Zdravim, mám problém, jako domácí stránka se mi otvírá tento odkaz http://www.securityuptodate.com/. Standartním způsobem nelze přenastavit, protože se vždy nastaví ta samá strana v nastavení Domovská stránka se píše "about:blank".
Navíc se mi neustále objevuje nějaké hlášení o spyware. Neznáte nějaký způsob jak se toho zbavit?
Přidávám log z HiJackthis
-----------------------------
Logfile of HijackThis v1.99.1
Scan saved at 14:55:32, on 6.5.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\Geo\Local Settings\Temp\Dočasný adresář 3 pro hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp97F9.tmp
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O16 - DPF: CW App KB R9 - https://www.mojebanka.cz/jars/cwapp.cab
O16 - DPF: IB App KB R9 - https://www.mojebanka.cz/jars/ibapp.cab
O16 - DPF: KB KTpro Pack - https://www.mojebanka.cz/jars/kt_pro_v1101.cab
O16 - DPF: KB SH Pack - https://www.mojebanka.cz/jars/sh_pack.cab
O16 - DPF: KTPro SP KB R9 - https://www.mojebanka.cz/jars/ktpsp.cab
O16 - DPF: MIB Pack - https://www.mojebanka.cz/jars/mib_pack_v1400.cab
O16 - DPF: SH App KB R9 - https://www.mojebanka.cz/jars/shapp.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
O16 - DPF: {4B6E3013-6E45-11D0-9309-0020AFE05CC8} (BS Contact VRML Control) - http://www.bitmanagement.de/download/ca ... t_VRML.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installer ... taller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{74606455-D342-48A5-8589-8E3BE181DD6C}: NameServer = 192.168.1.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{88DBF224-ABAE-494D-AC9B-5D5FE997484B}: NameServer = 192.168.1.138
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
/příspěvek oddělen jako samostatný, ať se nemíchají 2 problémy
/mikel
Nejde změnit domovská stránka securityuptodate.com
- mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
V první řadě odinstaluj SpyFalcon. To není antispyware ale spyware. Jen se tváří, jako dobrý program. V linku Důležité... mám osvědčené programy proti spywaru.
Stáhni si a nainstaluj Service Pack 2, stáhni si Ccleaner (návod + čeština) a nainstaluj.
Až to budeš mít, vypni všechny browsery (proto si toto raději vytiskni), spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp97F9.tmp
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installer ... taller.cab
po zaškrtnutí klikni na FixChecked
Tuhle službu zastav ve Službách systému Windows:
nabídka Start>>Spustit- do okénka napiš services.msc a zmáčkni Enter.
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
označíš příslušný řádek a pravým myšítkem přepni na ručně nebo zakázáno.
Vyhledej na disku (musíš mít v Možnostech složky povoleno Zobrazování skrytých a systémových souborů) tyto soubory a vymaž je:
C:\WINDOWS\System32\hp97F9.tmp
C:\Program Files\SpyFalcon\SpyFalcon.exe /h - možná po odinstalování Falcona už neexistuje(?)
Spusť Ccleaner a dej vyčistit windows, aplikace i registry. Potom nakoukni do složek Temp a Temporary Internet Files ve všech profilech Documents and Settings a Windows, vyprázdni je a vysyp koš. Restartuj a dej nový log
Stáhni si a nainstaluj Service Pack 2, stáhni si Ccleaner (návod + čeština) a nainstaluj.
Až to budeš mít, vypni všechny browsery (proto si toto raději vytiskni), spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp97F9.tmp
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing)
O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installer ... taller.cab
po zaškrtnutí klikni na FixChecked
Tuhle službu zastav ve Službách systému Windows:
nabídka Start>>Spustit- do okénka napiš services.msc a zmáčkni Enter.
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
označíš příslušný řádek a pravým myšítkem přepni na ručně nebo zakázáno.
Vyhledej na disku (musíš mít v Možnostech složky povoleno Zobrazování skrytých a systémových souborů) tyto soubory a vymaž je:
C:\WINDOWS\System32\hp97F9.tmp
C:\Program Files\SpyFalcon\SpyFalcon.exe /h - možná po odinstalování Falcona už neexistuje(?)
