Dobrý den,
mám problém s tímto: Místo sekund se mi v počítači objevuje Windows Alert a na ploše se přidaly ikony Privacy protector, Spyware protection a ještě jedna, vyskakují mi okna a v neposlední řadě je plocha klikatelný na odkaz,který mi automaticky NOD zablokuje, výpis z HI JACK je tu:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45: VIRUS ALERT!, on 5.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Programy\Seznam\Postak\Postak.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Martin Hruska\Plocha\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QXK Olive - {17C24E63-9A2C-4C50-BF01-86212B497BC7} - C:\WINDOWS\wnlmdakqfne.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: bgrqfetx - {905562EF-6F86-4FF3-9963-5AB66372D3A8} - C:\WINDOWS\bgrqfetx.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Programy\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: raid_tool.exe.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{684FFC33-10EF-472F-9D9A-DF5F534838B8}: NameServer = 172.17.1.1,212.71.131.6
O21 - SSODL: xokvrpwg - {9A262EF3-A5A4-4E86-9252-CA97FA251663} - C:\WINDOWS\xokvrpwg.dll
O21 - SSODL: tfnslopk - {1C4D7047-C175-4F35-A758-B9FE3E1C6508} - C:\WINDOWS\tfnslopk.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
O24 - Desktop Component 2: Návštěvní kniha (guestbook) - http://www.blueboard.cz/kniha_0.php?hid ... bcbhaemm6n
--
End of file - 6476 bytes
Prosím o pomoc, děkuji
Windows Alert a popup, prosím pomoc!
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Re: Windows Alert a popup, prosím pomoc!
vítám tě na fóru PC-HELP 
spust služby - napsáním příkazu services.msc do Spustit... v nabídce START a klik na OK
najdi Spyware Terminator Realtime Shield Service zastav a typ spuštění dej na zakázáno
spust znova hijackthis a fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
O2 - BHO: QXK Olive - {17C24E63-9A2C-4C50-BF01-86212B497BC7} - C:\WINDOWS\wnlmdakqfne.dll
O3 - Toolbar: bgrqfetx - {905562EF-6F86-4FF3-9963-5AB66372D3A8} - C:\WINDOWS\bgrqfetx.dll
O21 - SSODL: xokvrpwg - {9A262EF3-A5A4-4E86-9252-CA97FA251663} - C:\WINDOWS\xokvrpwg.dll
O21 - SSODL: tfnslopk - {1C4D7047-C175-4F35-A758-B9FE3E1C6508} - C:\WINDOWS\tfnslopk.dll
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah. + nový hijackthis
spust služby - napsáním příkazu services.msc do Spustit... v nabídce START a klik na OK
najdi Spyware Terminator Realtime Shield Service zastav a typ spuštění dej na zakázáno
spust znova hijackthis a fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
O2 - BHO: QXK Olive - {17C24E63-9A2C-4C50-BF01-86212B497BC7} - C:\WINDOWS\wnlmdakqfne.dll
O3 - Toolbar: bgrqfetx - {905562EF-6F86-4FF3-9963-5AB66372D3A8} - C:\WINDOWS\bgrqfetx.dll
O21 - SSODL: xokvrpwg - {9A262EF3-A5A4-4E86-9252-CA97FA251663} - C:\WINDOWS\xokvrpwg.dll
O21 - SSODL: tfnslopk - {1C4D7047-C175-4F35-A758-B9FE3E1C6508} - C:\WINDOWS\tfnslopk.dll
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah. + nový hijackthis
Re: Windows Alert a popup, prosím pomoc!
Zkusil jsem utilitu SDFIX, napsalo mi to v logu toto.
Ve slozce SDFIX se objevily dva inf soubory (nějaký w2k a windowsalert).... po spuštění a restartování se ovšem bohužel stále nic nestalo a problém přetrvává
SDFix: Version 1.212
Run by Martin Hruska on Łt 05.08.2008 at 13:22
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\DOCUME~1\MARTIN~1\Plocha\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Restoring Windows ProductId To Remove Fake Virus Alert
Restoring Time Format To Remove Fake Virus Alert
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\Martin Hruska\Oblˇben‚ polo§ky\Error Cleaner.url - Deleted
C:\Documents and Settings\Martin Hruska\Oblˇben‚ polo§ky\Privacy Protector.url - Deleted
C:\Documents and Settings\Martin Hruska\Oblˇben‚ polo§ky\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\dssc32.exe.bat - Deleted
C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\s1265.php.bat - Deleted
C:\WINDOWS\system32\nvrsul32.dll - Deleted
Folder C:\WINDOWS\privacy_danger - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 13:28:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:7e,90,70,9a,98,3c,d6,0a,47,47,8e,e3,cf,be,1b,0f,28,9b,13,aa,a0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,4a,21,ac,4b,96,ee,fe,46,ba,3d,0b,f2,3c,6e,b6,44,..
