Mám problém s "Systém Alert" pomôžte
Mám problém s "Systém Alert" pomôžte
pomôžte mi prosím mam problém s nejakim druhom vyrusu s nazvom "System Alert"
Re: Mám problém s "Systém Alert" pomôžte
Udělej log z HJT (odkaz v podpise) a pošli ho sem.
Re: Mám problém s "Systém Alert" pomôžte
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:03, on 30. 3. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programi\Adhed\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programi\Adhed\InCD\InCD.exe
D:\Programi\Nod\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Programi\programi\picture project\NkbMonitor.exe
D:\Programi\Nod\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe
D:\Programi\Komunikačné programi\opera\Opera.exe
D:\Nový priečinok\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.sk
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Programi\programi\FlashGet\jccatch.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programi\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Programi\programi\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [InCD] D:\Programi\Adhed\InCD\InCD.exe
O4 - HKLM\..\Run: [egui] "D:\Programi\Nod\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programi\Komunikačné programi\ICQLite\ICQLite.exe -trayboot
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Programi\programi\picture project\NkbMonitor.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - D:\Programi\programi\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - D:\Programi\programi\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.sk
O17 - HKLM\System\CCS\Services\Tcpip\..\{F28AC659-DF87-4D1B-9AC5-6CE6F260F443}: NameServer = 192.168.100.252
O22 - SharedTaskScheduler: enviva - {f43bfc6c-47cc-4798-8798-a0721b8ed7ab} - C:\WINDOWS\system32\baoohy.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Programi\Nod\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Programi\Nod\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Programi\Adhed\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 7925 bytes
Scan saved at 18:58:03, on 30. 3. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programi\Adhed\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programi\Adhed\InCD\InCD.exe
D:\Programi\Nod\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Programi\programi\picture project\NkbMonitor.exe
D:\Programi\Nod\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe
D:\Programi\Komunikačné programi\opera\Opera.exe
D:\Nový priečinok\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.sk
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Programi\programi\FlashGet\jccatch.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programi\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Programi\programi\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [InCD] D:\Programi\Adhed\InCD\InCD.exe
O4 - HKLM\..\Run: [egui] "D:\Programi\Nod\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programi\Komunikačné programi\ICQLite\ICQLite.exe -trayboot
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Programi\programi\picture project\NkbMonitor.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - D:\Programi\programi\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - D:\Programi\programi\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.sk
O17 - HKLM\System\CCS\Services\Tcpip\..\{F28AC659-DF87-4D1B-9AC5-6CE6F260F443}: NameServer = 192.168.100.252
O22 - SharedTaskScheduler: enviva - {f43bfc6c-47cc-4798-8798-a0721b8ed7ab} - C:\WINDOWS\system32\baoohy.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Programi\Nod\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Programi\Nod\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Programi\Adhed\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 7925 bytes
Re: Mám problém s "Systém Alert" pomôžte
haloooo kedy to bude?????? kto mi to opravi???????
