a ked hram hru tak mi to nabehuju pocas hry a musim ist do windowsuSURNE help
- M4jk1:-)
- Nováček
-
- Registrován: 22. kvě 2006
- Bydliště: Poprad
SURNE help
kazde cca minuty mi nabehne vedla hodin "your computer is infected" a hadze mi rozne stranky HEEEEEELP a ked hram hru tak mi to nabehuju pocas hry a musim ist do windowsu
a ked hram hru tak mi to nabehuju pocas hry a musim ist do windowsuhej mam rad presne to
- matajon
- Začátečník
-
- Registrován: 22. lis 2005
- Bydliště: Dobruška
- Kontaktovat uživatele:
koukni se do spravce procesu, jestli ti tam nebezi 2 procesy - nvctrl.exe a mssearchnet.exe
jestli jo, tak pust tenhle program v nouzovem rezimu - http://viry.cz/forum/viewtopic.php?t=4583
jestli ne, tak sem posli log z HijackThis
jestli jo, tak pust tenhle program v nouzovem rezimu - http://viry.cz/forum/viewtopic.php?t=4583
jestli ne, tak sem posli log z HijackThis
Post powered by Microsoft® Windows Vista™ Business
No trees or animals were killed during sending this message
No trees or animals were killed during sending this message
- M4jk1:-)
- Nováček
-
- Registrován: 22. kvě 2006
- Bydliště: Poprad
no sputil som ten hijack a nabehlo mi toto C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BearShare\BearShare.exe
C:\WINDOWS\system32\fc64b8ef.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Save\Save.exe
C:\PROGRA~1\MCROSO~1\mshta.exe
C:\WINDOWS\system32\?icrosoft\r?gsvr32.exe
C:\Program Files\wincmd\WINCMD32.EXE
C:\Program Files\opera854usb\Opera.efe
c:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: (no name) - {E10C0033-9BA2-CF50-F5BA-E32CF2655E9B} - C:\WINDOWS\system32\tghj.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: (no name) - {E10C0033-9BA2-CF50-F5BA-E32CF2655E9B} - C:\WINDOWS\system32\tghj.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [fc64b8ef.exe] C:\WINDOWS\system32\fc64b8ef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [fc64b8ef.exe] C:\Documents and Settings\all\Local Settings\Application Data\fc64b8ef.exe
O4 - HKCU\..\Run: [Nusi] "C:\PROGRA~1\MCROSO~1\mshta.exe" -vt yazb
O4 - HKCU\..\Run: [Dzi] C:\WINDOWS\system32\?icrosoft\r?gsvr32.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O20 - AppInit_DLLs: C:\WINDOWS\system32\dllhost.dll
O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll a bol som na tej internetovej stranke a tiez som to tam dal a tie co mi nabehlo cervenou fajkou dal som vymazat a uchovat zmeny a skusal som to este raz a zase mi cervene fajky nabehli co mam robit?
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BearShare\BearShare.exe
C:\WINDOWS\system32\fc64b8ef.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Save\Save.exe
C:\PROGRA~1\MCROSO~1\mshta.exe
C:\WINDOWS\system32\?icrosoft\r?gsvr32.exe
C:\Program Files\wincmd\WINCMD32.EXE
C:\Program Files\opera854usb\Opera.efe
c:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: (no name) - {E10C0033-9BA2-CF50-F5BA-E32CF2655E9B} - C:\WINDOWS\system32\tghj.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: (no name) - {E10C0033-9BA2-CF50-F5BA-E32CF2655E9B} - C:\WINDOWS\system32\tghj.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [fc64b8ef.exe] C:\WINDOWS\system32\fc64b8ef.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [fc64b8ef.exe] C:\Documents and Settings\all\Local Settings\Application Data\fc64b8ef.exe
O4 - HKCU\..\Run: [Nusi] "C:\PROGRA~1\MCROSO~1\mshta.exe" -vt yazb
O4 - HKCU\..\Run: [Dzi] C:\WINDOWS\system32\?icrosoft\r?gsvr32.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O20 - AppInit_DLLs: C:\WINDOWS\system32\dllhost.dll
O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll a bol som na tej internetovej stranke a tiez som to tam dal a tie co mi nabehlo cervenou fajkou dal som vymazat a uchovat zmeny a skusal som to este raz a zase mi cervene fajky nabehli co mam robit?
hej mam rad presne to
- matajon
- Začátečník
-
- Registrován: 22. lis 2005
- Bydliště: Dobruška
- Kontaktovat uživatele:
ve spravci procesu vypni a pak smaz :
Potom v HJT fixni :
Kód: Vybrat vše
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\fc64b8ef.exe
C:\Program Files\Save\Save.exe
a taky tohle - C:\WINDOWS\system32\?icrosoft\r?gsvr32.exe - jestli nevis, co to je ?Kód: Vybrat vše
R3 - URLSearchHook: (no name) - {E10C0033-9BA2-CF50-F5BA-E32CF2655E9B} - C:\WINDOWS\system32\tghj.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: (no name) - {E10C0033-9BA2-CF50-F5BA-E32CF2655E9B} - C:\WINDOWS\system32\tghj.dll
O4 - HKLM\..\Run: [fc64b8ef.exe] C:\WINDOWS\system32\fc64b8ef.exe
O4 - HKCU\..\Run: [fc64b8ef.exe] C:\Documents and Settings\all\Local Settings\Application Data\fc64b8ef.exe
O4 - HKCU\..\Run: [Dzi] C:\WINDOWS\system32\?icrosoft\r?gsvr32.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
a co je tohle ? -
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
jestli o nicem takovym nevis, tak taky fixni
Post powered by Microsoft® Windows Vista™ Business
No trees or animals were killed during sending this message
No trees or animals were killed during sending this message
- M4jk1:-)
- Nováček
-
- Registrován: 22. kvě 2006
- Bydliště: Poprad
- matajon
- Začátečník
-
- Registrován: 22. lis 2005
- Bydliště: Dobruška
- Kontaktovat uživatele:
neee ... to neeM4jk1:-) píše:ako myslis v tom poznamkovom bloku mam to zmazat co si mi napisal ? a fixni to co myslis pod tym pojmom a mimochodom dakujem ti ze mi pomas ... takze co mam teraz robit ?