"khjeh"=hex:81,22,27,3b,66,41,e8,fd,33,d5,1a,c8,05,dd,d1,d0,39,e6,0c,ae,b5,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:9f,67,9a,09,2b,7b,09,6c,97,44,1d,2a,8a,ac,5f,a0,7b,99,fc,84,11,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:7e,90,70,9a,98,3c,d6,0a,47,47,8e,e3,cf,be,1b,0f,28,9b,13,aa,a0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,4a,21,ac,4b,96,ee,fe,46,ba,3d,0b,f2,3c,6e,b6,44,..
"khjeh"=hex:81,22,27,3b,66,41,e8,fd,33,d5,1a,c8,05,dd,d1,d0,39,e6,0c,ae,b5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:9f,67,9a,09,2b,7b,09,6c,97,44,1d,2a,8a,ac,5f,a0,7b,99,fc,84,11,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions]
"\f\1E?S?Á?K?-?P?C?"=""
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\Programy\\BitLord\\BitLord.exe"="C:\\Program Files\\Programy\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"D:\\HRY\\Warcraft3\\War3.exe"="D:\\HRY\\Warcraft3\\War3.exe:*:Enabled:Warcraft III"
"C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\QIP\\qip.exe"="C:\\Program Files\\QIP\\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\\HRY\\Football Manager 2008\\fm.exe"="D:\\HRY\\Football Manager 2008\\fm.exe:*:Disabled:Football Manager 2008"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\DOCUME~1\MARTIN~1\Plocha\SDFix\backups\backups.zip
Finished!
Ve slozce SDFIX se objevily dva inf soubory (nějaký w2k a windowsalert).... po spuštění a restartování se ovšem bohužel stále nic nestalo a problém přetrvává
SDFix: Version 1.212
Run by Martin Hruska on Łt 05.08.2008 at 13:22
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\DOCUME~1\MARTIN~1\Plocha\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Restoring Windows ProductId To Remove Fake Virus Alert
Restoring Time Format To Remove Fake Virus Alert
Rebooting
Checking Files :
Trojan Files Found:
C:\Documents and Settings\Martin Hruska\Oblˇben‚ polo§ky\Error Cleaner.url - Deleted
C:\Documents and Settings\Martin Hruska\Oblˇben‚ polo§ky\Privacy Protector.url - Deleted
C:\Documents and Settings\Martin Hruska\Oblˇben‚ polo§ky\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\dssc32.exe.bat - Deleted
C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\s1265.php.bat - Deleted
C:\WINDOWS\system32\nvrsul32.dll - Deleted
Folder C:\WINDOWS\privacy_danger - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 13:28:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:7e,90,70,9a,98,3c,d6,0a,47,47,8e,e3,cf,be,1b,0f,28,9b,13,aa,a0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,4a,21,ac,4b,96,ee,fe,46,ba,3d,0b,f2,3c,6e,b6,44,..
"khjeh"=hex:81,22,27,3b,66,41,e8,fd,33,d5,1a,c8,05,dd,d1,d0,39,e6,0c,ae,b5,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:9f,67,9a,09,2b,7b,09,6c,97,44,1d,2a,8a,ac,5f,a0,7b,99,fc,84,11,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:7e,90,70,9a,98,3c,d6,0a,47,47,8e,e3,cf,be,1b,0f,28,9b,13,aa,a0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,4a,21,ac,4b,96,ee,fe,46,ba,3d,0b,f2,3c,6e,b6,44,..
"khjeh"=hex:81,22,27,3b,66,41,e8,fd,33,d5,1a,c8,05,dd,d1,d0,39,e6,0c,ae,b5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:9f,67,9a,09,2b,7b,09,6c,97,44,1d,2a,8a,ac,5f,a0,7b,99,fc,84,11,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions]
"\f\1E?S?Á?K?-?P?C?"=""
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\Programy\\BitLord\\BitLord.exe"="C:\\Program Files\\Programy\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"D:\\HRY\\Warcraft3\\War3.exe"="D:\\HRY\\Warcraft3\\War3.exe:*:Enabled:Warcraft III"
"C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\QIP\\qip.exe"="C:\\Program Files\\QIP\\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\\HRY\\Football Manager 2008\\fm.exe"="D:\\HRY\\Football Manager 2008\\fm.exe:*:Disabled:Football Manager 2008"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\DOCUME~1\MARTIN~1\Plocha\SDFix\backups\backups.zip
Finished!
