Prosím pomoc s "Windows Security Alert"
Username "Administrator" - . 02. 2008 21:39:46 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdhcr.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.203 85.255.112.227" <Value cleared.
Vyrovnávacia pamäť prekladania DNS sa úspešne vyprázdnila.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"="kdhcr.exe"
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nvrvocm"="c:\\windows\\system32\\nvrvocm.exe nvrvocm"
"InCD"="D:\\Programi\\Adhed\\InCD\\InCD.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\" ASO-616B5711-6DAE-4795-A05F-39A1E5104020"
"XP Antivirus"="C:\\Program Files\\XP Antivirus\\xpa2008pro.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdhcr.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.203 85.255.112.227" <Value cleared.
Vyrovnávacia pamäť prekladania DNS sa úspešne vyprázdnila.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"="kdhcr.exe"
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nvrvocm"="c:\\windows\\system32\\nvrvocm.exe nvrvocm"
"InCD"="D:\\Programi\\Adhed\\InCD\\InCD.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\" ASO-616B5711-6DAE-4795-A05F-39A1E5104020"
"XP Antivirus"="C:\\Program Files\\XP Antivirus\\xpa2008pro.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:43, on 25. 2. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programi\Adhed\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Programi\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programi\Adhed\InCD\InCD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Programi\programi\picture project\NkbMonitor.exe
D:\Programi\Komunikačné programi\opera\Opera.exe
D:\RootkitRevealer\RootkitRevealer.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Dočasný adresár 2 pre RootkitRevealer.zip\RootkitRevealer.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Dočasný adresár 4 pre RootkitRevealer.zip\RootkitRevealer.exe
D:\Nový priečinok\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.sk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Programi\programi\FlashGet\jccatch.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programi\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5DDE5591-A8AB-4897-93EF-1E4E943F85A7} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {E3FB9237-4475-437B-8C10-299097A8C0A8} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Programi\programi\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {CC18AE76-7E65-4258-A193-9EA0C52DA6B8} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: (no name) - {60570909-486A-4609-B7AE-CBCAA3831168} - (no file)
O4 - HKLM\..\Run: [InCD] D:\Programi\Adhed\InCD\InCD.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa2008pro.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Programi\programi\picture project\NkbMonitor.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - D:\Programi\programi\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - D:\Programi\programi\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Hry\Casino\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Hry\Casino\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programi\Komunikačné programi\ICQLite 2\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programi\Komunikačné programi\ICQLite 2\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Programi\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.sk
O17 - HKLM\System\CCS\Services\Tcpip\..\{F28AC659-DF87-4D1B-9AC5-6CE6F260F443}: NameServer = 192.168.100.252
O21 - SSODL: AlrtAvp - {a90c7409-b1fe-414a-9e1b-ebbaf76aec64} - (no file)
O22 - SharedTaskScheduler: counterclaim - {e758745e-b8aa-47ac-a652-6307ff5f3ebf} - C:\WINDOWS\system32\vpccw.dll (file missing)
O23 - Service: DYGUTKQ - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DYGUTKQ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HOZWKORINIOOK - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HOZWKORINIOOK.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Programi\Adhed\InCD\InCDsrv.exe
O23 - Service: KFXKA - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KFXKA.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programi\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 9694 bytes
Scan saved at 22:06:43, on 25. 2. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programi\Adhed\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Programi\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programi\Adhed\InCD\InCD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Programi\programi\picture project\NkbMonitor.exe
D:\Programi\Komunikačné programi\opera\Opera.exe
D:\RootkitRevealer\RootkitRevealer.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Dočasný adresár 2 pre RootkitRevealer.zip\RootkitRevealer.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Dočasný adresár 4 pre RootkitRevealer.zip\RootkitRevealer.exe
D:\Nový priečinok\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.sk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Programi\programi\FlashGet\jccatch.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programi\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5DDE5591-A8AB-4897-93EF-1E4E943F85A7} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {E3FB9237-4475-437B-8C10-299097A8C0A8} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Programi\programi\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Protection Bar - {CC18AE76-7E65-4258-A193-9EA0C52DA6B8} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: (no name) - {60570909-486A-4609-B7AE-CBCAA3831168} - (no file)
O4 - HKLM\..\Run: [InCD] D:\Programi\Adhed\InCD\InCD.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa2008pro.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Programi\programi\picture project\NkbMonitor.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - D:\Programi\programi\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - D:\Programi\programi\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Hry\Casino\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Hry\Casino\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programi\Komunikačné programi\ICQLite 2\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programi\Komunikačné programi\ICQLite 2\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Programi\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.sk
O17 - HKLM\System\CCS\Services\Tcpip\..\{F28AC659-DF87-4D1B-9AC5-6CE6F260F443}: NameServer = 192.168.100.252
O21 - SSODL: AlrtAvp - {a90c7409-b1fe-414a-9e1b-ebbaf76aec64} - (no file)
O22 - SharedTaskScheduler: counterclaim - {e758745e-b8aa-47ac-a652-6307ff5f3ebf} - C:\WINDOWS\system32\vpccw.dll (file missing)
O23 - Service: DYGUTKQ - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DYGUTKQ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HOZWKORINIOOK - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HOZWKORINIOOK.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Programi\Adhed\InCD\InCDsrv.exe
O23 - Service: KFXKA - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KFXKA.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programi\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 9694 bytes
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Fixni jen zde uvedené řádky!
