Dobrý den! Objevil se mi v PC VIRUS ALERT!
Zkoušel jsem SDFix, ale žádná změna.
Posílám report a log z hijackthis
[b]SDFix: Version 1.217 [/b]
Run by Administrator on po 18.08.2008 at 12:28
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Restoring Windows Product ID To Remove Fake Virus Alert
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\ENRP.EXE - Deleted
C:\Program Files\VirusRemover2008\Viruses.bdt - Deleted
C:\WINDOWS\wnlmdakqqas.dll - Deleted
C:\WINDOWS\lnvegaow.exe - Deleted
C:\WINDOWS\system32\hrpdcf.bin - Deleted
C:\WINDOWS\tfnslopk.dll - Deleted
Folder C:\DOCUME~1\Sioux\LOCALS~1\Temp\privacy_danger - Removed
Folder C:\Program Files\VirusRemover2008 - Removed
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net ...
Rootkit scan 2008-08-18 12:32:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:fa,68,f8,d9,18,69,ef,66,c2,e2,7f,1c,52,38,26,09,ed,9e,fe,5d,ce,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:f3,0a,2a,9d,a4,e2,94,1e,95,b5,fc,0a,c0,8a,95,2c,36,3f,7f,f9,de,..
"p0"="E:\Programy\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,32,6f,72,51,8b,86,99,fa,86,d8,39,c9,32,9e,6f,11,84,..
"khjeh"=hex:9f,2a,c0,25,fb,9c,eb,7f,a3,de,f1,74,00,e4,a7,ee,d1,9b,f0,14,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:02,5a,6f,b1,49,c5,91,4f,23,73,7a,5f,4f,3d,7d,d2,e0,79,93,27,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:3a,42,5a,98,78,84,0d,35,f4,20,e0,13,59,97,83,3c,e5,d1,41,ba,74,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:fa,68,f8,d9,18,69,ef,66,c2,e2,7f,1c,52,38,26,09,ed,9e,fe,5d,ce,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:f3,0a,2a,9d,a4,e2,94,1e,95,b5,fc,0a,c0,8a,95,2c,36,3f,7f,f9,de,..
"p0"="E:\Programy\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,32,6f,72,51,8b,86,99,fa,86,d8,39,c9,32,9e,6f,11,84,..
"khjeh"=hex:9f,2a,c0,25,fb,9c,eb,7f,a3,de,f1,74,00,e4,a7,ee,d1,9b,f0,14,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:02,5a,6f,b1,49,c5,91,4f,23,73,7a,5f,4f,3d,7d,d2,e0,79,93,27,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:3a,42,5a,98,78,84,0d,35,f4,20,e0,13,59,97,83,3c,e5,d1,41,ba,74,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40]
"ujdew"=hex:20,02,00,00,e8,55,b1,5c,10,e7,fb,3a,10,e6,ac,df,69,d5,59,34,c6,..
"ljej40"=hex:b9,d8,d1,90,af,ba,ba,ab,37,89,4e,40,54,49,2c,de,ac,d6,77,f5,dd,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg41]
"ujdew"=hex:20,02,00,00,e8,55,b1,5c,bf,a1,6a,c4,10,e6,ac,df,38,c4,59,34,c5,..
"ljej40"=hex:94,d9,d1,90,bf,bb,ba,ab,37,89,4e,40,54,49,2c,de,ac,d6,77,f5,27,..
"ljej41"=hex:30,d9,d1,90,c7,bb,ba,ab,36,89,4f,40,55,49,2c,de,ac,d6,77,f5,93,..
"ljej42"=hex:30,d9,d1,90,c7,bb,ba,ab,36,89,4f,40,55,49,2c,de,ac,d6,77,f5,93,..
"ljej43"=hex:30,d9,d1,90,c7,bb,ba,ab,36,89,4f,40,55,49,2c,de,ac,d6,77,f5,93,..
"ljej44"=hex:30,d9,d1,90,c7,bb,ba,ab,36,89,4f,40,55,49,2c,de,ac,d6,77,f5,93,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg42]
"ujdew"=hex:20,02,00,00,e8,55,b1,5c,2a,59,11,23,10,e6,ac,df,39,c4,59,34,c6,..