Re: Windows Alert a popup, prosím pomoc!
Ok děkuji, zkusím a napíšu
Re: Windows Alert a popup, prosím pomoc!
Tak jsem udělal vše, co jste mi napsal... u času se nezobrazuje hláška o čase a nevyskakují okna, přetrvává ale odkaz na ploše a složka C:/Windows/privacy danger.... po každém restartu se obnoví a tudíž mi na ploše zabere kus plochy s klikatelným odkazem na jejich web
nový výpis z Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:43, on 5.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Programy\Seznam\Postak\Postak.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Martin Hruska\Plocha\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Programy\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: raid_tool.exe.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{684FFC33-10EF-472F-9D9A-DF5F534838B8}: NameServer = 172.17.1.1,212.71.131.6
O21 - SSODL: tfnslopk - {D3DA2DFB-AC93-4228-8C8F-6CF61B10417A} - C:\WINDOWS\tfnslopk.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
O24 - Desktop Component 2: Návštěvní kniha (guestbook) - http://www.blueboard.cz/kniha_0.php?hid ... bcbhaemm6n
--
End of file - 5974 bytes
a report z SDFIXu:
SDFix: Version 1.212
Run by Martin Hruska on Łt 05.08.2008 at 22:16
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\DOCUME~1\MARTIN~1\Plocha\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\WINDOWS\system32\nvrsul32.dll - Deleted
Folder C:\WINDOWS\privacy_danger - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 22:21:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:7e,90,70,9a,98,3c,d6,0a,47,47,8e,e3,cf,be,1b,0f,28,9b,13,aa,a0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,4a,21,ac,4b,96,ee,fe,46,ba,3d,0b,f2,3c,6e,b6,44,..
"khjeh"=hex:81,22,27,3b,66,41,e8,fd,33,d5,1a,c8,05,dd,d1,d0,39,e6,0c,ae,b5,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:9f,67,9a,09,2b,7b,09,6c,97,44,1d,2a,8a,ac,5f,a0,7b,99,fc,84,11,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:7e,90,70,9a,98,3c,d6,0a,47,47,8e,e3,cf,be,1b,0f,28,9b,13,aa,a0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,4a,21,ac,4b,96,ee,fe,46,ba,3d,0b,f2,3c,6e,b6,44,..
"khjeh"=hex:81,22,27,3b,66,41,e8,fd,33,d5,1a,c8,05,dd,d1,d0,39,e6,0c,ae,b5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:9f,67,9a,09,2b,7b,09,6c,97,44,1d,2a,8a,ac,5f,a0,7b,99,fc,84,11,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions]
"\f\1E?S?Á?K?-?P?C?"=""
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\Programy\\BitLord\\BitLord.exe"="C:\\Program Files\\Programy\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"D:\\HRY\\Warcraft3\\War3.exe"="D:\\HRY\\Warcraft3\\War3.exe:*:Enabled:Warcraft III"
"C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\QIP\\qip.exe"="C:\\Program Files\\QIP\\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\\HRY\\Football Manager 2008\\fm.exe"="D:\\HRY\\Football Manager 2008\\fm.exe:*:Disabled:Football Manager 2008"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\DOCUME~1\MARTIN~1\Plocha\SDFix\backups\backups.zip
Finished!
nový výpis z Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:43, on 5.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Programy\Seznam\Postak\Postak.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Martin Hruska\Plocha\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Programy\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: raid_tool.exe.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{684FFC33-10EF-472F-9D9A-DF5F534838B8}: NameServer = 172.17.1.1,212.71.131.6
O21 - SSODL: tfnslopk - {D3DA2DFB-AC93-4228-8C8F-6CF61B10417A} - C:\WINDOWS\tfnslopk.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
O24 - Desktop Component 2: Návštěvní kniha (guestbook) - http://www.blueboard.cz/kniha_0.php?hid ... bcbhaemm6n
--
End of file - 5974 bytes
a report z SDFIXu:
SDFix: Version 1.212
Run by Martin Hruska on Łt 05.08.2008 at 22:16
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\DOCUME~1\MARTIN~1\Plocha\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\WINDOWS\system32\nvrsul32.dll - Deleted
Folder C:\WINDOWS\privacy_danger - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 22:21:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:7e,90,70,9a,98,3c,d6,0a,47,47,8e,e3,cf,be,1b,0f,28,9b,13,aa,a0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,4a,21,ac,4b,96,ee,fe,46,ba,3d,0b,f2,3c,6e,b6,44,..