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Mám problém s "Systém Alert" pomôžte
Lidi co tu radí tu nesedí celý den, takže nebuď nedočkavý a odpovědi se ti dostane 
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT
Pak už si tě paul27 dořeší
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT
Pak už si tě paul27 dořeší
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Mám problém s "Systém Alert" pomôžte
SDFix: Version 1.147
Run by Administrator on ne 30. 03. 2008 at 20:16
Microsoft Windows XP [Verzia 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\kdhcr.exe - Deleted
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url - Deleted
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 20:27:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 Systém nemôže nájsť zadaný súbor.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:eb,30,c0,f2,a5,86,0f,f2,44,7e,d8,97,a8,69,5e,8d,c2,2c,49,61,ea,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:eb,30,c0,f2,a5,86,0f,f2,44,7e,d8,97,a8,69,5e,8d,c2,2c,49,61,ea,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Remedy Entertainment\Enum]
"Implementing"=hex:1c,00,00,00,01,00,00,00,d7,07,0b,00,01,00,1a,00,0b,00,1b,00,15,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Programi\\programi\\FlashGet\\flashget.exe"="D:\\Programi\\programi\\FlashGet\\flashget.exe:*:Enabled:FlashGet"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"D:\\Programi\\Komunikaźn‚ programi\\ICQLite 2\\ICQLite.exe"="D:\\Programi\\Komunikaźn‚ programi\\ICQLite 2\\ICQLite.exe:*:Enabled:ICQ 5.1"
"D:\\Programi\\programi\\Hamachi\\hamachi.exe"="D:\\Programi\\programi\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"
"D:\\Programi\\programi\\Internet Download Manager\\IDMan.exe"="D:\\Programi\\programi\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager"
"D:\\Programi\\Komunikaźn‚ programi\\New Folder\\Opera.exe"="D:\\Programi\\Komunikaźn‚ programi\\New Folder\\Opera.exe:*:Enabled:Opera"
"C:\\Program Files\\Outlook Express\\msimn.exe"="C:\\Program Files\\Outlook Express\\msimn.exe:*:Enabled:Outlook Express"
"D:\\Programi\\programi\\zIRC\\zirc.exe"="D:\\Programi\\programi\\zIRC\\zirc.exe:*:Enabled:zIRC"
"C:\\Program Files\\Siber Systems\\AI RoboForm\\robotaskbaricon.exe"="C:\\Program Files\\Siber Systems\\AI RoboForm\\robotaskbaricon.exe:*:Enabled:Ikona na liçte Łloh"
"D:\\Programi\\Programy\\BitComet\\BitComet.exe"="D:\\Programi\\Programy\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\\Programi\\Komunikaźn‚ programi\\ICQ\\ICQ.exe"="D:\\Programi\\Komunikaźn‚ programi\\ICQ\\ICQ.exe:*:Enabled:ICQ Library"
"D:\\Hry\\3D Live Pool\\3D Live Pool.exe"="D:\\Hry\\3D Live Pool\\3D Live Pool.exe:*:Enabled:3D Live Pool"
"D:\\Programi\\Komunikaźn‚ programi\\ICQ6\\ICQ.exe"="D:\\Programi\\Komunikaźn‚ programi\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Documents and Settings\\Administrator\\Desktop\\Skype.exe"="C:\\Documents and Settings\\Administrator\\Desktop\\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 15 Aug 2007 56 ..SHR --- "C:\WINDOWS\system32\3F1EAF00CB.sys"
Wed 16 Jan 2008 11,690 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 4 Aug 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 14 Sep 2005 4,348 A.SH. --- "C:\zal cecko\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 23 Jan 2003 65,952 A.SHR --- "C:\zal cecko\Program Files\Autodesk\Autodesk Express Viewer\Setup.exe"
Wed 14 Sep 2005 4,348 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1key.bak"
Fri 8 Jun 2007 20 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 14 Sep 2005 312 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv2key.bak"
Fri 8 Jun 2007 1,536 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv2lic.bak"
Sat 4 Aug 2007 4,348 ...H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\Z loha licencie\drmv1key.bak"
Sun 5 Aug 2007 20 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\Z loha licencie\drmv1lic.bak"
Sat 4 Aug 2007 312 ...H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\Z loha licencie\drmv2key.bak"
Sun 5 Aug 2007 1,536 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\Z loha licencie\drmv2lic.bak"
Mon 27 Nov 2006 20,752 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\Local Settings\Temp\1000000500029ca890022\regsvr32.exe"
Mon 27 Nov 2006 20,752 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\Local Settings\Temp\400000d700029ca890022\Autorun.exe"
Wed 14 Sep 2005 4,348 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1key.bak"
Fri 8 Jun 2007 20 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 14 Sep 2005 312 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv2key.bak"
Fri 8 Jun 2007 1,536 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv2lic.bak"
Finished!
