Takze jsem pripraven na nejhorsi. Ale to clovek muze mlatit a stejne to neni nic platny . Diky za rady.Problém s připojením.
Problém s připojením.
Zdavim vsechny ... mame takovej problemek...na synkove pc nefunguji prohlizece, ani firefox ani IE nezobrazi zadnou z www stranek. Ovsem ICQ mu bezi... muzete mi nekdo poradit na co se kouknout ? Musim predeslat ze toto nas zlobi od chvile kdy se jedna nejmenovana osoba brouzdala na strankach pro dospele Takze jsem pripraven na nejhorsi. Ale to clovek muze mlatit a stejne to neni nic platny . Diky za rady.
Takze jsem pripraven na nejhorsi. Ale to clovek muze mlatit a stejne to neni nic platny . Diky za rady.Petr
-
mmmartin
- Moderátor
-
Elite Level 10
- Příspěvky: 9639
- Registrován: srpen 04
- Bydliště: Praha
- Pohlaví:
- Stav:
Offline
Na úvod pořiď HJT log, předhoď jej sem a doufej, že to je způsobený nějakou snadno likvidovatelnou potvorou.
A ohledně toho mlácení: je to jedna z nejúčinnějších hardwerových ochran a musíme ji aplikovat včas, dokud je ještě přepereme. S rostoucím věkem - naším i našich ratolestí - účinnost této HW ochrany prudce klesá.
A ohledně toho mlácení: je to jedna z nejúčinnějších hardwerových ochran a musíme ji aplikovat včas, dokud je ještě přepereme. S rostoucím věkem - naším i našich ratolestí - účinnost této HW ochrany prudce klesá.
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
já přidám návod na vytvoření logu z Hijackthis,který potřebujeme nutně vidět.
HijackThis stahneš tady-
http://www.bleepingcomputer.com/files/M ... ckThis.zip
rozbal do vlastní složky,spusť,klikni na "Do a system scan and save a logfile"
Vygenerovaný texťák zkopíruj sem.
HijackThis stahneš tady-
http://www.bleepingcomputer.com/files/M ... ckThis.zip
rozbal do vlastní složky,spusť,klikni na "Do a system scan and save a logfile"
Vygenerovaný texťák zkopíruj sem.
Tady je ten log...a s tim mlacenim...no asi jsem prosvih tu pravou chvili
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at Čas: 21:44.58, on 29.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\RSSoft\RedSwoosh.exe
C:\Program Files\Seznam Postak\Postak.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\WINDOWS\system32\spoolsv.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Corel\Graphics9\Register\Remind32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\BSplayer Pro\bsplayer.exe
C:\Documents and Settings\Uživatel\Plocha\HiJackThis_v2\HiJackThis_v2\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: &Seznam Bezpečný Internet - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam Postak\SRank.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam Postak\Postak.exe"
O4 - HKLM\..\Run: [Exittimecreativelicense] C:\Documents and Settings\All Users\Data aplikací\hidebarbexittime\new16.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [BOLDIDOL] C:\DOCUME~1\UIVATE~1\DATAAP~1\FILMSA~1\sixthchinflag.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Reminder-cor40212.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll/5034
O8 - Extra context menu item: Do fronty Star Downloaderu - C:\Program Files\Star Downloader\sdieenq.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Hledej v &Seznamu - res://C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll/5035
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F87A0F9-9AF9-4CD0-8E3B-8C7E8AB78341}: NameServer = 10.100.105.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
--
End of file - 10133 bytes
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at Čas: 21:44.58, on 29.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\RSSoft\RedSwoosh.exe
C:\Program Files\Seznam Postak\Postak.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\WINDOWS\system32\spoolsv.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Corel\Graphics9\Register\Remind32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\BSplayer Pro\bsplayer.exe
C:\Documents and Settings\Uživatel\Plocha\HiJackThis_v2\HiJackThis_v2\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: &Seznam Bezpečný Internet - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam Postak\SRank.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam Postak\Postak.exe"
O4 - HKLM\..\Run: [Exittimecreativelicense] C:\Documents and Settings\All Users\Data aplikací\hidebarbexittime\new16.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [BOLDIDOL] C:\DOCUME~1\UIVATE~1\DATAAP~1\FILMSA~1\sixthchinflag.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Reminder-cor40212.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll/5034
O8 - Extra context menu item: Do fronty Star Downloaderu - C:\Program Files\Star Downloader\sdieenq.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Hledej v &Seznamu - res://C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll/5035
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F87A0F9-9AF9-4CD0-8E3B-8C7E8AB78341}: NameServer = 10.100.105.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
--
End of file - 10133 bytes
Petr
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
nejdřív nainstaluj firewall
vyber si tady,doporučuju Comodo
zastav tuto službu
Boonty Games - BOONTY
a typ spuštění dej na zakázáno!