"khjeh"=hex:81,22,27,3b,66,41,e8,fd,33,d5,1a,c8,05,dd,d1,d0,39,e6,0c,ae,b5,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:9f,67,9a,09,2b,7b,09,6c,97,44,1d,2a,8a,ac,5f,a0,7b,99,fc,84,11,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:7e,90,70,9a,98,3c,d6,0a,47,47,8e,e3,cf,be,1b,0f,28,9b,13,aa,a0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f2,4a,21,ac,4b,96,ee,fe,46,ba,3d,0b,f2,3c,6e,b6,44,..
"khjeh"=hex:81,22,27,3b,66,41,e8,fd,33,d5,1a,c8,05,dd,d1,d0,39,e6,0c,ae,b5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:9f,67,9a,09,2b,7b,09,6c,97,44,1d,2a,8a,ac,5f,a0,7b,99,fc,84,11,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions]
"\f\1E?S?Á?K?-?P?C?"=""
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\Programy\\BitLord\\BitLord.exe"="C:\\Program Files\\Programy\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"D:\\HRY\\Warcraft3\\War3.exe"="D:\\HRY\\Warcraft3\\War3.exe:*:Enabled:Warcraft III"
"C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\QIP\\qip.exe"="C:\\Program Files\\QIP\\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\\HRY\\Football Manager 2008\\fm.exe"="D:\\HRY\\Football Manager 2008\\fm.exe:*:Disabled:Football Manager 2008"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\DOCUME~1\MARTIN~1\Plocha\SDFix\backups\backups.zip
Finished!
Re: Windows Alert a popup, prosím pomoc!
A ještě jsem zapomněl dodat, že ikony disků stále chybějí (C,D) ale ovládací panely se objevily
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Re: Windows Alert a popup, prosím pomoc!
proč si nevypnul ten Spy Terminator?
vypni ho podle návodu co jsem psal a potom použij combofix
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah+nový log z hijackthis
vypni ho podle návodu co jsem psal a potom použij combofix
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah+nový log z hijackthis
Re: Windows Alert a popup, prosím pomoc!
ST jsem vypl, ale asi špatně:(
vypadá to, že je funkční. Děkuji mockrát, ještě přihodim logy:
HIJACK
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:05, on 6.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Programy\Seznam\Postak\Postak.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Martin Hruska\Plocha\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Programy\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: raid_tool.exe.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{684FFC33-10EF-472F-9D9A-DF5F534838B8}: NameServer = 172.17.1.1,212.71.131.6
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 1: Návštěvní kniha (guestbook) - http://www.blueboard.cz/kniha_0.php?hid ... bcbhaemm6n
--
End of file - 6028 bytes
a Combo fix
ComboFix 08-08-04.09 - Martin Hruska 2008-08-06 14:32:13.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.256 [GMT 2:00]
Running from: C:\Documents and Settings\Martin Hruska\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\bgrqfetx.dll
C:\WINDOWS\eovn.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\msssc.dll
C:\WINDOWS\tfnslopk.dll
C:\WINDOWS\xokvrpwg.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-06 to 2008-08-06 )))))))))))))))))))))))))))))))
.
2008-08-05 22:37 . 2008-08-05 22:37 <DIR> d-------- C:\Documents and Settings\MÍŠA\Data aplikací\ESET
2008-08-05 13:19 . 2008-08-05 13:19 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-05 13:18 . 2008-06-24 15:39 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-08-05 13:18 . 2008-06-24 15:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-08-05 13:18 . 2008-06-24 15:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-08-05 13:18 . 2008-06-24 15:39 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-08-05 13:18 . 2008-06-24 13:53 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2008-08-05 13:18 . 2008-06-24 15:39 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-08-05 13:18 . 2008-06-24 15:39 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-08-05 13:18 . 2008-06-24 15:39 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-08-05 13:18 . 2008-08-05 13:18 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-05 11:55 . 2008-08-05 11:55 <DIR> d-------- C:\Documents and Settings\Martin Hruska\Data aplikací\ESET
2008-08-05 11:53 . 2008-08-05 11:53 <DIR> d-------- C:\Program Files\ESET
2008-08-05 11:53 . 2008-08-05 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2008-08-05 11:36 . 2008-08-05 06:03 86,016 --a------ C:\WINDOWS\lnvegaow.exe
2008-08-05 10:11 . 2008-08-05 10:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-05 10:11 . 2008-08-05 10:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-04 23:44 . 2008-08-05 00:12 <DIR> d-------- C:\Documents and Settings\Martin Hruska\Data aplikací\Sports Interactive