Run by Administrator on ne 30. 03. 2008 at 20:16
Microsoft Windows XP [Verzia 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\kdhcr.exe - Deleted
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url - Deleted
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 20:27:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 Systém nemôže nájsť zadaný súbor.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:eb,30,c0,f2,a5,86,0f,f2,44,7e,d8,97,a8,69,5e,8d,c2,2c,49,61,ea,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:eb,30,c0,f2,a5,86,0f,f2,44,7e,d8,97,a8,69,5e,8d,c2,2c,49,61,ea,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Remedy Entertainment\Enum]
"Implementing"=hex:1c,00,00,00,01,00,00,00,d7,07,0b,00,01,00,1a,00,0b,00,1b,00,15,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Programi\\programi\\FlashGet\\flashget.exe"="D:\\Programi\\programi\\FlashGet\\flashget.exe:*:Enabled:FlashGet"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"D:\\Programi\\Komunikaźn‚ programi\\ICQLite 2\\ICQLite.exe"="D:\\Programi\\Komunikaźn‚ programi\\ICQLite 2\\ICQLite.exe:*:Enabled:ICQ 5.1"
"D:\\Programi\\programi\\Hamachi\\hamachi.exe"="D:\\Programi\\programi\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"
"D:\\Programi\\programi\\Internet Download Manager\\IDMan.exe"="D:\\Programi\\programi\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager"
"D:\\Programi\\Komunikaźn‚ programi\\New Folder\\Opera.exe"="D:\\Programi\\Komunikaźn‚ programi\\New Folder\\Opera.exe:*:Enabled:Opera"
"C:\\Program Files\\Outlook Express\\msimn.exe"="C:\\Program Files\\Outlook Express\\msimn.exe:*:Enabled:Outlook Express"
"D:\\Programi\\programi\\zIRC\\zirc.exe"="D:\\Programi\\programi\\zIRC\\zirc.exe:*:Enabled:zIRC"
"C:\\Program Files\\Siber Systems\\AI RoboForm\\robotaskbaricon.exe"="C:\\Program Files\\Siber Systems\\AI RoboForm\\robotaskbaricon.exe:*:Enabled:Ikona na liçte Łloh"
"D:\\Programi\\Programy\\BitComet\\BitComet.exe"="D:\\Programi\\Programy\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\\Programi\\Komunikaźn‚ programi\\ICQ\\ICQ.exe"="D:\\Programi\\Komunikaźn‚ programi\\ICQ\\ICQ.exe:*:Enabled:ICQ Library"
"D:\\Hry\\3D Live Pool\\3D Live Pool.exe"="D:\\Hry\\3D Live Pool\\3D Live Pool.exe:*:Enabled:3D Live Pool"
"D:\\Programi\\Komunikaźn‚ programi\\ICQ6\\ICQ.exe"="D:\\Programi\\Komunikaźn‚ programi\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Documents and Settings\\Administrator\\Desktop\\Skype.exe"="C:\\Documents and Settings\\Administrator\\Desktop\\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 15 Aug 2007 56 ..SHR --- "C:\WINDOWS\system32\3F1EAF00CB.sys"
Wed 16 Jan 2008 11,690 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 4 Aug 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 14 Sep 2005 4,348 A.SH. --- "C:\zal cecko\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 23 Jan 2003 65,952 A.SHR --- "C:\zal cecko\Program Files\Autodesk\Autodesk Express Viewer\Setup.exe"
Wed 14 Sep 2005 4,348 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1key.bak"
Fri 8 Jun 2007 20 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 14 Sep 2005 312 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv2key.bak"
Fri 8 Jun 2007 1,536 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv2lic.bak"
Sat 4 Aug 2007 4,348 ...H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\Z loha licencie\drmv1key.bak"
Sun 5 Aug 2007 20 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\Z loha licencie\drmv1lic.bak"
Sat 4 Aug 2007 312 ...H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\Z loha licencie\drmv2key.bak"
Sun 5 Aug 2007 1,536 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\Z loha licencie\drmv2lic.bak"
Mon 27 Nov 2006 20,752 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\Local Settings\Temp\1000000500029ca890022\regsvr32.exe"
Mon 27 Nov 2006 20,752 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\Local Settings\Temp\400000d700029ca890022\Autorun.exe"
Wed 14 Sep 2005 4,348 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1key.bak"
Fri 8 Jun 2007 20 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 14 Sep 2005 312 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv2key.bak"
Fri 8 Jun 2007 1,536 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv2lic.bak"
Finished!