služby spustíš napsáním příkazu services.msc do Spustit... v nabídce START a klik na OK
ten bsplayer jestli neni koupenej tak odinstaluj
udělej log z LopFindu podle návodu tady
http://viry.cz/forum/viewtopic.php?t=34528 bod 2.
a pošli
ale začni samozřejmě bodem jedna a zkontroluj Přidat/odebrat programy
vyber si tady,doporučuju Comodo
zastav tuto službu
Boonty Games - BOONTY
a typ spuštění dej na zakázáno!
služby spustíš napsáním příkazu services.msc do Spustit... v nabídce START a klik na OK
ten bsplayer jestli neni koupenej tak odinstaluj
udělej log z LopFindu podle návodu tady
http://viry.cz/forum/viewtopic.php?t=34528 bod 2.
a pošli
ale začni samozřejmě bodem jedna a zkontroluj Přidat/odebrat programy
-Firewall instalovan
-Boonty Games - BOONTY zakazano
log je zde :
LopFind v3 © Čas: 0:03:40,39 Datum: so 30.06.2007
******************************************
1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:
Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.
Věpis adres ýe C:\Documents and Settings\Administrator\DATAAP~1
24.10.2006 ¬as: 22:29 <DIR> Real
24.10.2006 ¬as: 22:28 <DIR> Identities
24.10.2006 ¬as: 22:28 62 desktop.ini
24.10.2006 ¬as: 22:28 <DIR> Microsoft
24.10.2006 ¬as: 22:28 <DIR> ..
24.10.2006 ¬as: 22:28 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 5, Volněch bajt…: 2360721408
Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.
Věpis adres ýe C:\Documents and Settings\All Users\DATAAP~1
29.06.2007 ¬as: 23:53 <DIR> Comodo
19.06.2007 ¬as: 17:15 <DIR> ACD Systems
28.05.2007 ¬as: 18:00 <DIR> BIZSCR
03.03.2007 ¬as: 16:36 <DIR> Adobe
29.12.2006 ¬as: 16:48 <DIR> hidebarbexittime
23.12.2006 ¬as: 20:51 <DIR> PlayFirst
20.10.2006 ¬as: 15:05 <DIR> BOONTY
01.09.2006 ¬as: 17:57 <DIR> MSScanAppDataDir
01.09.2006 ¬as: 17:36 <DIR> Microsoft Help
13.06.2006 ¬as: 15:29 4336 QTSBandwidthCache
13.06.2006 ¬as: 15:10 <DIR> Apple Computer
11.06.2006 ¬as: 21:58 <DIR> XemiComputers
21.03.2006 ¬as: 21:33 <DIR> TuneUp Software
04.03.2006 ¬as: 11:22 <DIR> Windows Genuine Advantage
13.01.2006 ¬as: 23:30 <DIR> Pinnacle
08.12.2005 ¬as: 22:45 <DIR> Macromedia
11.11.2005 ¬as: 17:37 <DIR> DVD Shrink
02.10.2005 ¬as: 19:28 <DIR> CyberLink
27.07.2005 ¬as: 10:36 <DIR> Trymedia
10.03.2005 ¬as: 19:08 <DIR> Spybot - Search & Destroy
02.03.2005 ¬as: 19:17 <DIR> Skype
20.02.2005 ¬as: 18:45 <DIR> QuickTime
19.11.2004 ¬as: 11:22 62 desktop.ini
19.11.2004 ¬as: 11:22 <DIR> Microsoft
19.11.2004 ¬as: 11:22 <DIR> .