2008-08-04 23:36 . 2008-08-04 23:36 <DIR> dr-h----- C:\Documents and Settings\Martin Hruska\Data aplikací\SecuROM
2008-08-04 23:36 . 2008-08-04 23:36 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-08-04 14:09 . 2008-08-04 14:10 <DIR> d-------- C:\Program Files\QIP
2008-08-03 23:13 . 2008-08-03 23:13 <DIR> d-------- C:\Documents and Settings\Martin Hruska\Data aplikací\AdobeUM
2008-07-27 21:29 . 2008-07-27 21:29 <DIR> d-------- C:\Documents and Settings\MÍŠA\Data aplikací\AdobeUM
2008-07-23 22:27 . 2008-07-23 22:27 <DIR> d-------- C:\Documents and Settings\Martin Hruska\Data aplikací\QIP
2008-07-14 19:43 . 2008-07-14 19:43 <DIR> d-------- C:\Program Files\Deluxe Ski Jump 3
2008-07-11 11:14 . 2006-02-20 18:59 94,064 -ra------ C:\WINDOWS\system32\drivers\w810mdm.sys
2008-07-11 11:14 . 2006-02-20 18:59 8,336 -ra------ C:\WINDOWS\system32\drivers\w810mdfl.sys
2008-07-11 11:14 . 2006-02-20 18:59 6,176 -ra------ C:\WINDOWS\system32\drivers\w810cmnt.sys
2008-07-11 11:14 . 2006-02-20 18:59 6,176 -ra------ C:\WINDOWS\system32\drivers\w810cm.sys
2008-07-11 11:13 . 2006-02-20 18:59 58,288 -ra------ C:\WINDOWS\system32\drivers\w810bus.sys
2008-07-11 11:13 . 2006-02-20 18:59 5,808 -ra------ C:\WINDOWS\system32\drivers\w810whnt.sys
2008-07-11 11:13 . 2006-02-20 18:59 5,808 -ra------ C:\WINDOWS\system32\drivers\w810wh.sys
2008-07-09 17:31 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-07-09 17:31 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-07-09 17:31 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-07-09 15:50 . 2006-11-30 15:58 97,088 -ra------ C:\WINDOWS\system32\drivers\se44mdm.sys
2008-07-09 15:50 . 2006-11-30 15:58 61,536 -ra------ C:\WINDOWS\system32\drivers\se44bus.sys
2008-07-09 15:50 . 2006-11-30 15:58 9,360 -ra------ C:\WINDOWS\system32\drivers\se44mdfl.sys
2008-07-09 15:50 . 2006-11-30 15:58 6,240 -ra------ C:\WINDOWS\system32\drivers\se44cmnt.sys
2008-07-09 15:50 . 2006-11-30 15:58 6,240 -ra------ C:\WINDOWS\system32\drivers\se44cm.sys
2008-07-09 15:50 . 2006-11-30 15:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se44whnt.sys
2008-07-09 15:50 . 2006-11-30 15:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se44wh.sys
2008-07-09 14:46 . 2008-07-09 14:46 <DIR> d-------- C:\s_tour_3
2008-07-06 18:38 . 2008-08-04 12:58 245 --a------ C:\WINDOWS\wcx_ftp.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 12:26 --------- d-----w C:\Program Files\Spyware Terminator
2008-08-06 12:08 --------- d-----w C:\Program Files\AIMP2
2008-08-06 12:08 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\Skype
2008-08-04 12:09 --------- d-----w C:\Program Files\Programy
2008-07-24 17:10 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-07-20 12:19 --------- d-----w C:\Program Files\Java
2008-07-09 15:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-27 19:56 --------- d-----w C:\Documents and Settings\MÍŠA\Data aplikací\ACD Systems
2008-06-27 19:14 --------- d-----w C:\Documents and Settings\MÍŠA\Data aplikací\Winamp
2008-06-26 18:42 --------- d-----w C:\Documents and Settings\MÍŠA\Data aplikací\ICQ
2008-06-26 17:31 --------- d-----w C:\Program Files\Common Files\Java
2008-06-26 17:04 --------- d-----w C:\Program Files\Sun
2008-06-26 16:29 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\Graphisoft
2008-06-25 11:25 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\Zoner
2008-06-25 09:25 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\CyberLink
2008-06-24 20:18 --------- d--h--w C:\Program Files\Zero G Registry
2008-06-24 18:49 --------- d-----w C:\Program Files\ICQ6
2008-06-24 18:49 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\ICQ
2008-06-24 15:16 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-06-24 15:15 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\DAEMON Tools
2008-06-24 15:12 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-24 15:03 138,624 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-24 14:41 --------- d-----w C:\Program Files\PC Translator 2002
2008-06-24 14:35 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-06-24 14:35 --------- d-----w C:\Program Files\mpegable
2008-06-24 14:18 --------- d-----w C:\Program Files\Microsoft Works
2008-06-24 13:14 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\ACD Systems
2008-06-24 13:13 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-06-24 13:13 --------- d-----w C:\Program Files\ACD Systems
2008-06-24 13:13 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ACD Systems
2008-06-24 13:09 --------- d-----w C:\Program Files\DVD Shrink