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/ju.....&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: (no name) - {5DDE5591-A8AB-4897-93EF-1E4E943F85A7} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: (no name) - {E3FB9237-4475-437B-8C10-299097A8C0A8} - (no file)
O3 - Toolbar: Protection Bar - {CC18AE76-7E65-4258-A193-9EA0C52DA6B8} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: (no name) - {60570909-486A-4609-B7AE-CBCAA3831168} - (no file)
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa2008pro.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Hry\Casino\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Hry\Casino\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programi\Komunikačné programi\ICQLite 2\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programi\Komunikačné programi\ICQLite 2\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Programi\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O21 - SSODL: AlrtAvp - {a90c7409-b1fe-414a-9e1b-ebbaf76aec64} - (no file)
O22 - SharedTaskScheduler: counterclaim - {e758745e-b8aa-47ac-a652-6307ff5f3ebf} - C:\WINDOWS\system32\vpccw.dll (file missing)
po zaškrtnutí klikni na tlačítko Fix Checked
Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >
Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.
Smaž pak ručně tento adresář/složku:
C:\Program Files\XP Antivirus
Dej sem pak log z SUPERAntiSpyware a nový log z HJT
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/ju.....&lid=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: (no name) - {5DDE5591-A8AB-4897-93EF-1E4E943F85A7} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: (no name) - {E3FB9237-4475-437B-8C10-299097A8C0A8} - (no file)
O3 - Toolbar: Protection Bar - {CC18AE76-7E65-4258-A193-9EA0C52DA6B8} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: (no name) - {60570909-486A-4609-B7AE-CBCAA3831168} - (no file)
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa2008pro.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Hry\Casino\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Hry\Casino\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programi\Komunikačné programi\ICQLite 2\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programi\Komunikačné programi\ICQLite 2\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Programi\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O21 - SSODL: AlrtAvp - {a90c7409-b1fe-414a-9e1b-ebbaf76aec64} - (no file)
O22 - SharedTaskScheduler: counterclaim - {e758745e-b8aa-47ac-a652-6307ff5f3ebf} - C:\WINDOWS\system32\vpccw.dll (file missing)
po zaškrtnutí klikni na tlačítko Fix Checked
Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >
Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.