Spusť Ccleaner a dej vyčistit windows, aplikace i registry. Potom nakoukni do složek Temp a Temporary Internet Files ve všech profilech Documents and Settings a Windows, vyprázdni je a vysyp koš. Restartuj a dej nový log
tak tu je dalsi log
Logfile of HijackThis v1.99.1
Scan saved at 19:39:23, on 6.5.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\Geo\Local Settings\Temp\Dočasný adresář 1 pro hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O16 - DPF: CW App KB R9 - https://www.mojebanka.cz/jars/cwapp.cab
O16 - DPF: IB App KB R9 - https://www.mojebanka.cz/jars/ibapp.cab
O16 - DPF: KB KTpro Pack - https://www.mojebanka.cz/jars/kt_pro_v1101.cab
O16 - DPF: KB SH Pack - https://www.mojebanka.cz/jars/sh_pack.cab
O16 - DPF: KTPro SP KB R9 - https://www.mojebanka.cz/jars/ktpsp.cab
O16 - DPF: MIB Pack - https://www.mojebanka.cz/jars/mib_pack_v1400.cab
O16 - DPF: SH App KB R9 - https://www.mojebanka.cz/jars/shapp.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
O16 - DPF: {4B6E3013-6E45-11D0-9309-0020AFE05CC8} (BS Contact VRML Control) - http://www.bitmanagement.de/download/ca ... t_VRML.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{74606455-D342-48A5-8589-8E3BE181DD6C}: NameServer = 192.168.1.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{88DBF224-ABAE-494D-AC9B-5D5FE997484B}: NameServer = 192.168.1.138
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Scan saved at 19:39:23, on 6.5.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\Geo\Local Settings\Temp\Dočasný adresář 1 pro hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O16 - DPF: CW App KB R9 - https://www.mojebanka.cz/jars/cwapp.cab
O16 - DPF: IB App KB R9 - https://www.mojebanka.cz/jars/ibapp.cab
O16 - DPF: KB KTpro Pack - https://www.mojebanka.cz/jars/kt_pro_v1101.cab
O16 - DPF: KB SH Pack - https://www.mojebanka.cz/jars/sh_pack.cab
O16 - DPF: KTPro SP KB R9 - https://www.mojebanka.cz/jars/ktpsp.cab
O16 - DPF: MIB Pack - https://www.mojebanka.cz/jars/mib_pack_v1400.cab
O16 - DPF: SH App KB R9 - https://www.mojebanka.cz/jars/shapp.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
O16 - DPF: {4B6E3013-6E45-11D0-9309-0020AFE05CC8} (BS Contact VRML Control) - http://www.bitmanagement.de/download/ca ... t_VRML.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{74606455-D342-48A5-8589-8E3BE181DD6C}: NameServer = 192.168.1.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{88DBF224-ABAE-494D-AC9B-5D5FE997484B}: NameServer = 192.168.1.138
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Pořád mi v liště sedí měnící se ikona přeškrtlého zákazu vjezdu a invalidy na vozíčku. Nejde to vypnout. A v určitých časových intervalech z toho vyskočí mále info okénko: Your computer is infected, a po kliknuti na to okno me to hodi na http://www.spyfalcon.com.
- mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
Koukni se na tuhle stránku - odkaz SpyFalcon a zkus se tím řídit. Když to nepomůže, tak stáhni si MWAV scaner a projeď komp dle návodu. Nechej skenovat vše (ale potrvá to pěkně dlouho). Potom sem dej výpis i těch "spících" virů i s cestou k nim. Hledej a vyber jen ty řádky, kde se píše o Malware, Spyware, Riskware, Virus a o všem co smrdí:
Příklad:
File C:\WINDOWS\system32\dfrgsrv.exe infected by "Trojan-Downloader.Win32.Zlob.ia" Virus! Action Taken: No Action Taken
nebo
Sat Mar 25 10:52:18 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\ares !!!
Sat Mar 25 10:52:18 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
Příklad:
File C:\WINDOWS\system32\dfrgsrv.exe infected by "Trojan-Downloader.Win32.Zlob.ia" Virus! Action Taken: No Action Taken
nebo
Sat Mar 25 10:52:18 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\ares !!!
Sat Mar 25 10:52:18 2006 => Object "ares Spyware/Adware" found in File System! Action Taken: No Action Taken.
System found infected with funweb Spyware/Adware ({147a976f-eee1-4377-8ea7-4716e4cdd239})! Action taken: No Action Taken.
Offending Folder found: C:\WINDOWS\System32\1024
Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.
