej sem zároveň nový log z HJT.
-
winslayer
- nováček
- Příspěvky: 29
- Registrován: leden 08
- Bydliště: Ostrava
- Pohlaví:
- Stav:
Offline
- Kontakt:
Tak tady je log z SDFix:
SDFix: Version 1.122
Run by Luk ç on źt 03.01.2008 at 14:53
Microsoft Windows XP [Verze 5.1.2600]
Running From: D:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
D:\WINDOWS\system32\ntos.exe - Deleted
D:\WINDOWS\system32\wsnpoem\audio.dll - Deleted
D:\WINDOWS\system32\wsnpoem\audio.dll.cla - Deleted
D:\WINDOWS\system32\wsnpoem\video.dll - Deleted
Folder D:\WINDOWS\system32\wsnpoem - Removed
Removing Temp Files...
ADS Check:
D:\WINDOWS
No streams found.
D:\WINDOWS\system32
No streams found.
D:\WINDOWS\system32\svchost.exe
No streams found.
D:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 15:01:19
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="D:\WINDOWS\cursors\arrow_r.cur,D:\WINDOWS\cursors\help_r.cur,D:\WINDOWS\cursors\wait_r.cur,D:\WINDOWS\cursors\busy_r.cur,D:\WINDOWS\cursors\cross_r.cur,D:\WINDOWS\cursors\beam_r.cur,D:\WINDOWS\cursors\pen_r.cur,D:\WINDOWS\cursors\no_r.cur,D:\WINDOWS\cursors\size4_r.cur,D:\WINDOWS\cursors\size3_r.cur,D:\WINDOWS\cursors\size2_r.cur,D:\WINDOWS\cursors\size1_r.cur,D:\WINDOWS\cursors\move_r.cur,D:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="D:\WINDOWS\cursors\arrow_rm.cur,D:\WINDOWS\cursors\help_rm.cur,D:\WINDOWS\cursors\wait_rm.cur,D:\WINDOWS\cursors\busy_rm.cur,D:\WINDOWS\cursors\cross_rm.cur,D:\WINDOWS\cursors\beam_rm.cur,D:\WINDOWS\cursors\pen_rm.cur,D:\WINDOWS\cursors\no_rm.cur,D:\WINDOWS\cursors\size4_rm.cur,D:\WINDOWS\cursors\size3_rm.cur,D:\WINDOWS\cursors\size2_rm.cur,D:\WINDOWS\cursors\size1_rm.cur,D:\WINDOWS\cursors\move_rm.cur,D:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="D:\WINDOWS\cursors\arrow_rl.cur,D:\WINDOWS\cursors\help_rl.cur,D:\WINDOWS\cursors\wait_rl.cur,D:\WINDOWS\cursors\busy_rl.cur,D:\WINDOWS\cursors\cross_rl.cur,D:\WINDOWS\cursors\beam_rl.cur,D:\WINDOWS\cursors\pen_rl.cur,D:\WINDOWS\cursors\no_rl.cur,D:\WINDOWS\cursors\size4_rl.cur,D:\WINDOWS\cursors\size3_rl.cur,D:\WINDOWS\cursors\size2_rl.cur,D:\WINDOWS\cursors\size1_rl.cur,D:\WINDOWS\cursors\move_rl.cur,D:\WINDOWS\cursors\up_rl.cur"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
Remaining Files:
---------------
File Backups: - D:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\00727be00eb44eabbe301c318b80ba61\BIT5C.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\11aafafbb87ec74d28458e82d4e698ae\BIT14.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\15b5453822a5dd8d6fd132a4c7c17977\BIT2C.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\1ca7117a1ee827f8125e8bf2e4c00c74\BIT4C.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\24957a983e1ed82751d0e04e4d999dc7\BIT18.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\302f6a018cefce90cb551248d22f4640\BIT43.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\33779474ef8ab75b67f51c7e2e3a80e5\BIT4F.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\343ee728fc29446bf7afc2cdaef1b332\BIT45.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\34448bd8142379149cb8cef0f5a0f690\BIT1F.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\34be356f9a111a17675dc288437e09e3\BIT17.tmp"
Fri 14 Dec 2007 10,703,680 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\3a4b17774256790710b116f48cad024c\BITE.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\42422ae52c4f0326ffb9450af7ded62a\BIT27.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\54438091347d420ae27601eb9fcb4587\BIT2E.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\5fa9563e06660b7fc55d5ba2f73241e8\BIT60.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\6626c0d5f59e49f6819f7657812702a9\BIT2B.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\6ad53a8394e8bdfdfb4d7e9bbfc4a035\BIT2D.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\6e75856c6efd762fe9068b5aa0da3bd6\BIT1.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\701bbc439e2ff47a457d9740440ec948\BIT46.