Re: Mám problém s "Systém Alert" pomôžte
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:29, on 30. 3. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programi\Adhed\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programi\Nod\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Programi\Adhed\InCD\InCD.exe
D:\Programi\Nod\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Programi\programi\picture project\NkbMonitor.exe
D:\Programi\Komunikačné programi\opera\Opera.exe
D:\Nový priečinok\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.sk
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Programi\programi\FlashGet\jccatch.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programi\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Programi\programi\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [InCD] D:\Programi\Adhed\InCD\InCD.exe
O4 - HKLM\..\Run: [egui] "D:\Programi\Nod\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programi\Komunikačné programi\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Programi\programi\picture project\NkbMonitor.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - D:\Programi\programi\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - D:\Programi\programi\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Programi\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.sk
O17 - HKLM\System\CCS\Services\Tcpip\..\{F28AC659-DF87-4D1B-9AC5-6CE6F260F443}: NameServer = 192.168.100.252
O22 - SharedTaskScheduler: enviva - {f43bfc6c-47cc-4798-8798-a0721b8ed7ab} - C:\WINDOWS\system32\baoohy.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Programi\Nod\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Programi\Nod\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Programi\Adhed\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 7635 bytes
Scan saved at 20:33:29, on 30. 3. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programi\Adhed\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programi\Nod\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Programi\Adhed\InCD\InCD.exe
D:\Programi\Nod\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Programi\programi\picture project\NkbMonitor.exe
D:\Programi\Komunikačné programi\opera\Opera.exe
D:\Nový priečinok\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.sk
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Programi\programi\FlashGet\jccatch.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programi\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Programi\programi\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [InCD] D:\Programi\Adhed\InCD\InCD.exe
O4 - HKLM\..\Run: [egui] "D:\Programi\Nod\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programi\Komunikačné programi\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Programi\programi\picture project\NkbMonitor.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - D:\Programi\programi\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - D:\Programi\programi\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iefixgate.com/redirect.php (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Programi\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.sk
O17 - HKLM\System\CCS\Services\Tcpip\..\{F28AC659-DF87-4D1B-9AC5-6CE6F260F443}: NameServer = 192.168.100.252
O22 - SharedTaskScheduler: enviva - {f43bfc6c-47cc-4798-8798-a0721b8ed7ab} - C:\WINDOWS\system32\baoohy.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Programi\Nod\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Programi\Nod\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Programi\Adhed\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 7635 bytes
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Mám problém s "Systém Alert" pomôžte
No máš starou verzi SDFix, proto se ti neodstranilo všechno. Smaž adresář/složku C:\SDFix stáhni si ho znovu a použij ho a dej sem oba logy.
Pak tam zůstane ještě jedna věc, tak se pak do odstraní.
Pak tam zůstane ještě jedna věc, tak se pak do odstraní.