19.11.2004 ¬as: 11:22 <DIR> ..
2 soubor…, 4398 bajt…
Adres ý…: 24, Volněch bajt…: 2360717312
Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.
Věpis adres ýe C:\Documents and Settings\U§ivatel\DATAAP~1
Lucas (12:06 AM) :
19.11.2004 ¬as: 11:22 62 desktop.ini
19.11.2004 ¬as: 11:22 <DIR> ..
19.11.2004 ¬as: 11:22 <DIR> Microsoft
19.11.2004 ¬as: 11:22 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 3, Volněch bajt…: 2360713216
Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.
Věpis adres ýe C:\Documents and Settings\LocalService\DATAAP~1
19.11.2004 ¬as: 10:34 <DIR> ..
19.11.2004 ¬as: 10:34 <DIR> Microsoft
19.11.2004 ¬as: 10:34 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 2360713216
Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.
Věpis adres ýe C:\Documents and Settings\NetworkService\DATAAP~1
19.11.2004 ¬as: 10:34 <DIR> ..
19.11.2004 ¬as: 10:34 <DIR> Microsoft
19.11.2004 ¬as: 10:34 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 2360713216
******************************************
2) Vyhledávání a odstranění podezřelých .job souborů:
a) Soubory přítomné v C:\WINDOWS\tasks\ adresáři:
Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.
Věpis adres ýe C:\WINDOWS\Tasks
21.03.2006 ¬as: 21:34 396 1-Click Maintenance.job
19.11.2004 ¬as: 10:31 6 SA.DAT
19.11.2004 ¬as: 10:29 65 desktop.ini
19.11.2004 ¬as: 10:29 <DIR> ..
19.11.2004 ¬as: 10:29 <DIR> .
3 soubor…, 467 bajt…
Adres ý…: 2, Volněch bajt…: 2˙360˙709˙120
------------------------------------------
b) Zjišťování vlastností přítomných .job souborů:
[TRACE] Enumerating jobs and queues
[TRACE] Activating job '1-Click Maintenance.job'
[TRACE] Printing all job properties
ApplicationName: 'C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe'
Parameters: '/schedulestart'
WorkingDirectory: ''
Comment: 'Runs 1-Click Maintenance at specified times'
Creator: 'Uživatel'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 06/29/2007 17:15:00
NextRun: 07/06/2007 17:15:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0
1 Trigger
Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 06/01/2005
EndDate: 06/03/2010
StartTime: 17:15
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
------------------------------------------
c) Nalezené a odstraněné nežádoucí soubory:
------------------------------------------
d) Soubory přítomné v adresáři po vymazání:
Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.
Věpis adres ýe C:\WINDOWS\Tasks
21.03.2006 ¬as: 21:34 396 1-Click Maintenance.job
19.11.2004 ¬as: 10:31 6 SA.DAT
19.11.2004 ¬as: 10:29 65 desktop.ini
19.11.2004 ¬as: 10:29 <DIR> ..
19.11.2004 ¬as: 10:29 <DIR> .
3 soubor…, 467 bajt…
Adres ý…: 2, Volněch bajt…: 2˙360˙709˙120
******************************************
3) Vyhledávání podvodných programů ve složce Program Files:
Adresář C:\Program Files\Torrent101 Přítomen !
-Boonty Games - BOONTY zakazano
log je zde :
LopFind v3 © Čas: 0:03:40,39 Datum: so 30.06.2007
******************************************
1) Výpis obsahů Application Data složek pro zjištění podezřelých adresářů:
Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.