"ljej40"=hex:95,d9,d1,90,bf,bb,ba,ab,37,89,4e,40,54,49,2c,de,ac,d6,77,f5,a3,..
"ljej41"=hex:30,d9,d1,90,c7,bb,ba,ab,36,89,4f,40,55,49,2c,de,ac,d6,77,f5,93,..
"ljej42"=hex:30,d9,d1,90,c7,bb,ba,ab,36,89,4f,40,55,49,2c,de,ac,d6,77,f5,93,..
"ljej43"=hex:30,d9,d1,90,c7,bb,ba,ab,36,89,4f,40,55,49,2c,de,ac,d6,77,f5,93,..
"ljej44"=hex:30,d9,d1,90,c7,bb,ba,ab,36,89,4f,40,55,49,2c,de,ac,d6,77,f5,93,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg43]
"ujdew"=hex:20,02,00,00,f8,88,14,e0,d6,da,17,0d,81,f7,11,14,50,ef,12,c0,b3,..
"ljej40"=hex:27,8d,a6,04,74,af,ea,64,42,25,1f,f6,03,76,12,02,31,7c,57,58,cc,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg44]
"ujdew"=hex:20,02,00,00,62,f7,14,e0,f4,21,07,74,07,35,51,ce,ae,ff,0b,f7,b9,..
"ljej40"=hex:27,8d,a6,04,74,af,ea,64,42,25,1f,f6,03,76,12,02,31,7c,57,58,61,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:fa,68,f8,d9,18,69,ef,66,c2,e2,7f,1c,52,38,26,09,ed,9e,fe,5d,ce,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:f3,0a,2a,9d,a4,e2,94,1e,95,b5,fc,0a,c0,8a,95,2c,36,3f,7f,f9,de,..
"p0"="E:\Programy\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,32,6f,72,51,8b,86,99,fa,86,d8,39,c9,32,9e,6f,11,84,..
"khjeh"=hex:9f,2a,c0,25,fb,9c,eb,7f,a3,de,f1,74,00,e4,a7,ee,d1,9b,f0,14,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:02,5a,6f,b1,49,c5,91,4f,23,73,7a,5f,4f,3d,7d,d2,e0,79,93,27,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:3a,42,5a,98,78,84,0d,35,f4,20,e0,13,59,97,83,3c,e5,d1,41,ba,74,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:fa,68,f8,d9,18,69,ef,66,c2,e2,7f,1c,52,38,26,09,ed,9e,fe,5d,ce,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:f3,0a,2a,9d,a4,e2,94,1e,95,b5,fc,0a,c0,8a,95,2c,36,3f,7f,f9,de,..
"p0"="E:\Programy\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,32,6f,72,51,8b,86,99,fa,86,d8,39,c9,32,9e,6f,11,84,..
"khjeh"=hex:9f,2a,c0,25,fb,9c,eb,7f,a3,de,f1,74,00,e4,a7,ee,d1,9b,f0,14,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:02,5a,6f,b1,49,c5,91,4f,23,73,7a,5f,4f,3d,7d,d2,e0,79,93,27,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:3a,42,5a,98,78,84,0d,35,f4,20,e0,13,59,97,83,3c,e5,d1,41,ba,74,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"="C:\\Program Files\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\\Valve\\hl.exe"="D:\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\DiRT Demo\\DiRTDemo.exe"="D:\\DiRT Demo\\DiRTDemo.exe:*:Enabled:DiRT Demo Executable"
"D:\\Warcraft III\\Warcraft III.exe"="D:\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\\Knights Of The Temple\\Templar.exe"="D:\\Knights Of The Temple\\Templar.exe:*:Enabled:Templar"
"D:\\The Battle for Middle-earth (tm)\\game.dat"="D:\\The Battle for Middle-earth (tm)\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"D:\\Need For Speed Underground\\Speed.exe"="D:\\Need For Speed Underground\\Speed.exe:*:Enabled:Speed"
"C:\\Documents and Settings\\Sioux\\Local Settings\\Temp\\_AZTMP0_\\StrongDC.exe"="C:\\Documents and Settings\\Sioux\\Local Settings\\Temp\\_AZTMP0_\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Documents and Settings\\Sioux\\Local Settings\\Temp\\_AZTMP1_\\StrongDC.exe"="C:\\Documents and Settings\\Sioux\\Local Settings\\Temp\\_AZTMP1_\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Documents and Settings\\Sioux\\Local Settings\\Temp\\_AZTMP2_\\StrongDC.exe"="C:\\Documents and Settings\\Sioux\\Local Settings\\Temp\\_AZTMP2_\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Documents and Settings\\Sioux\\Local Settings\\Temp\\_AZTMP3_\\StrongDC.exe"="C:\\Documents and Settings\\Sioux\\Local Settings\\Temp\\_AZTMP3_\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"E:\\Programy\\BitComet\\BitComet.exe"="E:\\Programy\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Documents and Settings\\Sioux\\Local Settings\\Temp\\_AZTMP7_\\StrongDC.exe"="C:\\Documents and Settings\\Sioux\\Local Settings\\Temp\\_AZTMP7_\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Documents and Settings\\Sioux\\Local Settings\\Temp\\_AZTMP6_\\StrongDC.exe"="C:\\Documents and Settings\\Sioux\\Local Settings\\Temp\\_AZTMP6_\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Documents and Settings\\Sioux\\Local Settings\\Temp\\_AZTMP8_\\StrongDC.exe"="C:\\Documents and Settings\\Sioux\\Local Settings\\Temp\\_AZTMP8_\\StrongDC.exe:*:Enabled:StrongDC++"
