Win32:Warezov-BUI [Wrm]
- L!cmen
- Nováček
-
- Registrován: 12. dub 2007
- likc
- Začátečník
-
- Registrován: 30. čer 2006
- L!cmen
- Nováček
-
- Registrován: 12. dub 2007
Už sem uďál to co řikal B.P. a tady je log
Logfile of HijackThis v1.99.1
Scan saved at 13:43:38, on 14.4.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
K:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
K:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
K:\Program Files\PowerISO\PWRISOVM.EXE
K:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
K:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
K:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
K:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
K:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
K:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
K:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
K:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\MSI\DigiCell\DigiCell.exe
K:\Program Files\Media Key\MagicKey.exe
K:\Program Files\WinZip\WZQKPICK.EXE
K:\Program Files\Media Key\OSD.EXE
K:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe
K:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
K:\Program Files\Alwil Software\Avast4\ashServ.exe
K:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
K:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\System32\nvsvc32.exe
K:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
K:\Program Files\Alwil Software\Avast4\ashWebSv.exe
K:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
K:\PROGRA~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE
C:\WINDOWS\System32\wuauclt.exe
K:\Program Files\totalcmd\TOTALCMD.EXE
K:\Program Files\JetAudio\JetAudio.exe
N:\Soubory\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - K:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - K:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "K:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [RemoteControl] "K:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "K:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] K:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "K:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] K:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "K:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "K:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [COMODO Firewall Pro] "K:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PowerBar] "K:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - Startup: Bitcomet Ultra Accelerator.lnk = K:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: CoreCenter.lnk = K:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe
O4 - Global Startup: Media Key.lnk = K:\Program Files\Media Key\MagicKey.exe
O4 - Global Startup: Spy Sweeper Fix.lnk = K:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
O4 - Global Startup: WinZip Quick Pick.lnk = K:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://K:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://K:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - K:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - K:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - K:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - K:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - K:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - K:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - K:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Logfile of HijackThis v1.99.1
Scan saved at 13:43:38, on 14.4.2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
K:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
K:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
K:\Program Files\PowerISO\PWRISOVM.EXE
K:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
K:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
K:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
K:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
K:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
K:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
K:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
K:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\MSI\DigiCell\DigiCell.exe
K:\Program Files\Media Key\MagicKey.exe
K:\Program Files\WinZip\WZQKPICK.EXE
K:\Program Files\Media Key\OSD.EXE
K:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe
K:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
K:\Program Files\Alwil Software\Avast4\ashServ.exe
K:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
K:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\System32\nvsvc32.exe
K:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
K:\Program Files\Alwil Software\Avast4\ashWebSv.exe
K:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
K:\PROGRA~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE
C:\WINDOWS\System32\wuauclt.exe
K:\Program Files\totalcmd\TOTALCMD.EXE
K:\Program Files\JetAudio\JetAudio.exe
N:\Soubory\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - K:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - K:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "K:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [RemoteControl] "K:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "K:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] K:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "K:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] K:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "K:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "K:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [COMODO Firewall Pro] "K:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PowerBar] "K:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - Startup: Bitcomet Ultra Accelerator.lnk = K:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: CoreCenter.lnk = K:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe
O4 - Global Startup: Media Key.lnk = K:\Program Files\Media Key\MagicKey.exe
O4 - Global Startup: Spy Sweeper Fix.lnk = K:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
O4 - Global Startup: WinZip Quick Pick.lnk = K:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://K:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://K:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - K:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - K:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - K:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - K:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - K:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - K:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - K:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - K:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
- likc
- Začátečník
-
- Registrován: 30. čer 2006
- kutfil
- Nováček
-
- Registrován: 13. dub 2007
caute lidi diky za help skusil sem to podle rary ,doufam ze dobre tady jsou ty logy
Logfile of HijackThis v1.99.1
Scan saved at 1:49:08 PM, on 4/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\program files\alwast\aswUpdSv.exe