Věpis adres ýe C:\Documents and Settings\Administrator\DATAAP~1
24.10.2006 ¬as: 22:29 <DIR> Real
24.10.2006 ¬as: 22:28 <DIR> Identities
24.10.2006 ¬as: 22:28 62 desktop.ini
24.10.2006 ¬as: 22:28 <DIR> Microsoft
24.10.2006 ¬as: 22:28 <DIR> ..
24.10.2006 ¬as: 22:28 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 5, Volněch bajt…: 2360721408
Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.
Věpis adres ýe C:\Documents and Settings\All Users\DATAAP~1
29.06.2007 ¬as: 23:53 <DIR> Comodo
19.06.2007 ¬as: 17:15 <DIR> ACD Systems
28.05.2007 ¬as: 18:00 <DIR> BIZSCR
03.03.2007 ¬as: 16:36 <DIR> Adobe
29.12.2006 ¬as: 16:48 <DIR> hidebarbexittime
23.12.2006 ¬as: 20:51 <DIR> PlayFirst
20.10.2006 ¬as: 15:05 <DIR> BOONTY
01.09.2006 ¬as: 17:57 <DIR> MSScanAppDataDir
01.09.2006 ¬as: 17:36 <DIR> Microsoft Help
13.06.2006 ¬as: 15:29 4336 QTSBandwidthCache
13.06.2006 ¬as: 15:10 <DIR> Apple Computer
11.06.2006 ¬as: 21:58 <DIR> XemiComputers
21.03.2006 ¬as: 21:33 <DIR> TuneUp Software
04.03.2006 ¬as: 11:22 <DIR> Windows Genuine Advantage
13.01.2006 ¬as: 23:30 <DIR> Pinnacle
08.12.2005 ¬as: 22:45 <DIR> Macromedia
11.11.2005 ¬as: 17:37 <DIR> DVD Shrink
02.10.2005 ¬as: 19:28 <DIR> CyberLink
27.07.2005 ¬as: 10:36 <DIR> Trymedia
10.03.2005 ¬as: 19:08 <DIR> Spybot - Search & Destroy
02.03.2005 ¬as: 19:17 <DIR> Skype
20.02.2005 ¬as: 18:45 <DIR> QuickTime
19.11.2004 ¬as: 11:22 62 desktop.ini
19.11.2004 ¬as: 11:22 <DIR> Microsoft
19.11.2004 ¬as: 11:22 <DIR> .
19.11.2004 ¬as: 11:22 <DIR> ..
2 soubor…, 4398 bajt…
Adres ý…: 24, Volněch bajt…: 2360717312
Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.
Věpis adres ýe C:\Documents and Settings\U§ivatel\DATAAP~1
Lucas (12:06 AM) :
19.11.2004 ¬as: 11:22 62 desktop.ini
19.11.2004 ¬as: 11:22 <DIR> ..
19.11.2004 ¬as: 11:22 <DIR> Microsoft
19.11.2004 ¬as: 11:22 <DIR> .
1 soubor…, 62 bajt…
Adres ý…: 3, Volněch bajt…: 2360713216
Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.
Věpis adres ýe C:\Documents and Settings\LocalService\DATAAP~1
19.11.2004 ¬as: 10:34 <DIR> ..
19.11.2004 ¬as: 10:34 <DIR> Microsoft
19.11.2004 ¬as: 10:34 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 2360713216
Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.
Věpis adres ýe C:\Documents and Settings\NetworkService\DATAAP~1
19.11.2004 ¬as: 10:34 <DIR> ..
19.11.2004 ¬as: 10:34 <DIR> Microsoft
19.11.2004 ¬as: 10:34 <DIR> .
0 soubor…, 0 bajt…
Adres ý…: 3, Volněch bajt…: 2360713216
******************************************
2) Vyhledávání a odstranění podezřelých .job souborů:
a) Soubory přítomné v C:\WINDOWS\tasks\ adresáři:
Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.
Věpis adres ýe C:\WINDOWS\Tasks
21.03.2006 ¬as: 21:34 396 1-Click Maintenance.job
19.11.2004 ¬as: 10:31 6 SA.DAT
19.11.2004 ¬as: 10:29 65 desktop.ini
19.11.2004 ¬as: 10:29 <DIR> ..