Smaž pak ručně tento adresář/složku:
C:\Program Files\XP Antivirus
Dej sem pak log z SUPERAntiSpyware a nový log z HJT
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/26/2008 at 03:23 PM
Application Version : 3.9.1008
Core Rules Database Version : 3409
Trace Rules Database Version: 1401
Scan type : Complete Scan
Total Scan Time : 01:14:26
Memory items scanned : 335
Memory threats detected : 0
Registry items scanned : 5195
Registry threats detected : 91
File items scanned : 95704
File threats detected : 49
Trojan.Media-Codec/V3
HKLM\Software\Classes\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}
HKCR\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}
HKCR\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}
HKCR\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}\Implemented Categories
HKCR\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}\InprocServer32
HKCR\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESBPL.DLL
Adware.MyWebSearch
HKU\S-1-5-21-1202660629-1383384898-1801674531-500\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@mywebsearch[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@gomyhit[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@OS[2].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@ad.autovia[2].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@ad.post[1].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@adrenalinesk[1].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[2].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@atwola[2].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@bannery.gsgroup[2].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@clickaider[1].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@clickteam[1].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@counter.cnw[1].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@toplist[2].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@wsd-ps-a.bannersystem[1].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@ad.autovia[2].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@ad.post[1].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@adrenalinesk[1].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[2].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@atwola[2].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@bannery.gsgroup[2].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@clickaider[1].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@clickteam[1].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@counter.cnw[1].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@toplist[2].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@wsd-ps-a.bannersystem[1].txt
Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-1202660629-1383384898-1801674531-500\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2 ]
Malware.VirusProtectPro
HKCR\Interface\{4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}
HKCR\Interface\{4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}\ProxyStubClsid
HKCR\Interface\{4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}\ProxyStubClsid32
HKCR\Interface\{4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}\TypeLib
HKCR\Interface\{4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}\TypeLib#Version
HKCR\Interface\{56943D7C-2283-4D73-B2B1-46173B4844B4}
HKCR\Interface\{56943D7C-2283-4D73-B2B1-46173B4844B4}\ProxyStubClsid
HKCR\Interface\{56943D7C-2283-4D73-B2B1-46173B4844B4}\ProxyStubClsid32
HKCR\Interface\{56943D7C-2283-4D73-B2B1-46173B4844B4}\TypeLib
HKCR\Interface\{56943D7C-2283-4D73-B2B1-46173B4844B4}\TypeLib#Version
HKCR\Interface\{71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}
HKCR\Interface\{71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}\ProxyStubClsid
HKCR\Interface\{71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}\ProxyStubClsid32
HKCR\Interface\{71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}\TypeLib
HKCR\Interface\{71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}\TypeLib#Version
HKCR\Interface\{75F32B07-D45F-4D5B-9266-3863C65D5B29}
HKCR\Interface\{75F32B07-D45F-4D5B-9266-3863C65D5B29}\ProxyStubClsid
HKCR\Interface\{75F32B07-D45F-4D5B-9266-3863C65D5B29}\ProxyStubClsid32
HKCR\Interface\{75F32B07-D45F-4D5B-9266-3863C65D5B29}\TypeLib
HKCR\Interface\{75F32B07-D45F-4D5B-9266-3863C65D5B29}\TypeLib#Version
HKCR\Interface\{84037416-6A70-46E5-9216-CDCC7E2513E7}
HKCR\Interface\{84037416-6A70-46E5-9216-CDCC7E2513E7}\ProxyStubClsid
HKCR\Interface\{84037416-6A70-46E5-9216-CDCC7E2513E7}\ProxyStubClsid32
HKCR\Interface\{84037416-6A70-46E5-9216-CDCC7E2513E7}\TypeLib
HKCR\Interface\{84037416-6A70-46E5-9216-CDCC7E2513E7}\TypeLib#Version
HKCR\Interface\{94E14C33-2473-4185-9FA0-3D881BDB5C0B}
HKCR\Interface\{94E14C33-2473-4185-9FA0-3D881BDB5C0B}\ProxyStubClsid
HKCR\Interface\{94E14C33-2473-4185-9FA0-3D881BDB5C0B}\ProxyStubClsid32
HKCR\Interface\{94E14C33-2473-4185-9FA0-3D881BDB5C0B}\TypeLib
HKCR\Interface\{94E14C33-2473-4185-9FA0-3D881BDB5C0B}\TypeLib#Version
HKCR\Interface\{95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}
HKCR\Interface\{95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}\ProxyStubClsid
HKCR\Interface\{95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}\ProxyStubClsid32
HKCR\Interface\{95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}\TypeLib
HKCR\Interface\{95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}\TypeLib#Version
