Prosííím včera jsem nad tím seděl do 01:30hod. ráno a nechápal co to má být.
díky předem za pomoc. tady je výpis "HiJackThis":
Logfile of HijackThis v1.99.1
Scan saved at 20:50:24, on 24.11.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Gold Codec\isamonitor.exe
C:\Program Files\Gold Codec\pmsngr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\KM9801U\MMHotKey.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Maxxtro\MaxMice\MaxMice.exe
C:\Program Files\Gold Codec\isamini.exe
C:\Program Files\Gold Codec\pmmon.exe
C:\PROGRA~1\KM9801U\HokHIDKC.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\WinClamAVShield\sp_clam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Petr\LOCALS~1\Temp\Rar$EX00.500\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.selfnet.cz:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Gold Codec\isaddon.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Gold Codec\iesplugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [KM9801U] C:\PROGRA~1\KM9801U\MMHotKey.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: MaxMice Control.lnk = C:\Program Files\Maxxtro\MaxMice\MaxMice.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSIns ... hp?lang=cz
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P ... _EN_XP.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - file://C:\Program Files\EA SPORTS\FIFA 2004\update.1.1\patchx2.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://recruit.netmonitor.cz/WebInstaller.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C} (Cltbuilder Class) - http://akamai.downloadv3.com/binaries/o ... eSvcEN.cab
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/E ... 058_XP.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P ... _EN_XP.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/L ... _EN_XP.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95F90F93-9C1F-4D98-9959-4B201C57ED41}: NameServer = 212.96.161.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDAFC0D6-0480-48C6-BFB2-462D852366C5}: NameServer = 192.168.1.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dns.selfnet.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dns.selfnet.cz
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dns.selfnet.cz
O21 - SSODL: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - C:\WINDOWS\System32\dcvwaah.dll
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
NOVÝ critical system erors
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Odinstaluj přes přidat nebo odebrat programy Gold Codec
Stáhni si SmitFraudFixa nachystej na použití - rozbal si jej na ploše.
Restartuj do nouzového režimu:
Spustíš SmitFraudFix - objeví se modrá obrazovka aplikace a stiskneš volbu 4. Proběhne update programu. Po té opět na obrazovce s menu stiskni volubu 2
Nechej proskenovat počítač.
Pokud budeš dotázán, zda povolíš čištění registrů (Do you want to clean the registry ?), stiskni klávesu Y (pozor na záměnu Y a Z na klávesnici)
Pokud budeš dotázán na odstranění zavirovaných souborů z počítače (Replace infected file ?), stiskneš opět klávesu Y.
Pak restartuj do normálního režimu a udělej nový log z HijackThis na dočištění.
Stáhni si SmitFraudFixa nachystej na použití - rozbal si jej na ploše.
Restartuj do nouzového režimu:
Spustíš SmitFraudFix - objeví se modrá obrazovka aplikace a stiskneš volbu 4. Proběhne update programu. Po té opět na obrazovce s menu stiskni volubu 2
Nechej proskenovat počítač.
Pokud budeš dotázán, zda povolíš čištění registrů (Do you want to clean the registry ?), stiskni klávesu Y (pozor na záměnu Y a Z na klávesnici)
Pokud budeš dotázán na odstranění zavirovaných souborů z počítače (Replace infected file ?), stiskneš opět klávesu Y.
Pak restartuj do normálního režimu a udělej nový log z HijackThis na dočištění.
tak jsem restartoval do nouzového režimu, spustil SmitFraudFix , vyčistil registr ale na to odstranění zavirovaných souborů z počítače mě PC nevyzval - nevíš jak to?