2008-06-24 13:09 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-06-24 13:04 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\Winamp
2008-06-24 13:03 --------- d-----w C:\Program Files\Winamp
2008-06-24 13:02 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\Apple Computer
2008-06-24 13:01 --------- d-----w C:\Program Files\QuickTime
2008-06-24 13:00 --------- d-----w C:\Program Files\CyberLink
2008-06-24 13:00 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\CyberLink
2008-06-24 13:00 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2008-06-24 12:59 --------- d-----w C:\Program Files\Elecard MPEG 2 Player 2.0 beta
2008-06-24 12:56 --------- d-----w C:\Program Files\PowerQuest
2008-06-24 12:56 --------- d-----w C:\Program Files\CDex_150
2008-06-24 12:55 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-06-24 12:55 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-06-24 12:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-24 12:50 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\WinZip
2008-06-24 12:48 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\Ahead
2008-06-24 12:45 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-24 12:43 --------- d-----w C:\Program Files\Nero
2008-06-24 12:42 --------- d-----w C:\Program Files\VIA
2008-06-24 12:41 --------- d-----w C:\Program Files\Analog Devices
2008-06-24 12:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-24 12:37 --------- d-----w C:\Program Files\Skype
2008-06-24 11:59 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-10 16:56 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-06-10 16:56 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-06-10 16:56 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2003-06-03 15:49 448,256 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-06-03 15:48 147,328 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-06-03 15:47 147,328 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-05-02 09:19 49152]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-11 20:41 25343016]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-29 14:05 486856]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-05-02 09:19 4640768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-06-24 15:00 155648]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-24 17:02 2778112]
"SMail"="C:\Program Files\Programy\Seznam\Postak\Postak.exe" [2008-02-21 21:22 453936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168]
"nwiz"="nwiz.exe" [2003-05-02 09:19 323584 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]
raid_tool.exe.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2008-06-24 14:42:41 561152]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Programy\\BitLord\\BitLord.exe"=
"D:\\HRY\\Warcraft3\\War3.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-12 12:31]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-24 17:03]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 15:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 15:58]
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Martin Hruska\Data aplikací\Mozilla\Firefox\Profiles\sqqpz1bs.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - http://www.seznam.cz
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-06 14:37:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-06 14:40:02
ComboFix-quarantined-files.txt 2008-08-06 12:39:56
Pre-Run: 7,025,733,632
Post-Run: 8,281,702,400
199
vypadá to, že je funkční. Děkuji mockrát, ještě přihodim logy:
HIJACK
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:05, on 6.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Programy\Seznam\Postak\Postak.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Martin Hruska\Plocha\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Programy\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: raid_tool.exe.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{684FFC33-10EF-472F-9D9A-DF5F534838B8}: NameServer = 172.17.1.1,212.71.131.6
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 1: Návštěvní kniha (guestbook) - http://www.blueboard.cz/kniha_0.php?hid ... bcbhaemm6n
--
End of file - 6028 bytes
a Combo fix
ComboFix 08-08-04.09 - Martin Hruska 2008-08-06 14:32:13.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.256 [GMT 2:00]
Running from: C:\Documents and Settings\Martin Hruska\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\bgrqfetx.dll
C:\WINDOWS\eovn.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\msssc.dll
C:\WINDOWS\tfnslopk.dll
C:\WINDOWS\xokvrpwg.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-06 to 2008-08-06 )))))))))))))))))))))))))))))))
.