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Mám problém s "Systém Alert" pomôžte
SDFix: Version 1.164
Run by Administrator on ne 30. 03. 2008 at 21:01
Microsoft Windows XP [Verzia 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default IE HomePage
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\kdhcr.exe - Deleted
C:\Program Files\NetProject\ot.ico - Deleted
C:\Program Files\NetProject\sbmdl.dll - Deleted
C:\Program Files\NetProject\sbmntr.exe - Deleted
C:\Program Files\NetProject\sbsm.exe - Deleted
C:\Program Files\NetProject\sbun.exe - Deleted
C:\Program Files\NetProject\scit.exe - Deleted
C:\Program Files\NetProject\scm.exe - Deleted
C:\Program Files\NetProject\scu.exe - Deleted
C:\Program Files\NetProject\ts.ico - Deleted
C:\Program Files\NetProject\wamdl.dll - Deleted
C:\Program Files\NetProject\waun.exe - Deleted
Folder C:\Program Files\NetProject - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 21:09:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 Systém nemôže nájsť zadaný súbor.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:eb,30,c0,f2,a5,86,0f,f2,44,7e,d8,97,a8,69,5e,8d,c2,2c,49,61,ea,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:eb,30,c0,f2,a5,86,0f,f2,44,7e,d8,97,a8,69,5e,8d,c2,2c,49,61,ea,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Remedy Entertainment\Enum]
"Implementing"=hex:1c,00,00,00,01,00,00,00,d7,07,0b,00,01,00,1a,00,0b,00,1b,00,15,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Programi\\programi\\FlashGet\\flashget.exe"="D:\\Programi\\programi\\FlashGet\\flashget.exe:*:Enabled:FlashGet"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"D:\\Programi\\Komunikaźn‚ programi\\ICQLite 2\\ICQLite.exe"="D:\\Programi\\Komunikaźn‚ programi\\ICQLite 2\\ICQLite.exe:*:Enabled:ICQ 5.1"
"D:\\Programi\\programi\\Hamachi\\hamachi.exe"="D:\\Programi\\programi\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"
"D:\\Programi\\programi\\Internet Download Manager\\IDMan.exe"="D:\\Programi\\programi\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager"
"D:\\Programi\\Komunikaźn‚ programi\\New Folder\\Opera.exe"="D:\\Programi\\Komunikaźn‚ programi\\New Folder\\Opera.exe:*:Enabled:Opera"
"C:\\Program Files\\Outlook Express\\msimn.exe"="C:\\Program Files\\Outlook Express\\msimn.exe:*:Enabled:Outlook Express"
"D:\\Programi\\programi\\zIRC\\zirc.exe"="D:\\Programi\\programi\\zIRC\\zirc.exe:*:Enabled:zIRC"
"C:\\Program Files\\Siber Systems\\AI RoboForm\\robotaskbaricon.exe"="C:\\Program Files\\Siber Systems\\AI RoboForm\\robotaskbaricon.exe:*:Enabled:Ikona na liçte Łloh"
"D:\\Programi\\Programy\\BitComet\\BitComet.exe"="D:\\Programi\\Programy\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\\Programi\\Komunikaźn‚ programi\\ICQ\\ICQ.exe"="D:\\Programi\\Komunikaźn‚ programi\\ICQ\\ICQ.exe:*:Enabled:ICQ Library"
"D:\\Hry\\3D Live Pool\\3D Live Pool.exe"="D:\\Hry\\3D Live Pool\\3D Live Pool.exe:*:Enabled:3D Live Pool"
"D:\\Programi\\Komunikaźn‚ programi\\ICQ6\\ICQ.exe"="D:\\Programi\\Komunikaźn‚ programi\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Documents and Settings\\Administrator\\Desktop\\Skype.exe"="C:\\Documents and Settings\\Administrator\\Desktop\\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 15 Aug 2007 56 ..SHR --- "C:\WINDOWS\system32\3F1EAF00CB.sys"
Wed 16 Jan 2008 11,690 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 4 Aug 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 14 Sep 2005 4,348 A.SH. --- "C:\zal cecko\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 23 Jan 2003 65,952 A.SHR --- "C:\zal cecko\Program Files\Autodesk\Autodesk Express Viewer\Setup.exe"
Wed 14 Sep 2005 4,348 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1key.bak"
Fri 8 Jun 2007 20 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 14 Sep 2005 312 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv2key.bak"
Fri 8 Jun 2007 1,536 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv2lic.bak"
Sat 4 Aug 2007 4,348 ...H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\Z loha licencie\drmv1key.bak"
Sun 5 Aug 2007 20 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\Z loha licencie\drmv1lic.bak"
Sat 4 Aug 2007 312 ...H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\Z loha licencie\drmv2key.bak"
Sun 5 Aug 2007 1,536 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\Z loha licencie\drmv2lic.bak"
Mon 27 Nov 2006 20,752 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\Local Settings\Temp\1000000500029ca890022\regsvr32.exe"
Mon 27 Nov 2006 20,752 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\Local Settings\Temp\400000d700029ca890022\Autorun.exe"
Wed 14 Sep 2005 4,348 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1key.bak"
Fri 8 Jun 2007 20 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 14 Sep 2005 312 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv2key.bak"
Fri 8 Jun 2007 1,536 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv2lic.bak"
Finished!