HKCR\Interface\{9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}
HKCR\Interface\{9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}\ProxyStubClsid
HKCR\Interface\{9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}\ProxyStubClsid32
HKCR\Interface\{9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}\TypeLib
HKCR\Interface\{9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}\TypeLib#Version
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}\ProxyStubClsid
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}\ProxyStubClsid32
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}\TypeLib
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}\TypeLib#Version
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}\ProxyStubClsid
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}\ProxyStubClsid32
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}\TypeLib
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}\TypeLib#Version
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}\ProxyStubClsid
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}\ProxyStubClsid32
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}\TypeLib
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}\TypeLib#Version
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}\ProxyStubClsid
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}\ProxyStubClsid32
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}\TypeLib
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}\TypeLib#Version
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}\ProxyStubClsid
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}\ProxyStubClsid32
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}\TypeLib
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}\TypeLib#Version
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}\ProxyStubClsid
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}\ProxyStubClsid32
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}\TypeLib
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}\TypeLib#Version
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}\ProxyStubClsid
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}\ProxyStubClsid32
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}\TypeLib
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}\TypeLib#Version
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}\ProxyStubClsid
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}\ProxyStubClsid32
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}\TypeLib
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}\TypeLib#Version
Rogue.XP AntiVirus
HKU\S-1-5-21-1202660629-1383384898-1801674531-500\Software\XP antivirus
HKU\S-1-5-21-1202660629-1383384898-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Run#XP Antivirus [ C:\Program Files\XP Antivirus\xpa2008pro.exe ]
C:\Program Files\XP Antivirus\xpa2008pro.exe.tmp
C:\Program Files\XP Antivirus
Rogue.AntiSpywareSuite
C:\Program Files\Common Files\AntiSpywareSuite
Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\ONLINE SECURITY TEST.URL
Adware.Lop-Variant
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GREAT COAL LOVE DEFAULT\AXIS DENT.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GREAT COAL LOVE DEFAULT\LOAD WIN.EXE
BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE
Malware.LocusSoftware Inc/BestSellerAntivirus
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51C9C6B5-9DC7-4D9D-A991-D29DFEFBD477}\RP202\A0099254.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51C9C6B5-9DC7-4D9D-A991-D29DFEFBD477}\RP202\A0099284.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51C9C6B5-9DC7-4D9D-A991-D29DFEFBD477}\RP202\A0099299.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51C9C6B5-9DC7-4D9D-A991-D29DFEFBD477}\RP202\A0099536.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51C9C6B5-9DC7-4D9D-A991-D29DFEFBD477}\RP203\A0099576.SYS
Adware.SXGAdvisor
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51C9C6B5-9DC7-4D9D-A991-D29DFEFBD477}\RP203\A0099748.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51C9C6B5-9DC7-4D9D-A991-D29DFEFBD477}\RP203\A0099756.DLL
Trojan.Unclassified/EGO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51C9C6B5-9DC7-4D9D-A991-D29DFEFBD477}\RP203\A0099749.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51C9C6B5-9DC7-4D9D-A991-D29DFEFBD477}\RP203\A0099757.DLL
Trojan.Unclassified/K-Series
C:\WINDOWS\SYSTEM32\KDMKS.EXE
C:\WINDOWS\SYSTEM32\KDSAZ.EXE
C:\WINDOWS\SYSTEM32\KDTVF.EXE
C:\WINDOWS\SYSTEM32\KDVLP.EXE
Trojan.DNSChanger-Codec
D:\PROGRAMI\PROGRAMY\NOVý PRIEčINOK\PROGRAMY SOMARINY\CODECHARD1004.EXE
http://www.superantispyware.com
Generated 02/26/2008 at 03:23 PM
Application Version : 3.9.1008
Core Rules Database Version : 3409
Trace Rules Database Version: 1401
Scan type : Complete Scan
Total Scan Time : 01:14:26
Memory items scanned : 335
Memory threats detected : 0
Registry items scanned : 5195
Registry threats detected : 91
File items scanned : 95704
File threats detected : 49
Trojan.Media-Codec/V3
HKLM\Software\Classes\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}
HKCR\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}
HKCR\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}
HKCR\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}\Implemented Categories
HKCR\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}\InprocServer32
HKCR\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESBPL.DLL
Adware.MyWebSearch