2008-08-05 22:37 . 2008-08-05 22:37 <DIR> d-------- C:\Documents and Settings\MÍŠA\Data aplikací\ESET
2008-08-05 13:19 . 2008-08-05 13:19 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-05 13:18 . 2008-06-24 15:39 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-08-05 13:18 . 2008-06-24 15:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-08-05 13:18 . 2008-06-24 15:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-08-05 13:18 . 2008-06-24 15:39 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-08-05 13:18 . 2008-06-24 13:53 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2008-08-05 13:18 . 2008-06-24 15:39 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-08-05 13:18 . 2008-06-24 15:39 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-08-05 13:18 . 2008-06-24 15:39 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-08-05 13:18 . 2008-08-05 13:18 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-05 11:55 . 2008-08-05 11:55 <DIR> d-------- C:\Documents and Settings\Martin Hruska\Data aplikací\ESET
2008-08-05 11:53 . 2008-08-05 11:53 <DIR> d-------- C:\Program Files\ESET
2008-08-05 11:53 . 2008-08-05 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2008-08-05 11:36 . 2008-08-05 06:03 86,016 --a------ C:\WINDOWS\lnvegaow.exe
2008-08-05 10:11 . 2008-08-05 10:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-05 10:11 . 2008-08-05 10:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-04 23:44 . 2008-08-05 00:12 <DIR> d-------- C:\Documents and Settings\Martin Hruska\Data aplikací\Sports Interactive
2008-08-04 23:36 . 2008-08-04 23:36 <DIR> dr-h----- C:\Documents and Settings\Martin Hruska\Data aplikací\SecuROM
2008-08-04 23:36 . 2008-08-04 23:36 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-08-04 14:09 . 2008-08-04 14:10 <DIR> d-------- C:\Program Files\QIP
2008-08-03 23:13 . 2008-08-03 23:13 <DIR> d-------- C:\Documents and Settings\Martin Hruska\Data aplikací\AdobeUM
2008-07-27 21:29 . 2008-07-27 21:29 <DIR> d-------- C:\Documents and Settings\MÍŠA\Data aplikací\AdobeUM
2008-07-23 22:27 . 2008-07-23 22:27 <DIR> d-------- C:\Documents and Settings\Martin Hruska\Data aplikací\QIP
2008-07-14 19:43 . 2008-07-14 19:43 <DIR> d-------- C:\Program Files\Deluxe Ski Jump 3
2008-07-11 11:14 . 2006-02-20 18:59 94,064 -ra------ C:\WINDOWS\system32\drivers\w810mdm.sys
2008-07-11 11:14 . 2006-02-20 18:59 8,336 -ra------ C:\WINDOWS\system32\drivers\w810mdfl.sys
2008-07-11 11:14 . 2006-02-20 18:59 6,176 -ra------ C:\WINDOWS\system32\drivers\w810cmnt.sys
2008-07-11 11:14 . 2006-02-20 18:59 6,176 -ra------ C:\WINDOWS\system32\drivers\w810cm.sys
2008-07-11 11:13 . 2006-02-20 18:59 58,288 -ra------ C:\WINDOWS\system32\drivers\w810bus.sys
2008-07-11 11:13 . 2006-02-20 18:59 5,808 -ra------ C:\WINDOWS\system32\drivers\w810whnt.sys
2008-07-11 11:13 . 2006-02-20 18:59 5,808 -ra------ C:\WINDOWS\system32\drivers\w810wh.sys
2008-07-09 17:31 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-07-09 17:31 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-07-09 17:31 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-07-09 15:50 . 2006-11-30 15:58 97,088 -ra------ C:\WINDOWS\system32\drivers\se44mdm.sys
2008-07-09 15:50 . 2006-11-30 15:58 61,536 -ra------ C:\WINDOWS\system32\drivers\se44bus.sys
2008-07-09 15:50 . 2006-11-30 15:58 9,360 -ra------ C:\WINDOWS\system32\drivers\se44mdfl.sys
2008-07-09 15:50 . 2006-11-30 15:58 6,240 -ra------ C:\WINDOWS\system32\drivers\se44cmnt.sys
2008-07-09 15:50 . 2006-11-30 15:58 6,240 -ra------ C:\WINDOWS\system32\drivers\se44cm.sys
2008-07-09 15:50 . 2006-11-30 15:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se44whnt.sys
2008-07-09 15:50 . 2006-11-30 15:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se44wh.sys
2008-07-09 14:46 . 2008-07-09 14:46 <DIR> d-------- C:\s_tour_3
2008-07-06 18:38 . 2008-08-04 12:58 245 --a------ C:\WINDOWS\wcx_ftp.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 12:26 --------- d-----w C:\Program Files\Spyware Terminator
2008-08-06 12:08 --------- d-----w C:\Program Files\AIMP2
2008-08-06 12:08 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\Skype
2008-08-04 12:09 --------- d-----w C:\Program Files\Programy
2008-07-24 17:10 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-07-20 12:19 --------- d-----w C:\Program Files\Java
2008-07-09 15:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-27 19:56 --------- d-----w C:\Documents and Settings\MÍŠA\Data aplikací\ACD Systems
2008-06-27 19:14 --------- d-----w C:\Documents and Settings\MÍŠA\Data aplikací\Winamp
2008-06-26 18:42 --------- d-----w C:\Documents and Settings\MÍŠA\Data aplikací\ICQ
2008-06-26 17:31 --------- d-----w C:\Program Files\Common Files\Java
2008-06-26 17:04 --------- d-----w C:\Program Files\Sun
2008-06-26 16:29 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\Graphisoft
2008-06-25 11:25 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\Zoner
2008-06-25 09:25 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\CyberLink
2008-06-24 20:18 --------- d--h--w C:\Program Files\Zero G Registry
2008-06-24 18:49 --------- d-----w C:\Program Files\ICQ6
2008-06-24 18:49 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\ICQ
2008-06-24 15:16 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-06-24 15:15 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\DAEMON Tools