Run by Administrator on ne 30. 03. 2008 at 21:01
Microsoft Windows XP [Verzia 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default IE HomePage
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\kdhcr.exe - Deleted
C:\Program Files\NetProject\ot.ico - Deleted
C:\Program Files\NetProject\sbmdl.dll - Deleted
C:\Program Files\NetProject\sbmntr.exe - Deleted
C:\Program Files\NetProject\sbsm.exe - Deleted
C:\Program Files\NetProject\sbun.exe - Deleted
C:\Program Files\NetProject\scit.exe - Deleted
C:\Program Files\NetProject\scm.exe - Deleted
C:\Program Files\NetProject\scu.exe - Deleted
C:\Program Files\NetProject\ts.ico - Deleted
C:\Program Files\NetProject\wamdl.dll - Deleted
C:\Program Files\NetProject\waun.exe - Deleted
Folder C:\Program Files\NetProject - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 21:09:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 Systém nemôže nájsť zadaný súbor.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:eb,30,c0,f2,a5,86,0f,f2,44,7e,d8,97,a8,69,5e,8d,c2,2c,49,61,ea,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:eb,30,c0,f2,a5,86,0f,f2,44,7e,d8,97,a8,69,5e,8d,c2,2c,49,61,ea,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Remedy Entertainment\Enum]
"Implementing"=hex:1c,00,00,00,01,00,00,00,d7,07,0b,00,01,00,1a,00,0b,00,1b,00,15,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Programi\\programi\\FlashGet\\flashget.exe"="D:\\Programi\\programi\\FlashGet\\flashget.exe:*:Enabled:FlashGet"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"D:\\Programi\\Komunikaźn‚ programi\\ICQLite 2\\ICQLite.exe"="D:\\Programi\\Komunikaźn‚ programi\\ICQLite 2\\ICQLite.exe:*:Enabled:ICQ 5.1"
"D:\\Programi\\programi\\Hamachi\\hamachi.exe"="D:\\Programi\\programi\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"
"D:\\Programi\\programi\\Internet Download Manager\\IDMan.exe"="D:\\Programi\\programi\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager"
"D:\\Programi\\Komunikaźn‚ programi\\New Folder\\Opera.exe"="D:\\Programi\\Komunikaźn‚ programi\\New Folder\\Opera.exe:*:Enabled:Opera"
"C:\\Program Files\\Outlook Express\\msimn.exe"="C:\\Program Files\\Outlook Express\\msimn.exe:*:Enabled:Outlook Express"
"D:\\Programi\\programi\\zIRC\\zirc.exe"="D:\\Programi\\programi\\zIRC\\zirc.exe:*:Enabled:zIRC"
"C:\\Program Files\\Siber Systems\\AI RoboForm\\robotaskbaricon.exe"="C:\\Program Files\\Siber Systems\\AI RoboForm\\robotaskbaricon.exe:*:Enabled:Ikona na liçte Łloh"
"D:\\Programi\\Programy\\BitComet\\BitComet.exe"="D:\\Programi\\Programy\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\\Programi\\Komunikaźn‚ programi\\ICQ\\ICQ.exe"="D:\\Programi\\Komunikaźn‚ programi\\ICQ\\ICQ.exe:*:Enabled:ICQ Library"
"D:\\Hry\\3D Live Pool\\3D Live Pool.exe"="D:\\Hry\\3D Live Pool\\3D Live Pool.exe:*:Enabled:3D Live Pool"
"D:\\Programi\\Komunikaźn‚ programi\\ICQ6\\ICQ.exe"="D:\\Programi\\Komunikaźn‚ programi\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Documents and Settings\\Administrator\\Desktop\\Skype.exe"="C:\\Documents and Settings\\Administrator\\Desktop\\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 15 Aug 2007 56 ..SHR --- "C:\WINDOWS\system32\3F1EAF00CB.sys"
Wed 16 Jan 2008 11,690 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 4 Aug 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 14 Sep 2005 4,348 A.SH. --- "C:\zal cecko\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 23 Jan 2003 65,952 A.SHR --- "C:\zal cecko\Program Files\Autodesk\Autodesk Express Viewer\Setup.exe"
Wed 14 Sep 2005 4,348 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1key.bak"
Fri 8 Jun 2007 20 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 14 Sep 2005 312 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv2key.bak"
Fri 8 Jun 2007 1,536 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv2lic.bak"
Sat 4 Aug 2007 4,348 ...H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\Z loha licencie\drmv1key.bak"
Sun 5 Aug 2007 20 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\Z loha licencie\drmv1lic.bak"
Sat 4 Aug 2007 312 ...H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\Z loha licencie\drmv2key.bak"
Sun 5 Aug 2007 1,536 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\Z loha licencie\drmv2lic.bak"
Mon 27 Nov 2006 20,752 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\Local Settings\Temp\1000000500029ca890022\regsvr32.exe"
