tyto 3 programy (nebo spíše jen linky) se mi objevily na ploše, co sem se díval na netu se jedná o mallware, nevíte někdo jak jej odstranit?
log z HJT
Kód: Vybrat vše
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:42, on 23.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\xwzybcny.exe
E:\Program Files\Microsoft IntelliPoint\ipoint.exe
E:\Program Files\ITE\Smart Guardian\ITESmart.exe
G:\RivaTuner v2.0 RC 15.8\RivaTuner.exe
G:\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
E:\WINDOWS\system32\Rundll32.exe
E:\WINDOWS\system32\RunDLL32.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
E:\Program Files\QuickTime\QTTask.exe
G:\iTunes\iTunesHelper.exe
G:\ICQLite\ICQLite.exe
E:\Program Files\ESET\ESET Smart Security\egui.exe
E:\WINDOWS\system32\mirenxai.exe
E:\WINDOWS\system32\ctfmon.exe
G:\TaskSwitchXP\TaskSwitchXP.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
G:\steam\steam.exe
G:\System Mechanic 6\SMSystemAnalyzer.exe
E:\Program Files\CursorXP\CursorXP.exe
E:\Program Files\Picasa2\PicasaMediaDetector.exe
E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\ESET\ESET Smart Security\ekrn.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
G:\Red Chair Software\Anapod Explorer\anamgr.exe
E:\Program Files\Spyware Terminator\sp_rsser.exe
E:\Program Files\OpenOffice.org 2.0\program\soffice.exe
E:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
E:\WINDOWS\System32\svchost.exe
E:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Opera\Opera.exe
E:\Program Files\Spyware Terminator\SpywareTerminator.exe
E:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - G:\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - E:\Program Files\PC-Antispyware\IeExtension.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - E:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GNX Bingo - {CEB30BF4-A67C-40D3-AA8F-4F839B84F747} - E:\WINDOWS\dwvdwnqpxk.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - E:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\ICQToolbar\toolbaru.dll
O3 - Toolbar: ewrssvw - {FA5B139D-EC7F-4F89-B616-44D1B244E79E} - E:\WINDOWS\ewrssvw.dll
O4 - HKLM\..\Run: [IntelliPoint] "E:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SmartGuardian] E:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Outpost Firewall] G:\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] G:\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [RivaTuner] "G:\RivaTuner v2.0 RC 15.8\RivaTuner.exe" /T
O4 - HKLM\..\Run: [CTSysVol] G:\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "E:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] "G:\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mirenxai] E:\WINDOWS\system32\mirenxai.exe
O4 - HKLM\..\Run: [PC-Antispyware] "E:\Program Files\PC-Antispyware\PC-Antispyware.exe" hide
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] G:\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "g:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SMSystemAnalyzer] "G:\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [CursorXP] E:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Picasa Media Detector] E:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [uX3hUTWrzk] E:\WINDOWS\xwzybcny.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: .protected
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Anapod Manager.lnk = G:\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Startup: OpenOffice.org 2.0.lnk = E:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Yahoo! Widget Engine.lnk = G:\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: .protected
O8 - Extra context menu item: &Winamp Toolbar Search - E:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://G:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - E:\Poker\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\ICQLite\ICQLite.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: aflqfkw - {2211DBD7-D8B3-447F-A14C-2F30786FB0A4} - E:\WINDOWS\aflqfkw.dll
O21 - SSODL: btpqkmo - {EBE959ED-F594-41D6-8144-B1F5DFC359A0} - E:\WINDOWS\btpqkmo.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - E:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - G:\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - G:\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - E:\Program Files\Spyware Terminator\sp_rsser.exe
O24 - Desktop Component 0: Privacy Protection - file:///E:\WINDOWS\privacy_danger\index.htm
--
End of file - 10473 bytes