2008-06-24 15:12 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-24 15:03 138,624 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-24 14:41 --------- d-----w C:\Program Files\PC Translator 2002
2008-06-24 14:35 47,104 ------w C:\WINDOWS\AKDeInstall.exe
2008-06-24 14:35 --------- d-----w C:\Program Files\mpegable
2008-06-24 14:18 --------- d-----w C:\Program Files\Microsoft Works
2008-06-24 13:14 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\ACD Systems
2008-06-24 13:13 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-06-24 13:13 --------- d-----w C:\Program Files\ACD Systems
2008-06-24 13:13 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\ACD Systems
2008-06-24 13:09 --------- d-----w C:\Program Files\DVD Shrink
2008-06-24 13:09 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-06-24 13:04 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\Winamp
2008-06-24 13:03 --------- d-----w C:\Program Files\Winamp
2008-06-24 13:02 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\Apple Computer
2008-06-24 13:01 --------- d-----w C:\Program Files\QuickTime
2008-06-24 13:00 --------- d-----w C:\Program Files\CyberLink
2008-06-24 13:00 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\CyberLink
2008-06-24 13:00 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2008-06-24 12:59 --------- d-----w C:\Program Files\Elecard MPEG 2 Player 2.0 beta
2008-06-24 12:56 --------- d-----w C:\Program Files\PowerQuest
2008-06-24 12:56 --------- d-----w C:\Program Files\CDex_150
2008-06-24 12:55 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-06-24 12:55 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-06-24 12:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-24 12:50 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\WinZip
2008-06-24 12:48 --------- d-----w C:\Documents and Settings\Martin Hruska\Data aplikací\Ahead
2008-06-24 12:45 --------- d-----w C:\Program Files\Common Files\Ahead
2008-06-24 12:43 --------- d-----w C:\Program Files\Nero
2008-06-24 12:42 --------- d-----w C:\Program Files\VIA
2008-06-24 12:41 --------- d-----w C:\Program Files\Analog Devices
2008-06-24 12:39 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-24 12:37 --------- d-----w C:\Program Files\Skype
2008-06-24 11:59 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-10 16:56 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-06-10 16:56 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-06-10 16:56 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-06-10 16:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 16:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2003-06-03 15:49 448,256 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-06-03 15:48 147,328 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-06-03 15:47 147,328 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-05-02 09:19 49152]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-11 20:41 25343016]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-29 14:05 486856]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-01 12:40 172280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-05-02 09:19 4640768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-06-24 15:00 155648]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-24 17:02 2778112]
"SMail"="C:\Program Files\Programy\Seznam\Postak\Postak.exe" [2008-02-21 21:22 453936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 18:52 1447168]
"nwiz"="nwiz.exe" [2003-05-02 09:19 323584 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]
raid_tool.exe.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2008-06-24 14:42:41 561152]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Programy\\BitLord\\BitLord.exe"=
"D:\\HRY\\Warcraft3\\War3.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-12 12:31]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-24 17:03]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 15:58]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 15:58]
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Martin Hruska\Data aplikací\Mozilla\Firefox\Profiles\sqqpz1bs.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - http://www.seznam.cz
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-06 14:37:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-06 14:40:02
ComboFix-quarantined-files.txt 2008-08-06 12:39:56
Pre-Run: 7,025,733,632
Post-Run: 8,281,702,400
199
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Re: Windows Alert a popup, prosím pomoc!
stáhni si killbox 
rozbal,spust a do okýnka zkopíruj tučné
C:\WINDOWS\lnvegaow.exe
zaškrtni Delete on Reboot a klikni na křížek.stroj pude do restartu
jsou ještě problémy?
rozbal,spust a do okýnka zkopíruj tučné
C:\WINDOWS\lnvegaow.exe
zaškrtni Delete on Reboot a klikni na křížek.stroj pude do restartu
jsou ještě problémy?
Re: Windows Alert a popup, prosím pomoc!
Použil jsem KILLBOX podle pokynů , teď to vypadá, že je to bezproblému, moc děkuji:)
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Re: Windows Alert a popup, prosím pomoc!
ještě pošli pro jistotu jeden hijackthis.a zbav se toho spy terminatora. buď ho zkus vypnout v nastavení programu.
nebo ho odinstaluj.
nebo ho odinstaluj.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 106 hostů