tady je nový log:
Logfile of HijackThis v1.99.1
Scan saved at 21:36:34, on 24.11.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\KM9801U\MMHotKey.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\essspk.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Maxxtro\MaxMice\MaxMice.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\KM9801U\HokHIDKC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\WinClamAVShield\sp_clam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Petr\LOCALS~1\Temp\Rar$EX01.219\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.selfnet.cz:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Gold Codec\isaddon.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Gold Codec\iesplugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [KM9801U] C:\PROGRA~1\KM9801U\MMHotKey.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Nero DriveSpeed] E:\utility\DRIVES~2\DRIVES~2.EXE
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\dc6_startupmon.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1016.dll,InstantAccess
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: MaxMice Control.lnk = C:\Program Files\Maxxtro\MaxMice\MaxMice.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSIns ... hp?lang=cz
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P ... _EN_XP.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - file://C:\Program Files\EA SPORTS\FIFA 2004\update.1.1\patchx2.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://recruit.netmonitor.cz/WebInstaller.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C} (Cltbuilder Class) - http://akamai.downloadv3.com/binaries/o ... eSvcEN.cab
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/E ... 058_XP.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P ... _EN_XP.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/L ... _EN_XP.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95F90F93-9C1F-4D98-9959-4B201C57ED41}: NameServer = 212.96.161.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDAFC0D6-0480-48C6-BFB2-462D852366C5}: NameServer = 192.168.1.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dns.selfnet.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dns.selfnet.cz
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dns.selfnet.cz
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
tady je nový log:
Logfile of HijackThis v1.99.1
Scan saved at 21:36:34, on 24.11.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\KM9801U\MMHotKey.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\essspk.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Maxxtro\MaxMice\MaxMice.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\KM9801U\HokHIDKC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\WinClamAVShield\sp_clam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Petr\LOCALS~1\Temp\Rar$EX01.219\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.selfnet.cz:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Gold Codec\isaddon.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Gold Codec\iesplugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [KM9801U] C:\PROGRA~1\KM9801U\MMHotKey.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Nero DriveSpeed] E:\utility\DRIVES~2\DRIVES~2.EXE
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\dc6_startupmon.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1016.dll,InstantAccess
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: MaxMice Control.lnk = C:\Program Files\Maxxtro\MaxMice\MaxMice.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSIns ... hp?lang=cz
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P ... _EN_XP.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - file://C:\Program Files\EA SPORTS\FIFA 2004\update.1.1\patchx2.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://recruit.netmonitor.cz/WebInstaller.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C} (Cltbuilder Class) - http://akamai.downloadv3.com/binaries/o ... eSvcEN.cab
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/E ... 058_XP.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P ... _EN_XP.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/L ... _EN_XP.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95F90F93-9C1F-4D98-9959-4B201C57ED41}: NameServer = 212.96.161.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDAFC0D6-0480-48C6-BFB2-462D852366C5}: NameServer = 192.168.1.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dns.selfnet.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dns.selfnet.cz
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dns.selfnet.cz
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
-
mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
Chybí SP2, chybí antivir, (štít ClamAvu není plnohodnotný).
Tuhle knihovnu najdi a zkontroluj na Jottiscanu:
C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
Až to budeš mít, spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Gold Codec\isaddon.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\dc6_startupmon.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P ... _EN_XP.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://recruit.netmonitor.cz/WebInstaller.dll
O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C} (Cltbuilder Class) - http://akamai.downloadv3.com/binaries/o ... eSvcEN.cab
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/E ... 058_XP.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P ... _EN_XP.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/L ... _EN_XP.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
po zaškrtnutí klikni na FixChecked
Potom najdi na disku ty červeně označené soubory a vymaž je. Nastav si v Možnostech složky zobrazování skrytých a systémových souborů, abys je lépe nalezl.
Spusť Ccleaner a dej vyčistit windows, aplikace i registry a restartuj. Potom dej nový log na kontrolu.
Tuto firmu znáš? To by mohl být tvůj poskytovatel
inetnum: 212.96.161.0 - 212.96.161.203
netname: SELFNET-CZ
descr: Self Servis Ltd.
descr: BRNO
country: CZ
admin-c: JD644-RIPE
tech-c: JV264-RIPE
status: ASSIGNED PA
mnt-by: MNET-IP-MNT
source: RIPE # Filtered
person: Jan Dasovsky
address: S E L F servis, spol. s r.o.
address: Palavske nam. 11
address: Brno
address: 628 00
address: The Czech Republic
ale k této adrese jsem nenašel nic:
192.168.1.200
znáš ji?
Tuhle knihovnu najdi a zkontroluj na Jottiscanu:
C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
Až to budeš mít, spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Gold Codec\isaddon.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\dc6_startupmon.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P ... _EN_XP.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object) - http://recruit.netmonitor.cz/WebInstaller.dll
O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C} (Cltbuilder Class) - http://akamai.downloadv3.com/binaries/o ... eSvcEN.cab
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/E ... 058_XP.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P ... _EN_XP.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/L ... _EN_XP.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/I ... _EN_XP.cab
po zaškrtnutí klikni na FixChecked
Potom najdi na disku ty červeně označené soubory a vymaž je. Nastav si v Možnostech složky zobrazování skrytých a systémových souborů, abys je lépe nalezl.