HKU\S-1-5-21-1202660629-1383384898-1801674531-500\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@mywebsearch[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@gomyhit[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@OS[2].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@ad.autovia[2].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@ad.post[1].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@adrenalinesk[1].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[2].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@atwola[2].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@bannery.gsgroup[2].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@clickaider[1].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@clickteam[1].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@counter.cnw[1].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@toplist[2].txt
C:\zal cecko\Documents and Settings\Administrator\Cookies\administrator@wsd-ps-a.bannersystem[1].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@ad.autovia[2].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@ad.post[1].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@adrenalinesk[1].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[2].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@atwola[2].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@bannery.gsgroup[2].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@clickaider[1].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@clickteam[1].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@counter.cnw[1].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@toplist[2].txt
D:\stare c\Documents and Settings\Administrator\Cookies\administrator@wsd-ps-a.bannersystem[1].txt
Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-1202660629-1383384898-1801674531-500\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2 ]
Malware.VirusProtectPro
HKCR\Interface\{4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}
HKCR\Interface\{4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}\ProxyStubClsid
HKCR\Interface\{4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}\ProxyStubClsid32
HKCR\Interface\{4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}\TypeLib
HKCR\Interface\{4A2C9DEF-83EB-4575-AD6C-2377FEFC5122}\TypeLib#Version
HKCR\Interface\{56943D7C-2283-4D73-B2B1-46173B4844B4}
HKCR\Interface\{56943D7C-2283-4D73-B2B1-46173B4844B4}\ProxyStubClsid
HKCR\Interface\{56943D7C-2283-4D73-B2B1-46173B4844B4}\ProxyStubClsid32
HKCR\Interface\{56943D7C-2283-4D73-B2B1-46173B4844B4}\TypeLib
HKCR\Interface\{56943D7C-2283-4D73-B2B1-46173B4844B4}\TypeLib#Version
HKCR\Interface\{71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}
HKCR\Interface\{71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}\ProxyStubClsid
HKCR\Interface\{71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}\ProxyStubClsid32
HKCR\Interface\{71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}\TypeLib
HKCR\Interface\{71C9109D-EB8D-49B9-9211-1CBE8A25A9AA}\TypeLib#Version
HKCR\Interface\{75F32B07-D45F-4D5B-9266-3863C65D5B29}
HKCR\Interface\{75F32B07-D45F-4D5B-9266-3863C65D5B29}\ProxyStubClsid
HKCR\Interface\{75F32B07-D45F-4D5B-9266-3863C65D5B29}\ProxyStubClsid32
HKCR\Interface\{75F32B07-D45F-4D5B-9266-3863C65D5B29}\TypeLib
HKCR\Interface\{75F32B07-D45F-4D5B-9266-3863C65D5B29}\TypeLib#Version
HKCR\Interface\{84037416-6A70-46E5-9216-CDCC7E2513E7}
HKCR\Interface\{84037416-6A70-46E5-9216-CDCC7E2513E7}\ProxyStubClsid
HKCR\Interface\{84037416-6A70-46E5-9216-CDCC7E2513E7}\ProxyStubClsid32
HKCR\Interface\{84037416-6A70-46E5-9216-CDCC7E2513E7}\TypeLib
HKCR\Interface\{84037416-6A70-46E5-9216-CDCC7E2513E7}\TypeLib#Version
HKCR\Interface\{94E14C33-2473-4185-9FA0-3D881BDB5C0B}
HKCR\Interface\{94E14C33-2473-4185-9FA0-3D881BDB5C0B}\ProxyStubClsid
HKCR\Interface\{94E14C33-2473-4185-9FA0-3D881BDB5C0B}\ProxyStubClsid32
HKCR\Interface\{94E14C33-2473-4185-9FA0-3D881BDB5C0B}\TypeLib
HKCR\Interface\{94E14C33-2473-4185-9FA0-3D881BDB5C0B}\TypeLib#Version
HKCR\Interface\{95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}
HKCR\Interface\{95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}\ProxyStubClsid
HKCR\Interface\{95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}\ProxyStubClsid32
HKCR\Interface\{95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}\TypeLib
HKCR\Interface\{95D963D7-86E3-434E-BFF6-FCDDEA5F9F24}\TypeLib#Version
HKCR\Interface\{9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}
HKCR\Interface\{9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}\ProxyStubClsid
HKCR\Interface\{9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}\ProxyStubClsid32
HKCR\Interface\{9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}\TypeLib
HKCR\Interface\{9DC10DE5-5104-4554-ACA0-D9F2D146CD4C}\TypeLib#Version
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}\ProxyStubClsid
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}\ProxyStubClsid32
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}\TypeLib
HKCR\Interface\{A140FE51-3136-4E0D-AFDA-1313B30ADFEF}\TypeLib#Version
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}\ProxyStubClsid
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}\ProxyStubClsid32
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}\TypeLib
HKCR\Interface\{B41DF4F9-0191-46E6-8107-16634FBC7F3C}\TypeLib#Version
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}\ProxyStubClsid