19.11.2004 ¬as: 10:29 <DIR> .
3 soubor…, 467 bajt…
Adres ý…: 2, Volněch bajt…: 2˙360˙709˙120
------------------------------------------
b) Zjišťování vlastností přítomných .job souborů:
[TRACE] Enumerating jobs and queues
[TRACE] Activating job '1-Click Maintenance.job'
[TRACE] Printing all job properties
ApplicationName: 'C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe'
Parameters: '/schedulestart'
WorkingDirectory: ''
Comment: 'Runs 1-Click Maintenance at specified times'
Creator: 'Uživatel'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 06/29/2007 17:15:00
NextRun: 07/06/2007 17:15:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0
1 Trigger
Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 06/01/2005
EndDate: 06/03/2010
StartTime: 17:15
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
------------------------------------------
c) Nalezené a odstraněné nežádoucí soubory:
------------------------------------------
d) Soubory přítomné v adresáři po vymazání:
Svazek v jednotce C je Hadrware.
S‚riov‚ źˇslo svazku je F4AD-27F4.
Věpis adres ýe C:\WINDOWS\Tasks
21.03.2006 ¬as: 21:34 396 1-Click Maintenance.job
19.11.2004 ¬as: 10:31 6 SA.DAT
19.11.2004 ¬as: 10:29 65 desktop.ini
19.11.2004 ¬as: 10:29 <DIR> ..
19.11.2004 ¬as: 10:29 <DIR> .
3 soubor…, 467 bajt…
Adres ý…: 2, Volněch bajt…: 2˙360˙709˙120
******************************************
3) Vyhledávání podvodných programů ve složce Program Files:
Adresář C:\Program Files\Torrent101 Přítomen !
Petr
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
odinstaluj Torrent101 a smaž jeho složku v program files
fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Exittimecreativelicense] C:\Documents and Settings\All Users\Data aplikací\hidebarbexittime\new16.exe
O4 - HKCU\..\Run: [BOLDIDOL] C:\DOCUME~1\UIVATE~1\DATAAP~1\FILMSA~1\sixthchinflag.exe
odstraň tu službu Boonty Games - BOONTY
takto
použij Avenger
http://www.viry.cz/forum/viewtopic.php?t=21484
a tento skript
po restartu pošli log z Avengeru a log z hijackthis
fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Exittimecreativelicense] C:\Documents and Settings\All Users\Data aplikací\hidebarbexittime\new16.exe
O4 - HKCU\..\Run: [BOLDIDOL] C:\DOCUME~1\UIVATE~1\DATAAP~1\FILMSA~1\sixthchinflag.exe
odstraň tu službu Boonty Games - BOONTY
takto
_neo píše:spustíte program HJT a kliknete na tlačítko Open the Misc Tools section následně klikněte na tlačítko Delete an NT service. Objeví se okno kde zadáte jméno služby kterou chcete smazat a klikněte na tlačítko OK.
použij Avenger
http://www.viry.cz/forum/viewtopic.php?t=21484
a tento skript
Kód: Vybrat vše
Files to delete:
[BOLDIDOL] C:\DOCUME~1\UIVATE~1\DATAAP~1\FILMSA~1\sixthchinflag.exe
Folders to delete:
C:\Documents and Settings\All Users\Data aplikací\hidebarbexittimepo restartu pošli log z Avengeru a log z hijackthis
-Torrent 101 odstranen
-V HJT fixnuto dle navodu
-odstranena služba Boonty Games
-pouzit avenger a uvedeny skript
-restart
....ten avenger mi hlasil nejaky problem...viz nize
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 0
Line: HKLM\Software\Microsoft\Windows\C
//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jaxissts
*******************
Fatal error: integrity of Services key failed verification check! Security may be fatally compromised. Exiting immediately.
Could not open script file! Status: 0xc0000034 Abort!
.............................................................................................................................................................