Spusť Ccleaner a dej vyčistit windows, aplikace i registry a restartuj. Potom dej nový log na kontrolu.
Tuto firmu znáš? To by mohl být tvůj poskytovatel
inetnum: 212.96.161.0 - 212.96.161.203
netname: SELFNET-CZ
descr: Self Servis Ltd.
descr: BRNO
country: CZ
admin-c: JD644-RIPE
tech-c: JV264-RIPE
status: ASSIGNED PA
mnt-by: MNET-IP-MNT
source: RIPE # Filtered
person: Jan Dasovsky
address: S E L F servis, spol. s r.o.
address: Palavske nam. 11
address: Brno
address: 628 00
address: The Czech Republic
ale k této adrese jsem nenašel nic:
192.168.1.200
znáš ji?
Ahoj,
díky moc za pomoc!!!
Celý víkend jsem byl mimo, a tak se ted vrhnu na to čištění.
Tu firmu samozřejmě znám - je to můj poskytovatel.
A není možné, že to druhé číslo, ke kterému jsi nic nenašel - by mohl být můj předchozí poskytovatel internetu? - měl jsem ho původně přes wi-fi připojení ale už je rok zrušené. firma tuším Kymes (Kyjovská metropolitní sít)
díky moc za pomoc!!!
Celý víkend jsem byl mimo, a tak se ted vrhnu na to čištění.
Tu firmu samozřejmě znám - je to můj poskytovatel.
A není možné, že to druhé číslo, ke kterému jsi nic nenašel - by mohl být můj předchozí poskytovatel internetu? - měl jsem ho původně přes wi-fi připojení ale už je rok zrušené. firma tuším Kymes (Kyjovská metropolitní sít)
Tady je výsledek té kontroli knihovny na Jittiscanu:
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan: Virus
Service
Service load:
0% 100%
File: ViewBarBHO.dll
Status:
POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 0b16b542bfc2755d62e11b1c6f6559e8
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found Viewpoint
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan: Virus
Service
Service load:
0% 100%
File: ViewBarBHO.dll
Status:
POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 0b16b542bfc2755d62e11b1c6f6559e8
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found Viewpoint
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
tak to uděláme jinak:
stáhni si Avenger a spusť ho
pod účtem administrátora.
Zvol Input script manually a klikni na ikonku lupy
Poté ti vyskočí okno kam zkopíruj tenhle tučnej text:
Files to delete:
C:\Program Files\Common Files\ers_startupmon.exe
C:\Program Files\Common Files\dc6_startupmon.exe
Pak klikni na Done.
Poté klikni na ikonku semafory.Pak ti vyskočí hláška kde dáš Ano potom ti vyskočí další hláška kde klikneš na OK PC se restartuje po restartu sem dej nový log.
stáhni si Avenger a spusť ho
pod účtem administrátora.
Zvol Input script manually a klikni na ikonku lupy
Poté ti vyskočí okno kam zkopíruj tenhle tučnej text:
Files to delete:
C:\Program Files\Common Files\ers_startupmon.exe
C:\Program Files\Common Files\dc6_startupmon.exe
Pak klikni na Done.
Poté klikni na ikonku semafory.Pak ti vyskočí hláška kde dáš Ano potom ti vyskočí další hláška kde klikneš na OK PC se restartuje po restartu sem dej nový log.
Díky, sakiri, vypadá to, že ten Avenger pomohl:
tento blok mi to vyhodilo po restartu:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ywhejusn
*******************
Script file located at: \??\C:\Program Files\nnccwxck.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Program Files\Common Files\ers_startupmon.exe not found!
Deletion of file C:\Program Files\Common Files\ers_startupmon.exe failed!
Could not process line:
C:\Program Files\Common Files\ers_startupmon.exe
Status: 0xc0000034
File C:\Program Files\Common Files\dc6_startupmon.exe not found!
Deletion of file C:\Program Files\Common Files\dc6_startupmon.exe failed!