Offending file found: C:\WINDOWS\System32\ot.ico
System found infected with smitfraud variant Browser Hijacker (ot.ico)! Action taken: No Action Taken.
Offending file found: C:\WINDOWS\System32\ts.ico
System found infected with smitfraud variant Browser Hijacker (ts.ico)! Action taken: No Action Taken.
Offending file found: C:\Documents and Settings\Geo\Oblíbené položky\antivirus test online.url
System found infected with smitfraud variant Browser Hijacker (antivirus test online.url)! Action taken: No Action Taken.
Offending file found: C:\Documents and Settings\Geo\Nabídka Start\programy\spediabar.lnk
System found infected with spediabar Spyware/Adware (spediabar.lnk)! Action taken: No Action Taken.
Offending file found: C:\Documents and Settings\Geo\Nabídka Start\Programy\spediabar.lnk
System found infected with spediabar Spyware/Adware (spediabar.lnk)! Action taken: No Action Taken.
Offending file found: C:\Documents and Settings\All Users\Nabídka Start\online security guide.url
System found infected with smitfraud variant Browser Hijacker (online security guide.url)! Action taken: No Action Taken.
Offending file found: C:\Documents and Settings\All Users\Nabídka Start\security troubleshooting.url
System found infected with smitfraud variant Browser Hijacker (security troubleshooting.url)! Action taken: No Action Taken.
Scanning File C:\DOCUME~1\Geo\LOCALS~1\Temp\Spyware.sdb
Scanning File C:\Documents and Settings\Geo\Local Settings\Temp\Spyware.sdb
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5c9ed667-6a41ecf3.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-78d6a057-3803ba7c.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-435563f2.zip infected by "Trojan-Downloader.Java.OpenStream.z" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-65a7be48.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-50e8bead-5b76f4e1.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5d45dd39-53b47ee8.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-7ebfe046-7f3606e7.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv588.jar-2915a3cc-24f7d46d.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv588.jar-4a8fa6d9-7bcd3ef1.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv588.jar-7437616e-60f27289.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
Offending Folder found: C:\WINDOWS\System32\1024
Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.
Offending file found: C:\WINDOWS\System32\ot.ico
System found infected with smitfraud variant Browser Hijacker (ot.ico)! Action taken: No Action Taken.
Offending file found: C:\WINDOWS\System32\ts.ico
System found infected with smitfraud variant Browser Hijacker (ts.ico)! Action taken: No Action Taken.
Offending file found: C:\Documents and Settings\Geo\Oblíbené položky\antivirus test online.url
System found infected with smitfraud variant Browser Hijacker (antivirus test online.url)! Action taken: No Action Taken.
Offending file found: C:\Documents and Settings\Geo\Nabídka Start\programy\spediabar.lnk
System found infected with spediabar Spyware/Adware (spediabar.lnk)! Action taken: No Action Taken.
Offending file found: C:\Documents and Settings\Geo\Nabídka Start\Programy\spediabar.lnk
System found infected with spediabar Spyware/Adware (spediabar.lnk)! Action taken: No Action Taken.
Offending file found: C:\Documents and Settings\All Users\Nabídka Start\online security guide.url
System found infected with smitfraud variant Browser Hijacker (online security guide.url)! Action taken: No Action Taken.
Offending file found: C:\Documents and Settings\All Users\Nabídka Start\security troubleshooting.url
System found infected with smitfraud variant Browser Hijacker (security troubleshooting.url)! Action taken: No Action Taken.
Scanning File C:\DOCUME~1\Geo\LOCALS~1\Temp\Spyware.sdb
Scanning File C:\Documents and Settings\Geo\Local Settings\Temp\Spyware.sdb
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5c9ed667-6a41ecf3.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-78d6a057-3803ba7c.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-435563f2.zip infected by "Trojan-Downloader.Java.OpenStream.z" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-28679adb-65a7be48.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-50e8bead-5b76f4e1.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5d45dd39-53b47ee8.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-7ebfe046-7f3606e7.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv588.jar-2915a3cc-24f7d46d.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv588.jar-4a8fa6d9-7bcd3ef1.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv588.jar-7437616e-60f27289.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
- mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
No takže v první řadě - máš nastavené zobrazování skrytých a systémových souborů? Jestli ano, tak vyhledej na disku a smaž tohle všechno červené označené:
C:\WINDOWS\System32\1024 - celou tuhle složku
C:\WINDOWS\System32\ot.ico
C:\WINDOWS\System32\ts.ico
C:\Documents and Settings\Geo\Nabídka Start\programy\spediabar.lnk
C:\Documents and Settings\All Users\Nabídka Start\online security guide.url - tohle může být planý poplach, ale raději smaž
C:\Documents and Settings\All Users\Nabídka Start\security troubleshooting.url - platí i o tomto odkazu
C:\Documents and Settings\Geo\Local Settings\Temp\Spyware.sdb
C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5c9ed667-6a41ecf3.zip - tady bude nejlepší vyprázdnit celou složku jar
Potom projeď komp CCleanerem a vyprázdni všechny Tempy a Temporary Internet Files a koš.