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\7a93be16865afe5068a00f32d0ad1246\BIT1D.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\BIT1B.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\7ff4b0c681f506f8096ba5e784b9b8fc\BIT54.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\88896ca0498e954bfa21602cc9c1d566\BIT36.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\8ccd4871973779ac0c0663ae253006ec\BIT25.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\9726830d0123224b1d29103f202f536f\BIT32.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\9abe4e4fdc20ef26387cd9e096392331\BIT30.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\9e0a3a14ec0d4e4d61a1ad2b435c7de0\BIT3C.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\b6bc9abb8986523a87b39fb93b1c9895\BIT5D.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\ba698011e4f92f4f5a7de348c0eb7e8f\BIT1C.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\bd74a87132b6d6c5a5ed54768503fab5\BIT4D.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\c573e4938c9634483bd47dd8ee7de9eb\BIT41.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\d24df90f5807ede61f49cf61a3694ae5\BIT21.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\d4d720d85b0fcfb9e1e299b282c6ec92\BIT37.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\d51cb58fc0b1ed01a53e2a598ff59a95\BIT2A.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\d6825026fe6101b32c53383c9edd89c1\BIT11.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\e5a6ce1f8ea60105c71471c731c05538\BIT13.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\e70cae62aa04e88be1d0e3f4341552ae\BIT22.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\e963a52e5dabd874db0bce0ac8a55edf\BIT2F.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\f79f6122c4206083b4048c5c51635683\BIT55.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\fbe7276e626ef1181696976ff82fb1bd\BIT4E.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\fc35e4c5030a99b1369e76da84ab3a01\BIT12.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\fc78e55f61f4d31ee3f3e77dbba3a4e3\BIT16.tmp"
Fri 21 Sep 2007 444 ...HR --- "D:\Documents and Settings\Martin\Data aplikacˇ\SecuROM\UserData\securom_v7_01.bak"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\42ee6ff0bd464ce23260323989e41d58\download\BIT64.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\7fce958b0ca0fd79d0e07ec7f1d00afc\download\BIT63.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\92082761f51194cdf64ab9e514c4b224\download\BIT5E.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\ea42314f860f5702c15b0ee4cecc20d9\download\BIT20.tmp"
Finished!
a tady lod z HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04:55, on 3.1.2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programy\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\Mixer.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\D-Tools\daemon.exe
C:\Programy\Spyware Terminator\SpywareTerminatorShield.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - D:\Program Files\ActivationManager\ActivationManager.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programy\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download Using &BitSpirit - C:\Programy\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A932C09-2155-4D65-A643-14BD6D9297AE}: NameServer = 10.0.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - D:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programy\Spyware Terminator\sp_rsser.exe
--
End of file - 5234 bytes
SDFix: Version 1.122
Run by Luk ç on źt 03.01.2008 at 14:53
Microsoft Windows XP [Verze 5.1.2600]
Running From: D:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
D:\WINDOWS\system32\ntos.exe - Deleted
D:\WINDOWS\system32\wsnpoem\audio.dll - Deleted
D:\WINDOWS\system32\wsnpoem\audio.dll.cla - Deleted
D:\WINDOWS\system32\wsnpoem\video.dll - Deleted
Folder D:\WINDOWS\system32\wsnpoem - Removed
Removing Temp Files...
ADS Check:
D:\WINDOWS
No streams found.
D:\WINDOWS\system32
No streams found.
D:\WINDOWS\system32\svchost.exe
No streams found.
D:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 15:01:19
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="D:\WINDOWS\cursors\arrow_r.cur,D:\WINDOWS\cursors\help_r.cur,D:\WINDOWS\cursors\wait_r.cur,D:\WINDOWS\cursors\busy_r.cur,D:\WINDOWS\cursors\cross_r.cur,D:\WINDOWS\cursors\beam_r.cur,D:\WINDOWS\cursors\pen_r.cur,D:\WINDOWS\cursors\no_r.cur,D:\WINDOWS\cursors\size4_r.cur,D:\WINDOWS\cursors\size3_r.cur,D:\WINDOWS\cursors\size2_r.cur,D:\WINDOWS\cursors\size1_r.cur,D:\WINDOWS\cursors\move_r.cur,D:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="D:\WINDOWS\cursors\arrow_rm.cur,D:\WINDOWS\cursors\help_rm.cur,D:\WINDOWS\cursors\wait_rm.cur,D:\WINDOWS\cursors\busy_rm.cur,D:\WINDOWS\cursors\cross_rm.cur,D:\WINDOWS\cursors\beam_rm.cur,D:\WINDOWS\cursors\pen_rm.cur,D:\WINDOWS\cursors\no_rm.cur,D:\WINDOWS\cursors\size4_rm.cur,D:\WINDOWS\cursors\size3_rm.cur,D:\WINDOWS\cursors\size2_rm.cur,D:\WINDOWS\cursors\size1_rm.cur,D:\WINDOWS\cursors\move_rm.cur,D:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="D:\WINDOWS\cursors\arrow_rl.cur,D:\WINDOWS\cursors\help_rl.cur,D:\WINDOWS\cursors\wait_rl.cur,D:\WINDOWS\cursors\busy_rl.cur,D:\WINDOWS\cursors\cross_rl.cur,D:\WINDOWS\cursors\beam_rl.cur,D:\WINDOWS\cursors\pen_rl.cur,D:\WINDOWS\cursors\no_rl.cur,D:\WINDOWS\cursors\size4_rl.cur,D:\WINDOWS\cursors\size3_rl.cur,D:\WINDOWS\cursors\size2_rl.cur,D:\WINDOWS\cursors\size1_rl.cur,D:\WINDOWS\cursors\move_rl.cur,D:\WINDOWS\cursors\up_rl.cur"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
Remaining Files:
---------------
File Backups: - D:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\00727be00eb44eabbe301c318b80ba61\BIT5C.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\11aafafbb87ec74d28458e82d4e698ae\BIT14.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\15b5453822a5dd8d6fd132a4c7c17977\BIT2C.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\1ca7117a1ee827f8125e8bf2e4c00c74\BIT4C.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\24957a983e1ed82751d0e04e4d999dc7\BIT18.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\302f6a018cefce90cb551248d22f4640\BIT43.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\33779474ef8ab75b67f51c7e2e3a80e5\BIT4F.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\343ee728fc29446bf7afc2cdaef1b332\BIT45.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\34448bd8142379149cb8cef0f5a0f690\BIT1F.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\34be356f9a111a17675dc288437e09e3\BIT17.tmp"
Fri 14 Dec 2007 10,703,680 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\3a4b17774256790710b116f48cad024c\BITE.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\42422ae52c4f0326ffb9450af7ded62a\BIT27.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\54438091347d420ae27601eb9fcb4587\BIT2E.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\5fa9563e06660b7fc55d5ba2f73241e8\BIT60.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\6626c0d5f59e49f6819f7657812702a9\BIT2B.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\6ad53a8394e8bdfdfb4d7e9bbfc4a035\BIT2D.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\6e75856c6efd762fe9068b5aa0da3bd6\BIT1.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\701bbc439e2ff47a457d9740440ec948\BIT46.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\7a93be16865afe5068a00f32d0ad1246\BIT1D.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\7c23034aa59de6063b532fe6f6e04e2c\BIT1B.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\7ff4b0c681f506f8096ba5e784b9b8fc\BIT54.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\88896ca0498e954bfa21602cc9c1d566\BIT36.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\8ccd4871973779ac0c0663ae253006ec\BIT25.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\9726830d0123224b1d29103f202f536f\BIT32.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\9abe4e4fdc20ef26387cd9e096392331\BIT30.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\9e0a3a14ec0d4e4d61a1ad2b435c7de0\BIT3C.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\b6bc9abb8986523a87b39fb93b1c9895\BIT5D.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\ba698011e4f92f4f5a7de348c0eb7e8f\BIT1C.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\bd74a87132b6d6c5a5ed54768503fab5\BIT4D.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\c573e4938c9634483bd47dd8ee7de9eb\BIT41.