Could not process line:
C:\Program Files\Common Files\dc6_startupmon.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
A tady je nový log pro kontrolu:
Logfile of HijackThis v1.99.1
Scan saved at 20:42:26, on 26.11.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\KM9801U\MMHotKey.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\essspk.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\KM9801U\HokHIDKC.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Maxxtro\MaxMice\MaxMice.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinClamAVShield\sp_clam.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Petr\LOCALS~1\Temp\Rar$EX04.719\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.selfnet.cz:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Gold Codec\iesplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KM9801U] C:\PROGRA~1\KM9801U\MMHotKey.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: MaxMice Control.lnk = C:\Program Files\Maxxtro\MaxMice\MaxMice.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSIns ... hp?lang=cz
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - file://C:\Program Files\EA SPORTS\FIFA 2004\update.1.1\patchx2.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{95F90F93-9C1F-4D98-9959-4B201C57ED41}: NameServer = 212.96.161.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDAFC0D6-0480-48C6-BFB2-462D852366C5}: NameServer = 192.168.1.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dns.selfnet.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dns.selfnet.cz
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dns.selfnet.cz
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
tento blok mi to vyhodilo po restartu:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ywhejusn
*******************
Script file located at: \??\C:\Program Files\nnccwxck.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\Program Files\Common Files\ers_startupmon.exe not found!
Deletion of file C:\Program Files\Common Files\ers_startupmon.exe failed!
Could not process line:
C:\Program Files\Common Files\ers_startupmon.exe
Status: 0xc0000034
File C:\Program Files\Common Files\dc6_startupmon.exe not found!
Deletion of file C:\Program Files\Common Files\dc6_startupmon.exe failed!
Could not process line:
C:\Program Files\Common Files\dc6_startupmon.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
A tady je nový log pro kontrolu:
Logfile of HijackThis v1.99.1
Scan saved at 20:42:26, on 26.11.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\KM9801U\MMHotKey.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\essspk.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\KM9801U\HokHIDKC.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Maxxtro\MaxMice\MaxMice.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinClamAVShield\sp_clam.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Petr\LOCALS~1\Temp\Rar$EX04.719\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.selfnet.cz:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Gold Codec\iesplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KM9801U] C:\PROGRA~1\KM9801U\MMHotKey.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: MaxMice Control.lnk = C:\Program Files\Maxxtro\MaxMice\MaxMice.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSIns ... hp?lang=cz
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {5D8844F9-1CB8-11D2-A0A0-00600859EB9F} (PatchCtl Class) - file://C:\Program Files\EA SPORTS\FIFA 2004\update.1.1\patchx2.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{95F90F93-9C1F-4D98-9959-4B201C57ED41}: NameServer = 212.96.161.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDAFC0D6-0480-48C6-BFB2-462D852366C5}: NameServer = 192.168.1.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dns.selfnet.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dns.selfnet.cz
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dns.selfnet.cz
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
-
mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
Ale buď si jistý, že bez Service packu 2 a bez pořádného antiviru tu budeš denním hostem. Něco s tím udělej!
K logu. No část šmejdů zmizela - hlavně ty aktivní, ale další potenciální ti tam zůstali. Na ty by byl nejlepší MWAV.
Ten ViewBarBHO.dll Jotti označil jen jako potenciální nebezpečí, takže ho tam necháme. Ale moc mu nevěřím.
Fixni v Hijackthisu:
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Gold Codec\iesplugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
To červené ještě musí zmizet!!!
No raději bych viděl log MWAVu.
K logu. No část šmejdů zmizela - hlavně ty aktivní, ale další potenciální ti tam zůstali. Na ty by byl nejlepší MWAV.
Ten ViewBarBHO.dll Jotti označil jen jako potenciální nebezpečí, takže ho tam necháme. Ale moc mu nevěřím.
Fixni v Hijackthisu:
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Gold Codec\iesplugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
To červené ještě musí zmizet!!!
No raději bych viděl log MWAVu.
-
mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
No vyzkoušej Aviru, nebo Avast - oba jsou zdarma a Avira je v některých aspektech i lepší než NOD. Problémem je trochu pošta, ale jestli jsi na schránce Seznamu, nebo jiném portálu a nepoužíváš Outlook, tak kontrolu pošty nepotřebuješ, protože to už obstará portál.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 1 host