C:\WINDOWS\System32\1024 - celou tuhle složku
C:\WINDOWS\System32\ot.ico
C:\WINDOWS\System32\ts.ico
C:\Documents and Settings\Geo\Nabídka Start\programy\spediabar.lnk
C:\Documents and Settings\All Users\Nabídka Start\online security guide.url - tohle může být planý poplach, ale raději smaž
C:\Documents and Settings\All Users\Nabídka Start\security troubleshooting.url - platí i o tomto odkazu
C:\Documents and Settings\Geo\Local Settings\Temp\Spyware.sdb
C:\Documents and Settings\Geo\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5c9ed667-6a41ecf3.zip - tady bude nejlepší vyprázdnit celou složku jar
Potom projeď komp CCleanerem a vyprázdni všechny Tempy a Temporary Internet Files a koš.
Logfile of HijackThis v1.99.1
Scan saved at 17:35:04, on 7.5.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Geo\Local Settings\Temp\Dočasný adresář 1 pro hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O16 - DPF: CW App KB R9 - https://www.mojebanka.cz/jars/cwapp.cab
O16 - DPF: IB App KB R9 - https://www.mojebanka.cz/jars/ibapp.cab
O16 - DPF: KB KTpro Pack - https://www.mojebanka.cz/jars/kt_pro_v1101.cab
O16 - DPF: KB SH Pack - https://www.mojebanka.cz/jars/sh_pack.cab
O16 - DPF: KTPro SP KB R9 - https://www.mojebanka.cz/jars/ktpsp.cab
O16 - DPF: MIB Pack - https://www.mojebanka.cz/jars/mib_pack_v1400.cab
O16 - DPF: SH App KB R9 - https://www.mojebanka.cz/jars/shapp.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
O16 - DPF: {4B6E3013-6E45-11D0-9309-0020AFE05CC8} (BS Contact VRML Control) - http://www.bitmanagement.de/download/ca ... t_VRML.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{74606455-D342-48A5-8589-8E3BE181DD6C}: NameServer = 192.168.1.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{88DBF224-ABAE-494D-AC9B-5D5FE997484B}: NameServer = 192.168.1.138
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Scan saved at 17:35:04, on 7.5.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Geo\Local Settings\Temp\Dočasný adresář 1 pro hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O16 - DPF: CW App KB R9 - https://www.mojebanka.cz/jars/cwapp.cab
O16 - DPF: IB App KB R9 - https://www.mojebanka.cz/jars/ibapp.cab
O16 - DPF: KB KTpro Pack - https://www.mojebanka.cz/jars/kt_pro_v1101.cab
O16 - DPF: KB SH Pack - https://www.mojebanka.cz/jars/sh_pack.cab
O16 - DPF: KTPro SP KB R9 - https://www.mojebanka.cz/jars/ktpsp.cab
O16 - DPF: MIB Pack - https://www.mojebanka.cz/jars/mib_pack_v1400.cab
O16 - DPF: SH App KB R9 - https://www.mojebanka.cz/jars/shapp.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Cz\InstFred.ocx
O16 - DPF: {4B6E3013-6E45-11D0-9309-0020AFE05CC8} (BS Contact VRML Control) - http://www.bitmanagement.de/download/ca ... t_VRML.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Program Files\AutoCAD 2002 Cz\AcDcToday.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Cz\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Program Files\AutoCAD 2002 Cz\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{74606455-D342-48A5-8589-8E3BE181DD6C}: NameServer = 192.168.1.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{88DBF224-ABAE-494D-AC9B-5D5FE997484B}: NameServer = 192.168.1.138
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 7 hostů