potřeboval bych zkonrolovat log prosím, neb mě otravuje jedna protivná reklama na nějakej pochybnej antivirus, o který nemám zájem
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\Wzqkpick.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\zdenek\LOCALS~1\Temp\Rar$EX00.047\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.seznam.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: C:\WINDOWS\System32\6D6242.dll - {147254B5-96F3-4A9D-FF34-8476477D897C} - C:\WINDOWS\System32\6D6242.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: C:\WINDOWS\System32\7763A8.dll - {947254B5-96F3-4A9D-FF34-8466477D897C} - C:\WINDOWS\System32\7763A8.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [WinUpgrade] C:\WINDOWS\System32\z2523503609.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: HPFPro.lnk = C:\Program Files\Hurricanesoft\Hurricanesoft Personal Firewall Pro\HPF.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .MP3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .tga: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O20 - AppInit_DLLs: 391231M.BMP
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Plus Working Service (PlusService) - Unknown owner - C:\WINDOWS\System32\plusservices.exe
otravná reklama - HJT log
-
stepní vlk
- nováček
- Příspěvky: 6
- Registrován: prosinec 06
- Pohlaví:
- Stav:
Offline
stáhni si Avenger a spusť ho pod účtem administrátora
Zvol Input script manually a klikni na ikonku lupy vyskočí ti prazdné okno kam zkopíru ten tučně označený
text:
Files to delete:
C:\WINDOWS\System32\6D6242.dll
C:\WINDOWS\System32\7763A8.dll
C:\WINDOWS\System32\nordsys.exe
C:\WINDOWS\System32\z2523503609.exe
Poté klikni na Done.
Pak klikni na ikonku semafory Vyskočí ti hláška kde odklikni Yes poté další hláška kde odklikni opět Yes.
PC se restartuje po restartu by se ti měl objevit výpis z Avengeru tak ho sem zkopíruj
+ sem dej nový log z HJT.
Zvol Input script manually a klikni na ikonku lupy vyskočí ti prazdné okno kam zkopíru ten tučně označený
text:
Files to delete:
C:\WINDOWS\System32\6D6242.dll
C:\WINDOWS\System32\7763A8.dll
C:\WINDOWS\System32\nordsys.exe
C:\WINDOWS\System32\z2523503609.exe
Poté klikni na Done.
Pak klikni na ikonku semafory Vyskočí ti hláška kde odklikni Yes poté další hláška kde odklikni opět Yes.
PC se restartuje po restartu by se ti měl objevit výpis z Avengeru tak ho sem zkopíruj
+ sem dej nový log z HJT.
-
stepní vlk
- nováček
- Příspěvky: 6
- Registrován: prosinec 06
- Pohlaví:
- Stav:
Offline
fertig
ogfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\oydntuiv
*******************
Script file located at: \??\C:\WINDOWS\cuxiqsga.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at c:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\System32\6D6242.dll deleted successfully.
File C:\WINDOWS\System32\7763A8.dll deleted successfully.
File C:\WINDOWS\System32\nordsys.exe not found!
Deletion of file C:\WINDOWS\System32\nordsys.exe failed!
Could not process line:
C:\WINDOWS\System32\nordsys.exe
Status: 0xc0000034
výpis z avengeru
File C:\WINDOWS\System32\z2523503609.exe not found!
Deletion of file C:\WINDOWS\System32\z2523503609.exe failed!
Could not process line:
C:\WINDOWS\System32\z2523503609.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
výpis Hjt
unning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\Wzqkpick.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\zdenek\LOCALS~1\Temp\Rar$EX00.703\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.mht
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\blank.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.mht
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\blank.mht
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.seznam.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: C:\WINDOWS\System32\6D6242.dll - {147254B5-96F3-4A9D-FF34-8476477D897C} - C:\WINDOWS\System32\6D6242.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: C:\WINDOWS\System32\7763A8.dll - {947254B5-96F3-4A9D-FF34-8466477D897C} - C:\WINDOWS\System32\7763A8.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [WinUpgrade] C:\WINDOWS\System32\z2523503609.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .MP3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .tga: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O20 - AppInit_DLLs: 391231M.BMP
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Plus Working Service (PlusService) - Unknown owner - C:\WINDOWS\System32\plusservices.exe
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\oydntuiv
*******************
Script file located at: \??\C:\WINDOWS\cuxiqsga.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at c:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\System32\6D6242.dll deleted successfully.
File C:\WINDOWS\System32\7763A8.dll deleted successfully.
File C:\WINDOWS\System32\nordsys.exe not found!
Deletion of file C:\WINDOWS\System32\nordsys.exe failed!
Could not process line:
C:\WINDOWS\System32\nordsys.exe
Status: 0xc0000034
výpis z avengeru
File C:\WINDOWS\System32\z2523503609.exe not found!
Deletion of file C:\WINDOWS\System32\z2523503609.exe failed!
Could not process line:
C:\WINDOWS\System32\z2523503609.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
výpis Hjt
unning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\Wzqkpick.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\zdenek\LOCALS~1\Temp\Rar$EX00.703\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.mht
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\blank.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.mht
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\blank.mht
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.seznam.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: C:\WINDOWS\System32\6D6242.dll - {147254B5-96F3-4A9D-FF34-8476477D897C} - C:\WINDOWS\System32\6D6242.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: C:\WINDOWS\System32\7763A8.dll - {947254B5-96F3-4A9D-FF34-8466477D897C} - C:\WINDOWS\System32\7763A8.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [WinUpgrade] C:\WINDOWS\System32\z2523503609.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .MP3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .tga: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O20 - AppInit_DLLs: 391231M.BMP
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Plus Working Service (PlusService) - Unknown owner - C:\WINDOWS\System32\plusservices.exe
ten O23 - Service: Plus Working Service (PlusService) - Unknown owner - C:\WINDOWS\System32\plusservices.exe
fixni taky, a jeste udelej vypis z mwav (najdes na http://www.download.com) a zkopiroj to sem
a projed pc ccleaner najdes na http://www.slunecnice.cz
fixni taky, a jeste udelej vypis z mwav (najdes na http://www.download.com) a zkopiroj to sem
a projed pc ccleaner najdes na http://www.slunecnice.cz
:)
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Služby se nefixuji.
Ještě zastav tuto službu:
Start->Spustit-> otevře se ti okno a tam napiš services.msc dej Ok otevře se ti okno se Služby. Najdi tuto službu, zastav ji a nastavit spouštění na Zakázáno:
Command Service (cmdService) možná v tom názvu ta závorka nebude.
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.mht
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\blank.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.mht
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\blank.mht
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: C:\WINDOWS\System32\6D6242.dll - {147254B5-96F3-4A9D-FF34-8476477D897C} - C:\WINDOWS\System32\6D6242.dll (file missing)
O2 - BHO: C:\WINDOWS\System32\7763A8.dll - {947254B5-96F3-4A9D-FF34-8466477D897C} - C:\WINDOWS\System32\7763A8.dll (file missing)
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - HKCU\..\Run: [WinUpgrade] C:\WINDOWS\System32\z2523503609.exe
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
po zaškrtnutí klikni na FixChecked
Návod najdeš zde na Mwav a log z něho jak už bylo vzpomínáno by se hodil.
Ještě dotaz proč sem nevložíš hlavičku logu z HJT?
Ještě zastav tuto službu:
Start->Spustit-> otevře se ti okno a tam napiš services.msc dej Ok otevře se ti okno se Služby. Najdi tuto službu, zastav ji a nastavit spouštění na Zakázáno:
Command Service (cmdService) možná v tom názvu ta závorka nebude.
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.mht
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\blank.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.mht
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\blank.mht
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: C:\WINDOWS\System32\6D6242.dll - {147254B5-96F3-4A9D-FF34-8476477D897C} - C:\WINDOWS\System32\6D6242.dll (file missing)
O2 - BHO: C:\WINDOWS\System32\7763A8.dll - {947254B5-96F3-4A9D-FF34-8466477D897C} - C:\WINDOWS\System32\7763A8.dll (file missing)
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - HKCU\..\Run: [WinUpgrade] C:\WINDOWS\System32\z2523503609.exe
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
po zaškrtnutí klikni na FixChecked
Návod najdeš zde na Mwav a log z něho jak už bylo vzpomínáno by se hodil.
Ještě dotaz proč sem nevložíš hlavičku logu z HJT?
-
stepní vlk
- nováček
- Příspěvky: 6
- Registrován: prosinec 06
- Pohlaví:
- Stav:
Offline
log z mwawu:
Sat Dec 16 13:18:46 2006 => ERROR!!! Invalid Entry {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %system%\webcheck.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
Sat Dec 16 13:18:50 2006 => ERROR!!! Invalid Entry StubPath = C:\WINDOWS\SYSTEM\Rundll32.exe C:\WINDOWS\SYSTEM32\mscories.dll,Install (in key SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}). No Action Taken.
Sat Dec 16 13:18:51 2006 => ERROR!!! Invalid Entry StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf (in key SOFTWARE\Microsoft\Active Setup\Installed Components\{CA0A4247-44BE-11d1-A005-00805F8ABE06}). No Action Taken.
Sat Dec 16 13:21:48 2006 => ERROR!!! Invalid Entry C:\WINDOWS\System32\plusservices.exe in SYSTEM\CurrentControlSet\Services\PlusService...
Sat Dec 16 13:21:49 2006 => ERROR!!! Invalid Entry \??\C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator\sp_rsdrv2.sys in SYSTEM\CurrentControlSet\Services\sp_rsdrv2...
Sat Dec 16 13:21:51 2006 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Sat Dec 16 13:21:51 2006 => ***** Scanning Registry and File system for Adware/Spyware *****
Sat Dec 16 13:21:51 2006 => Loading Spyware Signatures from new External Database (Size: 190958).
Sat Dec 16 13:21:51 2006 => Indexed Spyware Databases Successfully Created...
Sat Dec 16 13:22:02 2006 => Offending Key found: HKLM\Software\magnet !!!
Sat Dec 16 13:22:14 2006 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Dec 16 13:22:16 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\time zones !!!
Sat Dec 16 13:22:16 2006 => Object "win32.passma Virus" found in File System! Action Taken: No Action Taken.
Sat Dec 16 13:22:16 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\urls !!!
Sat Dec 16 13:22:16 2006 => Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Sat Dec 16 13:22:16 2006 => Poisoned DNS Server Entry 85.255.112.69 (85.255.112.*) found!!!
Sat Dec 16 13:22:16 2006 => Object "UnSpyPC adware" found in File System! Action Taken: No Action Taken.
Sat Dec 16 13:22:20 2006 => Offending Folder found: C:\WINDOWS\System32\smartshopper
Sat Dec 16 13:22:20 2006 => Object "hotbar.shopperreports Toolbar" found in File System! Action Taken: No Action Taken.
Sat Dec 16 13:22:33 2006 => Checking CLSID Reference Entries...
Sat Dec 16 13:22:33 2006 => Entry "HKCR\602Text.Backup" refers to invalid object "{45068E61-1257-101B-897A-04021C007002}". Action Taken: No Action Taken.
Sat Dec 16 13:22:33 2006 => Entry "HKCR\602Text.Document" refers to invalid object "{45068E61-1257-101B-897A-04021C007002}". Action Taken: No Action Taken.
Sat Dec 16 13:22:33 2006 => Entry "HKCR\602Text.Macro" refers to invalid object "{45068E61-1257-101B-897A-04021C007002}". Action Taken: No Action Taken.
Sat Dec 16 13:22:33 2006 => Entry "HKCR\602Text.t602" refers to invalid object "{45068E61-1257-101B-897A-04021C007002}". Action Taken: No Action Taken.
Sat Dec 16 13:22:33 2006 => Entry "HKCR\602Text.Template" refers to invalid object "{45068E61-1257-101B-897A-04021C007002}". Action Taken: No Action Taken.
Sat Dec 16 13:22:34 2006 => Entry "HKCR\Callisto.Dokument" refers to invalid object "{FA176570-AB7E-11CF-B92E-00608CC1C249}". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Entry "HKCR\TAB.TabCtrl.1" refers to invalid object "{9C50CF64-F4EA-11CF-8D6E-444553540000}". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Checking Module Usage Entries...
Sat Dec 16 13:22:36 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\danim.dll". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\ddrawex.dll". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\quartz.dll". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Checking User Trusted External App Entries...
Sat Dec 16 13:22:36 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\PROGRA~1\QUICKT~1\PictureViewer.exe". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""D:\data\cdw32.exe"". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblaunch.exe". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmfwlaunch.exe". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Checking Shared DLL Entries...
Sat Dec 16 13:22:38 2006 => Checking Installer Entries...
Sat Dec 16 13:22:39 2006 => Checking Shared Tools Entries...
Sat Dec 16 13:22:39 2006 => Checking File Extension Entries...
Sat Dec 16 13:22:39 2006 => Checking Application Cache Entries...
Sat Dec 16 13:22:39 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Winamp". Action Taken: No Action Taken.
Sat Dec 16 14:01:09 2006 => ERROR!!! Invalid Entry StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf (in key SOFTWARE\Microsoft\Active Setup\Installed Components\{CA0A4247-44BE-11d1-A005-00805F8ABE06}). No Action Taken.
Sat Dec 16 14:01:09 2006 => ERROR!!! Invalid Entry StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf (in key SOFTWARE\Microsoft\Active Setup\Installed Components\{CA0A4247-44BE-11d1-A005-00805F8ABE06}). No Action Taken.
Entry "HKCR\A3d" refers to invalid object "{d8f1eee0-f634-11cf-8700-00a0245d918b}". Action Taken: No Action Taken.
Sat Dec 16 14:06:29 2006 => Entry "HKCR\A3dApi" refers to invalid object "{92FA2C24-253C-11d2-90FB-006008A1F441}". Action Taken: No Action Taken.
Sat Dec 16 14:06:29 2006 => Entry "HKCR\A3dDAL" refers to invalid object "{442D12A1-2641-11d2-90FB-006008A1F441}". Action Taken: No Action Taken.
Sat Dec 16 14:06:32 2006 => Entry "HKCR\R2ctNS.R2ctlNS" refers to invalid object "{4B4B40F0-C9DF-11D4-AA54-00104B49C4F0}". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCR\WMMP.MediaInfo" refers to invalid object "{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCR\WMMP.MediaInfo.1" refers to invalid object "{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCR\WMMP.Player" refers to invalid object "{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCR\WMMP.Player.1" refers to invalid object "{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCR\WMMP.Playlist" refers to invalid object "{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCR\WMMP.Playlist.1" refers to invalid object "{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}". Action Taken: No Action Taken.
Checking Module Usage Entries...
Sat Dec 16 14:06:33 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\danim.dll". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\ddrawex.dll". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\quartz.dll". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Checking User Trusted External App Entries...
Sat Dec 16 14:06:33 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\PROGRA~1\QUICKT~1\PictureViewer.exe". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""D:\data\cdw32.exe"". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblaunch.exe". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmfwlaunch.exe". Action Taken: No Action Taken.
57 2006 => Total Objects Scanned: 24283
Sat Dec 16 14:09:57 2006 => Total Critical Objects: 5
Sat Dec 16 14:09:57 2006 => Total Disinfected Objects: 0
Sat Dec 16 14:09:57 2006 => Total Objects Renamed: 0
Sat Dec 16 14:09:57 2006 => Total Deleted Objects: 0
Sat Dec 16 14:09:57 2006 => Total Errors: 24
Sat Dec 16 14:09:57 2006 => Time Elapsed: 00:10:01
Sat Dec 16 14:09:57 2006 => Virus Database Date: 12/11/2006
Sat Dec 16 14:09:57 2006 => Virus Database Count: 253817
Sat Dec 16 14:09:57 2006 => Scan Completed.
reklama už zmizela, tak nevím
Sat Dec 16 13:18:46 2006 => ERROR!!! Invalid Entry {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %system%\webcheck.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
Sat Dec 16 13:18:50 2006 => ERROR!!! Invalid Entry StubPath = C:\WINDOWS\SYSTEM\Rundll32.exe C:\WINDOWS\SYSTEM32\mscories.dll,Install (in key SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}). No Action Taken.
Sat Dec 16 13:18:51 2006 => ERROR!!! Invalid Entry StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf (in key SOFTWARE\Microsoft\Active Setup\Installed Components\{CA0A4247-44BE-11d1-A005-00805F8ABE06}). No Action Taken.
Sat Dec 16 13:21:48 2006 => ERROR!!! Invalid Entry C:\WINDOWS\System32\plusservices.exe in SYSTEM\CurrentControlSet\Services\PlusService...
Sat Dec 16 13:21:49 2006 => ERROR!!! Invalid Entry \??\C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator\sp_rsdrv2.sys in SYSTEM\CurrentControlSet\Services\sp_rsdrv2...
Sat Dec 16 13:21:51 2006 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Sat Dec 16 13:21:51 2006 => ***** Scanning Registry and File system for Adware/Spyware *****
Sat Dec 16 13:21:51 2006 => Loading Spyware Signatures from new External Database (Size: 190958).
Sat Dec 16 13:21:51 2006 => Indexed Spyware Databases Successfully Created...
Sat Dec 16 13:22:02 2006 => Offending Key found: HKLM\Software\magnet !!!
Sat Dec 16 13:22:14 2006 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Dec 16 13:22:16 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\time zones !!!
Sat Dec 16 13:22:16 2006 => Object "win32.passma Virus" found in File System! Action Taken: No Action Taken.
Sat Dec 16 13:22:16 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\urls !!!
Sat Dec 16 13:22:16 2006 => Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Sat Dec 16 13:22:16 2006 => Poisoned DNS Server Entry 85.255.112.69 (85.255.112.*) found!!!
Sat Dec 16 13:22:16 2006 => Object "UnSpyPC adware" found in File System! Action Taken: No Action Taken.
Sat Dec 16 13:22:20 2006 => Offending Folder found: C:\WINDOWS\System32\smartshopper
Sat Dec 16 13:22:20 2006 => Object "hotbar.shopperreports Toolbar" found in File System! Action Taken: No Action Taken.
Sat Dec 16 13:22:33 2006 => Checking CLSID Reference Entries...
Sat Dec 16 13:22:33 2006 => Entry "HKCR\602Text.Backup" refers to invalid object "{45068E61-1257-101B-897A-04021C007002}". Action Taken: No Action Taken.
Sat Dec 16 13:22:33 2006 => Entry "HKCR\602Text.Document" refers to invalid object "{45068E61-1257-101B-897A-04021C007002}". Action Taken: No Action Taken.
Sat Dec 16 13:22:33 2006 => Entry "HKCR\602Text.Macro" refers to invalid object "{45068E61-1257-101B-897A-04021C007002}". Action Taken: No Action Taken.
Sat Dec 16 13:22:33 2006 => Entry "HKCR\602Text.t602" refers to invalid object "{45068E61-1257-101B-897A-04021C007002}". Action Taken: No Action Taken.
Sat Dec 16 13:22:33 2006 => Entry "HKCR\602Text.Template" refers to invalid object "{45068E61-1257-101B-897A-04021C007002}". Action Taken: No Action Taken.
Sat Dec 16 13:22:34 2006 => Entry "HKCR\Callisto.Dokument" refers to invalid object "{FA176570-AB7E-11CF-B92E-00608CC1C249}". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Entry "HKCR\TAB.TabCtrl.1" refers to invalid object "{9C50CF64-F4EA-11CF-8D6E-444553540000}". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Checking Module Usage Entries...
Sat Dec 16 13:22:36 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\danim.dll". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\ddrawex.dll". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\quartz.dll". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Checking User Trusted External App Entries...
Sat Dec 16 13:22:36 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\PROGRA~1\QUICKT~1\PictureViewer.exe". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""D:\data\cdw32.exe"". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblaunch.exe". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmfwlaunch.exe". Action Taken: No Action Taken.
Sat Dec 16 13:22:36 2006 => Checking Shared DLL Entries...
Sat Dec 16 13:22:38 2006 => Checking Installer Entries...
Sat Dec 16 13:22:39 2006 => Checking Shared Tools Entries...
Sat Dec 16 13:22:39 2006 => Checking File Extension Entries...
Sat Dec 16 13:22:39 2006 => Checking Application Cache Entries...
Sat Dec 16 13:22:39 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Winamp". Action Taken: No Action Taken.
Sat Dec 16 14:01:09 2006 => ERROR!!! Invalid Entry StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf (in key SOFTWARE\Microsoft\Active Setup\Installed Components\{CA0A4247-44BE-11d1-A005-00805F8ABE06}). No Action Taken.
Sat Dec 16 14:01:09 2006 => ERROR!!! Invalid Entry StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf (in key SOFTWARE\Microsoft\Active Setup\Installed Components\{CA0A4247-44BE-11d1-A005-00805F8ABE06}). No Action Taken.
Entry "HKCR\A3d" refers to invalid object "{d8f1eee0-f634-11cf-8700-00a0245d918b}". Action Taken: No Action Taken.
Sat Dec 16 14:06:29 2006 => Entry "HKCR\A3dApi" refers to invalid object "{92FA2C24-253C-11d2-90FB-006008A1F441}". Action Taken: No Action Taken.
Sat Dec 16 14:06:29 2006 => Entry "HKCR\A3dDAL" refers to invalid object "{442D12A1-2641-11d2-90FB-006008A1F441}". Action Taken: No Action Taken.
Sat Dec 16 14:06:32 2006 => Entry "HKCR\R2ctNS.R2ctlNS" refers to invalid object "{4B4B40F0-C9DF-11D4-AA54-00104B49C4F0}". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCR\WMMP.MediaInfo" refers to invalid object "{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCR\WMMP.MediaInfo.1" refers to invalid object "{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCR\WMMP.Player" refers to invalid object "{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCR\WMMP.Player.1" refers to invalid object "{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCR\WMMP.Playlist" refers to invalid object "{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCR\WMMP.Playlist.1" refers to invalid object "{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}". Action Taken: No Action Taken.
Checking Module Usage Entries...
Sat Dec 16 14:06:33 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\danim.dll". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\ddrawex.dll". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:\WINDOWS\SYSTEM\quartz.dll". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Checking User Trusted External App Entries...
Sat Dec 16 14:06:33 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\PROGRA~1\QUICKT~1\PictureViewer.exe". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""D:\data\cdw32.exe"". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblaunch.exe". Action Taken: No Action Taken.
Sat Dec 16 14:06:33 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmfwlaunch.exe". Action Taken: No Action Taken.
57 2006 => Total Objects Scanned: 24283
Sat Dec 16 14:09:57 2006 => Total Critical Objects: 5
Sat Dec 16 14:09:57 2006 => Total Disinfected Objects: 0
Sat Dec 16 14:09:57 2006 => Total Objects Renamed: 0
Sat Dec 16 14:09:57 2006 => Total Deleted Objects: 0
Sat Dec 16 14:09:57 2006 => Total Errors: 24
Sat Dec 16 14:09:57 2006 => Time Elapsed: 00:10:01
Sat Dec 16 14:09:57 2006 => Virus Database Date: 12/11/2006
Sat Dec 16 14:09:57 2006 => Virus Database Count: 253817
Sat Dec 16 14:09:57 2006 => Scan Completed.
reklama už zmizela, tak nevím
-
stepní vlk
- nováček
- Příspěvky: 6
- Registrován: prosinec 06
- Pohlaví:
- Stav:
Offline
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Stáhni si CCleaner a pročisti jím pc.
V logu mwav byl zmíněn ještě wareout tak zkus použít ještě Fixwareout
Stáhni si Fixwareout.
Restartuj do nouzáku a spusť Fixwareout, klikni na Next, potom na Install, zvolíš možnost Run fixit a klikni na Finish.
▪ Začne čistící proces a ty postupuj dle instrukcí.
▪ V případě odolnějších variant je vyžadován restart počítače, takže restartuj.
▪ Počítač může trochu déle nabíhat, po vstupu do Windows by mělo vyběhnout okno s logem z Fixwareoutu, tento log vloží zde do fóra a zároveň vlož nový log z HJT. Jestliže se výpis neobjeví, najdeš jej v C:\fixwareout\report.txt
Co všechno jsi vymazal co našel Mwav?
V logu mwav byl zmíněn ještě wareout tak zkus použít ještě Fixwareout
Stáhni si Fixwareout.
Restartuj do nouzáku a spusť Fixwareout, klikni na Next, potom na Install, zvolíš možnost Run fixit a klikni na Finish.
▪ Začne čistící proces a ty postupuj dle instrukcí.
▪ V případě odolnějších variant je vyžadován restart počítače, takže restartuj.
▪ Počítač může trochu déle nabíhat, po vstupu do Windows by mělo vyběhnout okno s logem z Fixwareoutu, tento log vloží zde do fóra a zároveň vlož nový log z HJT. Jestliže se výpis neobjeví, najdeš jej v C:\fixwareout\report.txt
Co všechno jsi vymazal co našel Mwav?
-
stepní vlk
- nováček
- Příspěvky: 6
- Registrován: prosinec 06
- Pohlaví:
- Stav:
Offline
Fixwareout
Last edited 12/06/2006
Post this report in the forums please
...
Prerun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""
...
...
Reg Entries that were deleted
...
Random Runs removed from HKLM
...
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
»»»»»
log z fixwareout,
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects.
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.
...
Postrun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""
...
hjthis
Logfile of HijackThis v1.99.1
Scan saved at 16:04:59, on 20.12.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\Wzqkpick.exe
C:\DOCUME~1\zdenek\LOCALS~1\Temp\mexe.com
C:\DOCUME~1\zdenek\LOCALS~1\Temp\ScanningProcess.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\zdenek\Plocha\anti\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.mht
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.seznam.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: HPFPro.lnk = C:\Program Files\Hurricanesoft\Hurricanesoft Personal Firewall Pro\HPF.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .MP3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .tga: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O20 - AppInit_DLLs: 391231M.BMP
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
bohužel se mi ta reklama opět vrátila, nem§že to být od microsoftu nakonec
Last edited 12/06/2006
Post this report in the forums please
...
Prerun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""
...
...
Reg Entries that were deleted
...
Random Runs removed from HKLM
...
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
»»»»»
log z fixwareout,
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects.
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.
...
Postrun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""
...
hjthis
Logfile of HijackThis v1.99.1
Scan saved at 16:04:59, on 20.12.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\Wzqkpick.exe
C:\DOCUME~1\zdenek\LOCALS~1\Temp\mexe.com
C:\DOCUME~1\zdenek\LOCALS~1\Temp\ScanningProcess.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\zdenek\Plocha\anti\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.mht
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.seznam.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.seznam.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: HPFPro.lnk = C:\Program Files\Hurricanesoft\Hurricanesoft Personal Firewall Pro\HPF.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O12 - Plugin for .MP3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .tga: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O20 - AppInit_DLLs: 391231M.BMP
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
bohužel se mi ta reklama opět vrátila, nem§že to být od microsoftu nakonec
Tohle nech zkontrolovat na Virustotallu:
391231M.BMP - ten soubor budeš muset najít.
Pro lepší nalezení si zapni Zobrazovat skryté a systémové soubory.
A zkopíruj sem výsledek.
Poté spusť znovu HJT a v něm fixni:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.mht
A restartuj PC po restartu sem dej nový log z HJT + výsledek z Virustotallu.
391231M.BMP - ten soubor budeš muset najít.
Pro lepší nalezení si zapni Zobrazovat skryté a systémové soubory.
A zkopíruj sem výsledek.
Poté spusť znovu HJT a v něm fixni:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.mht
A restartuj PC po restartu sem dej nový log z HJT + výsledek z Virustotallu.
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 1 host