D:\program files\alwast\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\program files\alwast\ashMaiSv.exe
D:\program files\alwast\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
D:\PROGRA~1\alwast\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\program files\winamp51\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WLAN\WLAN\wlanutil.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
D:\dvers a instalacky\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\program files\ICQ\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\program files\reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\program files\ICQ\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\alwast\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Onet.pl AutoUpdate] "C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsr
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] D:\program files\winamp51\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: VoipBuster.lnk = C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\program files\reader\Reader\reader_sl.exe
O4 - Global Startup: Wireless LAN Utility.lnk = C:\Program Files\WLAN\WLAN\wlanutil.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\program files\ICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B26C243-C7BE-47E1-B842-E62F68394EFF}: NameServer = 85.255.115.70,85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FD53C0A-659E-4B3F-874E-BA7AF7AC322B}: NameServer = 85.255.115.70,85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FF9CCCB-1AA3-4537-8EB7-135B975E40E2}: NameServer = 85.255.115.70,85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FBD31C9-182A-435A-AA54-ABB83F8D2EBC}: NameServer = 85.255.115.70,85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E8774EC-D18D-49F7-8690-884109F7DCDE}: NameServer = 85.255.115.70,85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9E7744A-E0DC-4BA2-873D-82F093AA3B1E}: NameServer = 85.255.115.70,85.255.112.138
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.70 85.255.112.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B26C243-C7BE-47E1-B842-E62F68394EFF}: NameServer = 85.255.115.70,85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.70 85.255.112.138
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\program files\alwast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\program files\alwast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\program files\alwast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\program files\alwast\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
a ted ten druhy----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Fixwareout Last edited 4/5/2007
Post this report in the forums please
...
»»»»»Prerun check
»»»»» System restarted
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}4D2462D5F1B0-01BA-A1D4-3490-18220FE7{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "etadpu" Deleted
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.
Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/
»»»»» Other
»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="D:\\PROGRA~1\\alwast\\ashDisp.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Onet.pl AutoUpdate"="\"C:\\Program Files\\Common Files\\Onet.pl\\NewAutoUpdate.exe\" /updateexetsr"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"WinampAgent"="D:\\program files\\winamp51\\Winamp\\winampa.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
@=""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Window Washer"="C:\\Program Files\\Webroot\\Washer\\wwDisp.exe"
"FreeCall"="\"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe\" -nosplash -minimized"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
este me napadlo ze bych preinstaloval cele windows nebude to nelepsi cesta?? jinak diky za pomoc...........
Logfile of HijackThis v1.99.1
Scan saved at 1:49:08 PM, on 4/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\program files\alwast\aswUpdSv.exe
D:\program files\alwast\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
D:\program files\alwast\ashMaiSv.exe
D:\program files\alwast\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
D:\PROGRA~1\alwast\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\program files\winamp51\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WLAN\WLAN\wlanutil.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
D:\dvers a instalacky\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\program files\ICQ\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\program files\reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\program files\ICQ\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\alwast\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Onet.pl AutoUpdate] "C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsr
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] D:\program files\winamp51\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: VoipBuster.lnk = C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\program files\reader\Reader\reader_sl.exe
O4 - Global Startup: Wireless LAN Utility.lnk = C:\Program Files\WLAN\WLAN\wlanutil.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\program files\ICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0B26C243-C7BE-47E1-B842-E62F68394EFF}: NameServer = 85.255.115.70,85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FD53C0A-659E-4B3F-874E-BA7AF7AC322B}: NameServer = 85.255.115.70,85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FF9CCCB-1AA3-4537-8EB7-135B975E40E2}: NameServer = 85.255.115.70,85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FBD31C9-182A-435A-AA54-ABB83F8D2EBC}: NameServer = 85.255.115.70,85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E8774EC-D18D-49F7-8690-884109F7DCDE}: NameServer = 85.255.115.70,85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9E7744A-E0DC-4BA2-873D-82F093AA3B1E}: NameServer = 85.255.115.70,85.255.112.138
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.70 85.255.112.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{0B26C243-C7BE-47E1-B842-E62F68394EFF}: NameServer = 85.255.115.70,85.255.112.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.70 85.255.112.138
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\program files\alwast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\program files\alwast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\program files\alwast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\program files\alwast\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
a ted ten druhy----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Fixwareout Last edited 4/5/2007
Post this report in the forums please
...
»»»»»Prerun check
»»»»» System restarted
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "}4D2462D5F1B0-01BA-A1D4-3490-18220FE7{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "etadpu" Deleted
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.
Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/
»»»»» Other
»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="D:\\PROGRA~1\\alwast\\ashDisp.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Onet.pl AutoUpdate"="\"C:\\Program Files\\Common Files\\Onet.pl\\NewAutoUpdate.exe\" /updateexetsr"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"WinampAgent"="D:\\program files\\winamp51\\Winamp\\winampa.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
@=""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Window Washer"="C:\\Program Files\\Webroot\\Washer\\wwDisp.exe"
"FreeCall"="\"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe\" -nosplash -minimized"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
este me napadlo ze bych preinstaloval cele windows nebude to nelepsi cesta?? jinak diky za pomoc...........
- L!cmen
- Nováček
-
- Registrován: 12. dub 2007
- likc
- Začátečník
-
- Registrován: 30. čer 2006
- Baron Prášil
- Začátečník
-
- Registrován: 08. čer 2006
- Palec123
- Mírně pokročilý
-
- Registrován: 08. pro 2004
- Bydliště: Brno
- Kontaktovat uživatele:
- L!cmen
- Nováček
-
- Registrován: 12. dub 2007
Ehm, no sou i lidi, kerý nemaj Win koupenej legálně - NE ŽE BYCH TO BYL JAKO ZROVNA JÁ, ale dávam jen takovej příklad - tim pádem si TAKOVÝ LIDI nemůžou stahovat aktualizace, páč by na to mrkvosoft kápnul žejo. Takže bych si asi pro začátek sehnal ten SP2 tak 
- nevíte kde ho stáhnout?
Jináč všem děkuju za rady a za to že se taj se mnou plácali - DIKES
- nevíte kde ho stáhnout?Jináč všem děkuju za rady a za to že se taj se mnou plácali - DIKES
- Palec123
- Mírně pokročilý
-
- Registrován: 08. pro 2004
- Bydliště: Brno
- Kontaktovat uživatele:
- Baron Prášil
- Začátečník
-
- Registrován: 08. čer 2006
)
- likc
- Začátečník
-
- Registrován: 30. čer 2006
No nevim, jestli se s rarym shodnu, mame na tuhle lecbu asi trochu jiny nazor.
Velka vetsina je pryc.
Znas tenhle program? C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe
kdyztak ho otestuj na www.virustotal.com
Zbylo tam ale pripojeni pres ty ukrajinsky servery. Nevim, jak se pripojujes na net. Jestli mas pevnou IP nebo dymamickou.
V podstate by jsi ted mel fixnout vsechny radky zacinajici na O17, cimz si nejspis kilnes pripojeni k netu, tak ze bude potreba ruco nastavit znovu. Nevidim tam totiz puvodce toho, c Ti to zmenil, tak ze to je nejspis pozustatek nakazy.
Dal fixni
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
Velka vetsina je pryc.
Znas tenhle program? C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe
kdyztak ho otestuj na www.virustotal.com
Zbylo tam ale pripojeni pres ty ukrajinsky servery. Nevim, jak se pripojujes na net. Jestli mas pevnou IP nebo dymamickou.
V podstate by jsi ted mel fixnout vsechny radky zacinajici na O17, cimz si nejspis kilnes pripojeni k netu, tak ze bude potreba ruco nastavit znovu. Nevidim tam totiz puvodce toho, c Ti to zmenil, tak ze to je nejspis pozustatek nakazy.
Dal fixni
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
- Baron Prášil
- Začátečník
-
- Registrován: 08. čer 2006
)- likc
- Začátečník
-
- Registrován: 30. čer 2006
- kutfil
- Nováček
-
- Registrován: 13. dub 2007
no internet mam pres O2 ale mam tam este router tak nevim jestli si ti killnu tak ale to skusim postupne a uvidim co mi to shodi kdyz tak to pak odfixnu jestli to tak jde jinak ten program znam to je na chat jinak by me zajimalo jak sem se mi tam dostaly ty ukrajinske cipiny a co vlastne to zpusobuje??...........
- likc
- Začátečník
-
- Registrován: 30. čer 2006
- Baron Prášil
- Začátečník
-
- Registrován: 08. čer 2006
- kutfil
- Nováček
-
- Registrován: 13. dub 2007