HiJackThis LOG ::
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at Čas: 13:04.45, on 30.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Seznam Postak\Postak.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Corel\Graphics9\Register\Remind32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Comodo\Firewall\cpfupdat.exe
C:\Documents and Settings\Uživatel\Plocha\Lukáš\HiJackThis v2\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Seznam Bezpečný Internet - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam Postak\SRank.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam Postak\Postak.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [BOLDIDOL] C:\DOCUME~1\UIVATE~1\DATAAP~1\FILMSA~1\sixthchinflag.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Reminder-cor40212.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll/5034
O8 - Extra context menu item: Do fronty Star Downloaderu - C:\Program Files\Star Downloader\sdieenq.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Hledej v &Seznamu - res://C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll/5035
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F87A0F9-9AF9-4CD0-8E3B-8C7E8AB78341}: NameServer = 10.100.105.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
--
End of file - 9635 bytes
!!! nevim co je tohle : sixthchinflag.exe ale firewall COMODO mi hlasil nejakej problem v souvislosti s timto a s DNS servrem na portu 53 ohledne IE viz obrazek nize.
-V HJT fixnuto dle navodu
-odstranena služba Boonty Games
-pouzit avenger a uvedeny skript
-restart
....ten avenger mi hlasil nejaky problem...viz nize
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 0
Line: HKLM\Software\Microsoft\Windows\C
//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jaxissts
*******************
Fatal error: integrity of Services key failed verification check! Security may be fatally compromised. Exiting immediately.
Could not open script file! Status: 0xc0000034 Abort!
.............................................................................................................................................................
HiJackThis LOG ::
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at Čas: 13:04.45, on 30.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Seznam Postak\Postak.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Corel\Graphics9\Register\Remind32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Comodo\Firewall\cpfupdat.exe
C:\Documents and Settings\Uživatel\Plocha\Lukáš\HiJackThis v2\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Seznam Bezpečný Internet - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam Postak\SRank.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam Postak\Postak.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [BOLDIDOL] C:\DOCUME~1\UIVATE~1\DATAAP~1\FILMSA~1\sixthchinflag.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Reminder-cor40212.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll/5034
O8 - Extra context menu item: Do fronty Star Downloaderu - C:\Program Files\Star Downloader\sdieenq.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Hledej v &Seznamu - res://C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://C:\Program Files\Urychlovace\Seznam Bezpecny Internet\SBI.dll/5035
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F87A0F9-9AF9-4CD0-8E3B-8C7E8AB78341}: NameServer = 10.100.105.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
--
End of file - 9635 bytes
!!! nevim co je tohle : sixthchinflag.exe ale firewall COMODO mi hlasil nejakej problem v souvislosti s timto a s DNS servrem na portu 53 ohledne IE viz obrazek nize.
- Přílohy
-
Petr
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
C:\DOCUME~1\UIVATE~1\DATAAP~1\FILMSA~1\sixthchinflag.exe
nech to zkontrolovat tady
http://scanner.virus.org/
do okna Procházet,zkopíruj metodou ctrl+c ctrl+v celej tučnej text
hoď sem výsledky
nech to zkontrolovat tady
http://scanner.virus.org/
do okna Procházet,zkopíruj metodou ctrl+c ctrl+v celej tučnej text
hoď sem výsledky
-
- Mohlo by vás zajímat
- Odpovědi
- Zobrazení
- Poslední příspěvek
-
- 4
- 4007
-
od petr22
Zobrazit poslední příspěvek
28 lis 2024 10:06
-
- 4
- 3379
-
od lukas222
Zobrazit poslední příspěvek
05 lis 2024 13:36
-
- 11
- 4775
-
od RIKI22
Zobrazit poslední příspěvek
06 dub 2025 20:42
-
- 4
- 2557
-
od Shokata88
Zobrazit poslední příspěvek
19 úno 2025 19:18
-
- 1
- 4626
-
od meda2016
Zobrazit poslední příspěvek
31 led 2025 21:50
Zpět na “Internet a internetové prohlížeče”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 1 host