"E:\\Programy\\strongdc++\\StrongDC.exe"="E:\\Programy\\strongdc++\\StrongDC.exe:*:Enabled:StrongDC++"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"E:\\Programy\\BlueSoleil.exe"="E:\\Programy\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"E:\\Programy\\bluesoil\\BlueSoleil.exe"="E:\\Programy\\bluesoil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"E:\\Programy\\iView MediaPro3\\IVIEW_MP.exe"="E:\\Programy\\iView MediaPro3\\IVIEW_MP.exe:*:Enabled:iView Multimedia"
"E:\\Programy\\Bluesoleil\\BlueSoleil.exe"="E:\\Programy\\Bluesoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"D:\\Ea GAMES\\The Battle for Middle-earth (tm)\\game.dat"="D:\\Ea GAMES\\The Battle for Middle-earth (tm)\\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Manager\\fm.exe"="D:\\Manager\\fm.exe:*:Disabled:Football Manager 2008"
"E:\\HRY 2\\Moha\\UnrealEngine3\\Binaries\\MOHA.exe"="E:\\HRY 2\\Moha\\UnrealEngine3\\Binaries\\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"D:\\Call of duty\\CoD2MP_s.exe"="D:\\Call of duty\\CoD2MP_s.exe:*:Enabled:Call of Duty(R) 2 Multiplayer"
"C:\\Program Files\\AGEIA Technologies\\bin\\TrayIcon.exe"="C:\\Program Files\\AGEIA Technologies\\bin\\TrayIcon.exe:*:Enabled:AGEIA PhysX System Tray Icon"
"E:\\HRY 2\\Assassins Creed CZ\\AssassinsCreed_Dx9.exe"="E:\\HRY 2\\Assassins Creed CZ\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"E:\\HRY 2\\Assassins Creed CZ\\AssassinsCreed_Dx10.exe"="E:\\HRY 2\\Assassins Creed CZ\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"E:\\HRY 2\\Assassins Creed CZ\\AssassinsCreed_Launcher.exe"="E:\\HRY 2\\Assassins Creed CZ\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\\HRY 2\\Warcraft III\\Warcraft III.exe"="E:\\HRY 2\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 23 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a5f16949630e8c407182e4928048db02\BIT1.tmp"
[b]Finished![/b]
Logfile of HijackThis v1.99.1
Scan saved at 13:17: VIRUS ALERT!, on 18.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Programy\Bluesoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\HRY 2\Moha\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Documents and Settings\Sioux\Plocha\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = softwarereferral.com ...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com ...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com ...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.crawler.com ...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = dnl.crawler.com ...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com ...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com ...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.crawler.com ...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = dnl.crawler.com ...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Programy\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\Programy\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com ...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\Programy\Bluesoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - E:\HRY 2\Moha\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS\system32\rserver30\RServer3.exe" /service (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - E:\Programy\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - E:\Programy\Spyware Doctor\swdsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe