PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

prosba o pomoc vir

https://pc-help.cnews.cz/viewtopic.php?f=70&t=30438

Stránka 1 z 2

prosba o pomoc vir

Napsal: 22 srp 2008 16:59
od Jarda
zdravím Vás,prosím o pomoc Okno na ploše(nechce ven(vítkáči))furt to na mě chceabych koupilantivirus xp2008

přidávám log z HJL

Jinak jsem trubka co se systémů týká,nerad bych si něco vymazal,a ještě k tomu neumím anglicky(za nás se učila ruština :(
pomůžete mi prosím??
díky
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:41:04, on 22.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Autodesk Architectural Desktop 2007\FlexLM\lmgrd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Autodesk Architectural Desktop 2007\FlexLM\lmgrd.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Autodesk Architectural Desktop 2007\FlexLM\adskflex.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\system32\lphcctnj0et1t.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\rhc9tnj0et1t\rhc9tnj0et1t.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\WINDOWS\system32\pphcctnj0et1t.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\PROGRA~1\PREISP~1\PREISP~1\IEBUTT~3.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\PREISP~1\PREISP~1\IEBUTT~2.DLL
O2 - BHO: Preispiraten 4 - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\PROGRA~1\PREISP~1\PREISP~1\IEBUTT~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [lphcctnj0et1t] C:\WINDOWS\system32\lphcctnj0et1t.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [SMrhc9tnj0et1t] C:\Program Files\rhc9tnj0et1t\rhc9tnj0et1t.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Preispiraten\\Preispiraten4\\preispiraten.html
O8 - Extra context menu item: amazon Suche - C:\Program Files\Preispiraten\Preispiraten4\Searchamazon.htm
O8 - Extra context menu item: amazon Suche starten - C:\Program Files\Preispiraten\Preispiraten4\Searchamazon.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: eBay - Mein eBay - C:\Program Files\Preispiraten\Preispiraten4\SearchEbaymein.htm
O8 - Extra context menu item: eBay - Powersuche - C:\Program Files\Preispiraten\Preispiraten4\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Startseite - C:\Program Files\Preispiraten\Preispiraten4\SearchEbay.htm
O8 - Extra context menu item: eBay Suche starten - C:\Program Files\Preispiraten\Preispiraten4\SearchEbay.htm
O8 - Extra context menu item: Google Suche - C:\Program Files\Preispiraten\Preispiraten4\SearchGoogle.htm
O8 - Extra context menu item: Google Suche starten - C:\Program Files\Preispiraten\Preispiraten4\SearchGoogle.htm
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Preispiraten 4 - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten\Preispiraten4\preispiraten3ie.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://88.102.1.248/cab/OCXChecker_6110.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Flexlm Service 1 - Macrovision Corporation - C:\Program Files\Autodesk Architectural Desktop 2007\FlexLM\lmgrd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

--
End of file - 10549 bytes

Re: prosba o pomoc vir

Napsal: 22 srp 2008 17:36
od fredik
Vítej na fóru

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware a Launch Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Re: prosba o pomoc vir

Napsal: 22 srp 2008 17:47
od Jarda
díky chlape,je to pjeknej maskr hmm :o


Malwarebytes' Anti-Malware 1.25
Verze databáze: 1076
Windows 5.1.2600 Service Pack 2

17:41:26 22.8.2008
mbam-log-08-22-2008 (17-41-10).txt

Typ skenu: Rychlý sken
Objektu skenováno: 47686
Uplynulý cas: 1 minute(s), 46 second(s)

Infikované procesy pameti: 3
Infikované pametové moduly: 3
Infikované klíce registru: 4
Infikované hodnoty registru: 6
Infikované položky dat registru: 2
Infikované složky: 13
Infikované soubory: 29

Infikované procesy pameti:
C:\Program Files\rhc9tnj0et1t\rhc9tnj0et1t.exe (Rogue.Multiple) -> No action taken.
C:\WINDOWS\system32\lphcctnj0et1t.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\pphcctnj0et1t.exe (Trojan.FakeAlert) -> No action taken.

Infikované pametové moduly:
C:\Program Files\rhc9tnj0et1t\MFC71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc9tnj0et1t\msvcp71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc9tnj0et1t\msvcr71.dll (Rogue.Multiple) -> No action taken.

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\SEC (Rogue.SecureExpertCleaner) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc9tnj0et1t (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc9tnj0et1t (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc9tnj0et1t (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcctnj0et1t (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
C:\Program Files\Microsoft Security Adviser (Trojan.Downloader) -> No action taken.
C:\Program Files\rhc9tnj0et1t (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine\Packages (Rogue.Multiple) -> No action taken.

Infikované soubory:
C:\Program Files\Microsoft Security Adviser\msctrl.log (Trojan.Downloader) -> No action taken.
C:\Program Files\Microsoft Security Adviser\mssadv.log (Trojan.Downloader) -> No action taken.
C:\Program Files\Microsoft Security Adviser\mssadv_sp.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Microsoft Security Adviser\mssadv_sp.log (Trojan.Downloader) -> No action taken.
C:\Program Files\rhc9tnj0et1t\database.dat (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc9tnj0et1t\license.txt (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc9tnj0et1t\MFC71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc9tnj0et1t\MFC71ENU.DLL (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc9tnj0et1t\msvcp71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc9tnj0et1t\msvcr71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc9tnj0et1t\rhc9tnj0et1t.exe (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc9tnj0et1t\rhc9tnj0et1t.exe.local (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc9tnj0et1t\Uninstall.exe (Rogue.Multiple) -> No action taken.
C:\WINDOWS\system32\lphcctnj0et1t.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phcctnj0et1t.bmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\pphcctnj0et1t.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Plocha\Antivirus XP 2008.lnk (Rogue.Antivirus) -> No action taken.
C:\Documents and Settings\Jarda\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\Jarda\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Jarda\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Jarda\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Jarda\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Jarda\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Jarda\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Jarda\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Jarda\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Jarda\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Jarda\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Jarda\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> No action taken.

Re: prosba o pomoc vir

Napsal: 22 srp 2008 18:14
od fredik
Ten SPYWAREfighter sis tam nainstaloval sám? Pokud ho nějak nutně nepotřebuješ tak ho odinstaluj.

Spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results (Zobrazit výsledky)
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected (Odstranit vybrané)
- když skončí odstraňování tak se ti zobrazí log, vlož ho sem
- pak zvol v programu OK a pak program ukonči přes Exit

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Doporučil bych ti aktualizovat Javu:
- Stáhni si poslední verzi Java Runtime Environment (JRE) 6 Update 7
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 7 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation
Obrázek
a ulož si ho na disk

- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 8
    Java 2 Runtime Environment, SE v1.4.2
- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u7-windows-i586-p.exe, který sis stáhl na začátku

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Dej sem pak také i nový log z HJT.

Re: prosba o pomoc vir

Napsal: 22 srp 2008 18:23
od Jarda
UFF díky
jdu na to,předtím si ale musím zajet pro cigára budeš tu pak ještě???
zatím dík,doufám že to zvládnu :o

Re: prosba o pomoc vir

Napsal: 22 srp 2008 18:31
od Jarda
netuším kde --jre-6u7-windows-i586-p.exe najdu,pokoušel jsem se o obnovu ale ta se jaksi... t někde najdu nebo mám, znova???
dík

Re: prosba o pomoc vir

Napsal: 22 srp 2008 18:57
od Jarda
Malwarebytes' Anti-Malware 1.25
Verze databáze: 1076
Windows 5.1.2600 Service Pack 2

18:51:06 22.8.2008
mbam-log-08-22-2008 (18-51-06).txt

Typ skenu: Rychlý sken
Objektu skenováno: 48368
Uplynulý cas: 1 minute(s), 48 second(s)

Infikované procesy pameti: 3
Infikované pametové moduly: 3
Infikované klíce registru: 4
Infikované hodnoty registru: 6
Infikované položky dat registru: 2
Infikované složky: 13
Infikované soubory: 29

Infikované procesy pameti:
C:\Program Files\rhc9tnj0et1t\rhc9tnj0et1t.exe (Rogue.Multiple) -> Unloaded process successfully.
C:\WINDOWS\system32\lphcctnj0et1t.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\pphcctnj0et1t.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Infikované pametové moduly:
C:\Program Files\rhc9tnj0et1t\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc9tnj0et1t\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhc9tnj0et1t\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc9tnj0et1t (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc9tnj0et1t (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc9tnj0et1t (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcctnj0et1t (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
C:\Program Files\Microsoft Security Adviser (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\rhc9tnj0et1t (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Data aplikací\rhc9tnj0et1t\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Program Files\Microsoft Security Adviser\msctrl.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\mssadv.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\mssadv_sp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\mssadv_sp.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\rhc9tnj0et1t\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc9tnj0et1t\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc9tnj0et1t\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc9tnj0et1t\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc9tnj0et1t\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc9tnj0et1t\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc9tnj0et1t\rhc9tnj0et1t.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc9tnj0et1t\rhc9tnj0et1t.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc9tnj0et1t\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcctnj0et1t.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcctnj0et1t.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcctnj0et1t.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Plocha\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jarda\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

Re: prosba o pomoc vir

Napsal: 22 srp 2008 19:18
od Jarda
chlape zmizelo to, velké díky
nový log z HJT omrkni prosím

JEŠTĚ JEDNOU DÍK :D



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:19, on 22.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Autodesk Architectural Desktop 2007\FlexLM\lmgrd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Autodesk Architectural Desktop 2007\FlexLM\lmgrd.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Autodesk Architectural Desktop 2007\FlexLM\adskflex.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\PROGRA~1\PREISP~1\PREISP~1\IEBUTT~3.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\PREISP~1\PREISP~1\IEBUTT~2.DLL
O2 - BHO: Preispiraten 4 - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\PROGRA~1\PREISP~1\PREISP~1\IEBUTT~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Preispiraten\\Preispiraten4\\preispiraten.html
O8 - Extra context menu item: amazon Suche - C:\Program Files\Preispiraten\Preispiraten4\Searchamazon.htm
O8 - Extra context menu item: amazon Suche starten - C:\Program Files\Preispiraten\Preispiraten4\Searchamazon.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: eBay - Mein eBay - C:\Program Files\Preispiraten\Preispiraten4\SearchEbaymein.htm
O8 - Extra context menu item: eBay - Powersuche - C:\Program Files\Preispiraten\Preispiraten4\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Startseite - C:\Program Files\Preispiraten\Preispiraten4\SearchEbay.htm
O8 - Extra context menu item: eBay Suche starten - C:\Program Files\Preispiraten\Preispiraten4\SearchEbay.htm
O8 - Extra context menu item: Google Suche - C:\Program Files\Preispiraten\Preispiraten4\SearchGoogle.htm
O8 - Extra context menu item: Google Suche starten - C:\Program Files\Preispiraten\Preispiraten4\SearchGoogle.htm
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Preispiraten 4 - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten\Preispiraten4\preispiraten3ie.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://88.102.1.248/cab/OCXChecker_6110.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Flexlm Service 1 - Macrovision Corporation - C:\Program Files\Autodesk Architectural Desktop 2007\FlexLM\lmgrd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 9969 bytes

Re: prosba o pomoc vir

Napsal: 22 srp 2008 20:22
od fredik
Spusť znovu HijackThis a zaškrtni v něm čtverečky před řádky:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
po zaškrtnutí klikni na tlačítko Fix Checked

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Můžeš případně pročisti Pc od dočasných souborů např. pomocí: CCleaner

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pro lepší zabezpečení bych ti doporučil doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině (nepoužít jeho malware scaner, nebo přes něj odstranit co najde)

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pokud nemáš další problémy, tak nemáš za co. Kdyby nějaký byl tak dej vědět. Obrázek

Re: prosba o pomoc vir

Napsal: 22 srp 2008 20:56
od Jarda
Ahoj
malwerem jsem udělal kompletní scan a ve volume to našlo nějaké trojany tak sem je dal odstranit,pak jsem udělal viz víše snad dobrý.díky moc za pomoc

Re: prosba o pomoc vir

Napsal: 23 srp 2008 09:26
od fredik
Můžeš vypnout/zapnout obnovu systému, tím odstraníš všechny staré body obnovy systému, ale zas pokud by jsi chtěl někdy použít tak budeš mít jen aktuální body obnovy.

Vypni obnovu systému:
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
control sysdm.cpl,,4
a dej Ok
- Otevře se ti okno na záložce Obnovení systému a tam zaškrtni možnost Vypnout nástroj Obnova systému na všech jednotkách a klikni na tlačítko Ok.
- počkej až se provede a pak ji můžeš opačným postupem zapnout zpět.

Re: prosba o pomoc vir

Napsal: 24 srp 2008 18:17
od Jarda
ahoj

všechno vypadalo OK ale mam problemek
nefungují mě miniatury seznam i podrobnosti posluchaj ale jak kliknu na miniatury tak jsou furt jen ikony :-(
chtěl jsem zpracovat hafo karet s fotkama a musím všechno rozklikávat abych se podíval co tam je

nevíte co s tím ????

Díky
Časové pásmo: UTC+02:00
Stránka 1 z 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/