Mon 27 Nov 2006 20,752 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\Local Settings\Temp\400000d700029ca890022\Autorun.exe"
Wed 14 Sep 2005 4,348 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1key.bak"
Fri 8 Jun 2007 20 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1lic.bak"
Wed 14 Sep 2005 312 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv2key.bak"
Fri 8 Jun 2007 1,536 A..H. --- "C:\zal cecko\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv2lic.bak"
Finished!
Re: Mám problém s "Systém Alert" pomôžte
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:06, on 30. 3. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programi\Adhed\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programi\Nod\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programi\Adhed\InCD\InCD.exe
D:\Programi\Nod\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
D:\Programi\Komunikačné programi\opera\Opera.exe
D:\Nový priečinok\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.sk
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Programi\programi\FlashGet\jccatch.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programi\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Programi\programi\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [InCD] D:\Programi\Adhed\InCD\InCD.exe
O4 - HKLM\..\Run: [egui] "D:\Programi\Nod\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programi\Komunikačné programi\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Programi\programi\picture project\NkbMonitor.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - D:\Programi\programi\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - D:\Programi\programi\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Programi\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.sk
O17 - HKLM\System\CCS\Services\Tcpip\..\{F28AC659-DF87-4D1B-9AC5-6CE6F260F443}: NameServer = 192.168.100.252
O22 - SharedTaskScheduler: enviva - {f43bfc6c-47cc-4798-8798-a0721b8ed7ab} - C:\WINDOWS\system32\baoohy.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Programi\Nod\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Programi\Nod\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Programi\Adhed\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 7367 bytes
Scan saved at 21:14:06, on 30. 3. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programi\Adhed\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Programi\Nod\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programi\Adhed\InCD\InCD.exe
D:\Programi\Nod\egui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
D:\Programi\Komunikačné programi\opera\Opera.exe
D:\Nový priečinok\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.sk
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Programi\programi\FlashGet\jccatch.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programi\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Programi\programi\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [InCD] D:\Programi\Adhed\InCD\InCD.exe
O4 - HKLM\..\Run: [egui] "D:\Programi\Nod\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programi\Komunikačné programi\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Programi\programi\picture project\NkbMonitor.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - D:\Programi\programi\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - D:\Programi\programi\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Programi\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.sk
O17 - HKLM\System\CCS\Services\Tcpip\..\{F28AC659-DF87-4D1B-9AC5-6CE6F260F443}: NameServer = 192.168.100.252
O22 - SharedTaskScheduler: enviva - {f43bfc6c-47cc-4798-8798-a0721b8ed7ab} - C:\WINDOWS\system32\baoohy.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Programi\Nod\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Programi\Nod\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Programi\Adhed\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 7367 bytes
Re: Mám problém s "Systém Alert" pomôžte
hallllllooooooooo edy to bude??????
Re: Mám problém s "Systém Alert" pomôžte
ztáhni si měsíční verzi avg8 z http://www.grisoft.cz a vyléči to
PC XT 8086, 640 Kb ram, 20mb hdd, Hercules monochrome, 14" Philips monochrome, 5/4 fdd 360kb.
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 2 hosti