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}\ProxyStubClsid32
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}\TypeLib
HKCR\Interface\{BE1C526E-CCCC-449C-A9CB-691B8C5E2769}\TypeLib#Version
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}\ProxyStubClsid
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}\ProxyStubClsid32
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}\TypeLib
HKCR\Interface\{BE465556-F79D-476F-9457-74E49F8F400A}\TypeLib#Version
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}\ProxyStubClsid
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}\ProxyStubClsid32
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}\TypeLib
HKCR\Interface\{D8DFA789-47D3-4197-B187-23AE2D7DCF6A}\TypeLib#Version
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}\ProxyStubClsid
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}\ProxyStubClsid32
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}\TypeLib
HKCR\Interface\{E0277D0D-43C7-4ECA-B8C4-545A2E71485B}\TypeLib#Version
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}\ProxyStubClsid
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}\ProxyStubClsid32
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}\TypeLib
HKCR\Interface\{EA166DBF-EAC4-4D33-B48D-A40B8C8FDEC1}\TypeLib#Version
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}\ProxyStubClsid
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}\ProxyStubClsid32
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}\TypeLib
HKCR\Interface\{F0ED2F90-DE03-46AD-97C1-709E5A49422C}\TypeLib#Version
Rogue.XP AntiVirus
HKU\S-1-5-21-1202660629-1383384898-1801674531-500\Software\XP antivirus
HKU\S-1-5-21-1202660629-1383384898-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Run#XP Antivirus [ C:\Program Files\XP Antivirus\xpa2008pro.exe ]
C:\Program Files\XP Antivirus\xpa2008pro.exe.tmp
C:\Program Files\XP Antivirus
Rogue.AntiSpywareSuite
C:\Program Files\Common Files\AntiSpywareSuite
Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\FAVORITES\ONLINE SECURITY TEST.URL
Adware.Lop-Variant
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GREAT COAL LOVE DEFAULT\AXIS DENT.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GREAT COAL LOVE DEFAULT\LOAD WIN.EXE
BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE
Malware.LocusSoftware Inc/BestSellerAntivirus
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51C9C6B5-9DC7-4D9D-A991-D29DFEFBD477}\RP202\A0099254.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51C9C6B5-9DC7-4D9D-A991-D29DFEFBD477}\RP202\A0099284.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51C9C6B5-9DC7-4D9D-A991-D29DFEFBD477}\RP202\A0099299.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51C9C6B5-9DC7-4D9D-A991-D29DFEFBD477}\RP202\A0099536.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51C9C6B5-9DC7-4D9D-A991-D29DFEFBD477}\RP203\A0099576.SYS
Adware.SXGAdvisor
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51C9C6B5-9DC7-4D9D-A991-D29DFEFBD477}\RP203\A0099748.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51C9C6B5-9DC7-4D9D-A991-D29DFEFBD477}\RP203\A0099756.DLL
Trojan.Unclassified/EGO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51C9C6B5-9DC7-4D9D-A991-D29DFEFBD477}\RP203\A0099749.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51C9C6B5-9DC7-4D9D-A991-D29DFEFBD477}\RP203\A0099757.DLL
Trojan.Unclassified/K-Series
C:\WINDOWS\SYSTEM32\KDMKS.EXE
C:\WINDOWS\SYSTEM32\KDSAZ.EXE
C:\WINDOWS\SYSTEM32\KDTVF.EXE
C:\WINDOWS\SYSTEM32\KDVLP.EXE
Trojan.DNSChanger-Codec
D:\PROGRAMI\PROGRAMY\NOVý PRIEčINOK\PROGRAMY SOMARINY\CODECHARD1004.EXE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:02, on 26. 2. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programi\Adhed\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programi\Adhed\InCD\InCD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Programi\programi\picture project\NkbMonitor.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Programi\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programi\programi\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programi\Komunikačné programi\opera\Opera.exe
D:\Nový priečinok\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.sk
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Programi\programi\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programi\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Programi\programi\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: (no name) - {60570909-486A-4609-B7AE-CBCAA3831168} - (no file)
O4 - HKLM\..\Run: [InCD] D:\Programi\Adhed\InCD\InCD.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa2008pro.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Programi\programi\picture project\NkbMonitor.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - D:\Programi\programi\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - D:\Programi\programi\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.sk
O17 - HKLM\System\CCS\Services\Tcpip\..\{F28AC659-DF87-4D1B-9AC5-6CE6F260F443}: NameServer = 192.168.100.252
O23 - Service: DYGUTKQ - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DYGUTKQ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HOZWKORINIOOK - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HOZWKORINIOOK.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Programi\Adhed\InCD\InCDsrv.exe