nejdriv ve taskmanageru(spravci uloh - viz vedlejsi thread) vypni procesy vypsane nahore a pote je normalne ve windows smaz
potom si pust HijackThis, dej Scan a v okne co se ti ukaze (ne textovem !) zaskrtni vsechny veci vypsane dole a dej "Fix selected items"
Post powered by Microsoft® Windows Vista™ Business
No trees or animals were killed during sending this message
No trees or animals were killed during sending this message
- M4jk1:-)
- Nováček
-
- Registrován: 22. kvě 2006
- Bydliště: Poprad
- Baron Prášil
- Začátečník
-
- Registrován: 08. čer 2006
- M4jk1:-)
- Nováček
-
- Registrován: 22. kvě 2006
- Bydliště: Poprad
baron vsetko co vravis je pravda tak ze mam bear share vymazat a dat antivir ? a este dole mi ukazuje taky vozickar virus alert kazde cca 4 minuty mi nabehne tabulka ze "your computer is infected" a nabehuju mi hocijake strankyBaron Prášil píše:tak za prví-nemáš firewall a jestli se nepletu tak ani antivir! bez toho můžeš fixovat do aleluja a za chvilku tam máš všechno zpátky.(obvzlášť když používáš BearShare,kterej je prošpikovanej spywarem-dej ho pryč!) až budeš mít firewall,tak pošli novej log z HJT a tentokrát celej i z hlavičkou!
hej mam rad presne to
- hlupak
- Mírně pokročilý
-
- Registrován: 08. srp 2005
- Bydliště: St.Albans United Kingdom
- Kontaktovat uživatele:
nesmis dat jen FIDX a znova scan!!!!M4jk1:-) píše:baron vsetko co vravis je pravda tak ze mam bear share vymazat a dat antivir ? a este dole mi ukazuje taky vozickar virus alert kazde cca 4 minuty mi nabehne tabulka ze "your computer is infected" a nabehuju mi hocijake strankyBaron Prášil píše:tak za prví-nemáš firewall a jestli se nepletu tak ani antivir! bez toho můžeš fixovat do aleluja a za chvilku tam máš všechno zpátky.(obvzlášť když používáš BearShare,kterej je prošpikovanej spywarem-dej ho pryč!) až budeš mít firewall,tak pošli novej log z HJT a tentokrát celej i z hlavičkou!
u kazde polozky je male okenko, na ktere kdyz kliknes tak se zaskrtne!
a pak dej fix,mel by se zepatat jestli to chces fakt opravit das ANo a pak dej znova scan a save..hod to nova na hijackthis.de a uvidis.
uz sem ti odepsla v jynym threadu..vzdy delej copy-paste a ten poznamkovy blok ..LOL jestli to amzes v tom poznamkovem bloku tak to je k nicemu.
musis zaskrtnout u hlavnim okne HIJACKU, ne v tom poznamkovym kde ti vlastne vypise to same ale stou moznsoti ze to jde dat copy-paste..kvuli analyze
takze..zaskrtej v HLAVNIM OKNE HIJAKCU ty otravny veci a dej FIX
vozickar=====nadherny priklad cloveka ktery nema FIREWALL!
- Baron Prášil
- Začátečník
-
- Registrován: 08. čer 2006
první věc je firewall-zdarma a česky Kerio-http://www.stahuj.cz/internet_a_site/be ... lfirewall/
nebo ZoneAlarm-http://www.stahuj.cz/internet_a_site/be ... &g[up]=744
potom antivir.doporučuju Avast.je zadarmo a je dobrej-http://www.stahuj.cz/utility_a_ostatni/ ... tni/avast/
nebo ZoneAlarm-http://www.stahuj.cz/internet_a_site/be ... &g[up]=744
potom antivir.doporučuju Avast.je zadarmo a je dobrej-http://www.stahuj.cz/utility_a_ostatni/ ... tni/avast/
- M4jk1:-)
- Nováček
-
- Registrován: 22. kvě 2006
- Bydliště: Poprad
a stym firewallom mam ho otvoreny iba ciastocne aby som mohol zakladat hry z frozenehlupak píše:nesmis dat jen FIDX a znova scan!!!!M4jk1:-) píše: baron vsetko co vravis je pravda tak ze mam bear share vymazat a dat antivir ? a este dole mi ukazuje taky vozickar virus alert kazde cca 4 minuty mi nabehne tabulka ze "your computer is infected" a nabehuju mi hocijake stranky
u kazde polozky je male okenko, na ktere kdyz kliknes tak se zaskrtne!
a pak dej fix,mel by se zepatat jestli to chces fakt opravit das ANo a pak dej znova scan a save..hod to nova na hijackthis.de a uvidis.
uz sem ti odepsla v jynym threadu..vzdy delej copy-paste a ten poznamkovy blok ..LOL jestli to amzes v tom poznamkovem bloku tak to je k nicemu.
musis zaskrtnout u hlavnim okne HIJACKU, ne v tom poznamkovym kde ti vlastne vypise to same ale stou moznsoti ze to jde dat copy-paste..kvuli analyze
takze..zaskrtej v HLAVNIM OKNE HIJAKCU ty otravny veci a dej FIX
vozickar=====nadherny priklad cloveka ktery nema FIREWALL!
hej mam rad presne to