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\d24df90f5807ede61f49cf61a3694ae5\BIT21.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\d4d720d85b0fcfb9e1e299b282c6ec92\BIT37.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\d51cb58fc0b1ed01a53e2a598ff59a95\BIT2A.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\d6825026fe6101b32c53383c9edd89c1\BIT11.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\e5a6ce1f8ea60105c71471c731c05538\BIT13.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\e70cae62aa04e88be1d0e3f4341552ae\BIT22.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\e963a52e5dabd874db0bce0ac8a55edf\BIT2F.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\f79f6122c4206083b4048c5c51635683\BIT55.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\fbe7276e626ef1181696976ff82fb1bd\BIT4E.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\fc35e4c5030a99b1369e76da84ab3a01\BIT12.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\fc78e55f61f4d31ee3f3e77dbba3a4e3\BIT16.tmp"
Fri 21 Sep 2007 444 ...HR --- "D:\Documents and Settings\Martin\Data aplikacˇ\SecuROM\UserData\securom_v7_01.bak"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\42ee6ff0bd464ce23260323989e41d58\download\BIT64.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\7fce958b0ca0fd79d0e07ec7f1d00afc\download\BIT63.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\92082761f51194cdf64ab9e514c4b224\download\BIT5E.tmp"
Fri 14 Dec 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\ea42314f860f5702c15b0ee4cecc20d9\download\BIT20.tmp"
Finished!
a tady lod z HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04:55, on 3.1.2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programy\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\Mixer.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\D-Tools\daemon.exe
C:\Programy\Spyware Terminator\SpywareTerminatorShield.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - D:\Program Files\ActivationManager\ActivationManager.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programy\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download Using &BitSpirit - C:\Programy\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A932C09-2155-4D65-A643-14BD6D9297AE}: NameServer = 10.0.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - D:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programy\Spyware Terminator\sp_rsser.exe
--
End of file - 5234 bytes
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Smaž adresář/složku kterou vytvořil SDFix:
D:\SDFix
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - D:\Program Files\ActivationManager\ActivationManager.dll (file missing)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zu.....der_v5.cab
po zaškrtnutí klikni na tlačítko Fix Checked
Vypni si integraci ClamAntiviru v nastavení Spyware Terminátora a zastav jeho službu, měla by se jmenovat:
Spyware Terminator Clam Service
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - D:\Program Files\WinClamAVShield\sp_clamsrv.exe
Start -> Spustit... - > otevře se ti okno kde do volného řádku napiš services.msc a dej OK. Otevře se ti okno Služby.
V ní ji najdi a ve vlastnostech ji zastav (klikni na tlačítko Zastavit) a nastav Typ spouštění: na Zakázáno.
Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině
Log jinak vypadá dobře, máš ještě problémy?
//Doplněno:
Doinstaluj si tam místo toho ClamAntiviru, nějaký jiný.
D:\SDFix
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - D:\Program Files\ActivationManager\ActivationManager.dll (file missing)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zu.....der_v5.cab
po zaškrtnutí klikni na tlačítko Fix Checked
Vypni si integraci ClamAntiviru v nastavení Spyware Terminátora a zastav jeho službu, měla by se jmenovat:
Spyware Terminator Clam Service
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - D:\Program Files\WinClamAVShield\sp_clamsrv.exe
Start -> Spustit... - > otevře se ti okno kde do volného řádku napiš services.msc a dej OK. Otevře se ti okno Služby.
V ní ji najdi a ve vlastnostech ji zastav (klikni na tlačítko Zastavit) a nastav Typ spouštění: na Zakázáno.
Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině
Log jinak vypadá dobře, máš ještě problémy?
//Doplněno:
Doinstaluj si tam místo toho ClamAntiviru, nějaký jiný.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 94 hostů