O23 - Service: KFXKA - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KFXKA.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programi\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 7684 bytes
Scan saved at 17:00:02, on 26. 2. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programi\Adhed\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programi\Adhed\InCD\InCD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Programi\programi\picture project\NkbMonitor.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Programi\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programi\programi\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programi\Komunikačné programi\opera\Opera.exe
D:\Nový priečinok\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.sk
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Programi\programi\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programi\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Programi\programi\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: (no name) - {60570909-486A-4609-B7AE-CBCAA3831168} - (no file)
O4 - HKLM\..\Run: [InCD] D:\Programi\Adhed\InCD\InCD.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa2008pro.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Programi\programi\picture project\NkbMonitor.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - D:\Programi\programi\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - D:\Programi\programi\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://D:\Programi\Programy\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programi\programi\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programi\Komunikačné programi\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.google.sk
O17 - HKLM\System\CCS\Services\Tcpip\..\{F28AC659-DF87-4D1B-9AC5-6CE6F260F443}: NameServer = 192.168.100.252
O23 - Service: DYGUTKQ - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DYGUTKQ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HOZWKORINIOOK - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HOZWKORINIOOK.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Programi\Adhed\InCD\InCDsrv.exe
O23 - Service: KFXKA - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KFXKA.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programi\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 7684 bytes
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/ju.....&lid=2
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O3 - Toolbar: (no name) - {60570909-486A-4609-B7AE-CBCAA3831168} - (no file)
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa2008pro.exe
po zaškrtnutí klikni na tlačítko Fix Checked
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pokud jsi sam o sobě nedělal úpravy v nastavení Noda, tak bych ti doporučil ho přeinstalovat, protože není aktivní jedna z jeho součástí.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Doporučil bych ti také aktualizovat Javu:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6 Update 4
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 4 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber Windows
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation
a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u4-windows-i586-p.exe, který sis stáhl na začátku.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pokud si tam chceš nechat na občasnou kontrolu SUPERAntiSpyware tak vypni jeho spouštění při startu.
- Spusť program a klikni na tlačítko Preferences...
- Otevře se ti nové okno kde klikni na záložku General and Startup
* na ní pod nadpisem Start-Up Options zruš zatržení(fajfku) u položky: Start SUPERAntiSpyware when Windows starts
- Pak můžeš program zavřít
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni si a spusť T-cleaner, odstraní zálohy a pozůstatky použitých programů.
Restartuj PC a dej sem nový log z HJT a řekni jestli máš ještě problémy.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/ju.....&lid=2
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O3 - Toolbar: (no name) - {60570909-486A-4609-B7AE-CBCAA3831168} - (no file)
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa2008pro.exe
po zaškrtnutí klikni na tlačítko Fix Checked
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pokud jsi sam o sobě nedělal úpravy v nastavení Noda, tak bych ti doporučil ho přeinstalovat, protože není aktivní jedna z jeho součástí.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Doporučil bych ti také aktualizovat Javu:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6 Update 4
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 4 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber Windows
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:
- J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u4-windows-i586-p.exe, který sis stáhl na začátku.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pokud si tam chceš nechat na občasnou kontrolu SUPERAntiSpyware tak vypni jeho spouštění při startu.
- Spusť program a klikni na tlačítko Preferences...
- Otevře se ti nové okno kde klikni na záložku General and Startup
* na ní pod nadpisem Start-Up Options zruš zatržení(fajfku) u položky: Start SUPERAntiSpyware when Windows starts
- Pak můžeš program zavřít
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni si a spusť T-cleaner, odstraní zálohy a pozůstatky použitých programů.
Restartuj PC a dej sem nový log z HJT a řekni jestli máš ještě problémy.
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 3 hosti