Po prvotním připojení k Internetu se mi objevuje již pár dní hlášení:
"program ndt2.sys přestal fungovat a byl ukončen"
Zavřu to a pak už celou dobu nic, až při příštím nastartování internetového spojení.
Používám wifi.
Myslíte, že jde o nějaký typ viru nebo se mi rozjebaly Visty?
program ndt2.sys
Máš na PC nákazu. Vygeneruj log z HijackThis a zkopíruj ho sem.
Znáte pravidla?
Tipy a triky ve Windows XP
Návody: HijackThis, MWAV, CCleaner (THX to mijaja)
Problémy, které chcete vyřešit pište sem do fóra. Neposílejte je emailem ani po ICQ!
Tipy a triky ve Windows XP
Návody: HijackThis, MWAV, CCleaner (THX to mijaja)
Problémy, které chcete vyřešit pište sem do fóra. Neposílejte je emailem ani po ICQ!
mikel píše:Máš na PC nákazu. Vygeneruj log z HijackThis a zkopíruj ho sem.
Tady to je. Dnes se mi ta hláška zatím neobjevila.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:08, on 1.1.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Prgwin\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: ICQ Shadow - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\windows\calc.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Shadow - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\windows\calc.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://jobs.glaverbel.com/dana-cached/ ... rSetup.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfs.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
--
End of file - 9105 bytes
V Hijacku fixni tyto položky:
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O9 - Extra button: ICQ Shadow - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\windows\calc.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Shadow - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\windows\calc.exe (file missing)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://jobs.glaverbel.com/dana-cached/ ... rSetup.cab - tento ActiveX je trochu podezřelý, pokud nemáš vyloženě něco společného se stránkou jobs.glaverbel.com
Pak musíš zastavit tyto služby ve woknech (Start/Spustit/napiš msconfig/OK/záložka Služby - zrušíš u nich zatržení)
perfmons Service (perfmons)
Routing Service (Routing)
Restartuj a pak najdi na disku a smaž tyto soubory:
C:\Windows\system32\perfs.exe
C:\Windows\system32\routing.exe
C:\Windows\system32\ndt2.sys
Po tom všem udělej další log z Hijacku a dej ho sem.
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O9 - Extra button: ICQ Shadow - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\windows\calc.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Shadow - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\windows\calc.exe (file missing)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://jobs.glaverbel.com/dana-cached/ ... rSetup.cab - tento ActiveX je trochu podezřelý, pokud nemáš vyloženě něco společného se stránkou jobs.glaverbel.com
Pak musíš zastavit tyto služby ve woknech (Start/Spustit/napiš msconfig/OK/záložka Služby - zrušíš u nich zatržení)
perfmons Service (perfmons)
Routing Service (Routing)
Restartuj a pak najdi na disku a smaž tyto soubory:
C:\Windows\system32\perfs.exe
C:\Windows\system32\routing.exe
C:\Windows\system32\ndt2.sys
Po tom všem udělej další log z Hijacku a dej ho sem.
Znáte pravidla?
Tipy a triky ve Windows XP
Návody: HijackThis, MWAV, CCleaner (THX to mijaja)
Problémy, které chcete vyřešit pište sem do fóra. Neposílejte je emailem ani po ICQ!
Tipy a triky ve Windows XP
Návody: HijackThis, MWAV, CCleaner (THX to mijaja)
Problémy, které chcete vyřešit pište sem do fóra. Neposílejte je emailem ani po ICQ!
tak jsem provedl přesně co jsi napsal
po restartu mě Vista psala hlášku že je v módu ladění nebo tak nějak
po smazání těch souborů už jsem to nerestartoval
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:18:16, on 1.1.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\msconfig.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Prgwin\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
--
End of file - 8351 bytes
ještě upřesním, po každém restartu mi teď vyjíždí hlášení
Konfigurace systému
Pomocí nástroje Konfigurace systému jste provedli změny způsobu spouštění systému Windows.
Nástroj Konfigurace systému je nyní v diagnostickém režimu nebo v režimu výběrového spuštění.
Chcete-li systém Windows spustit normálně a vrátit provedené změny zpět, zvolte na kartě Obecné režim Normální a restartujte počítač.
když dám normální a odkliknu a restartuju, najede to znovu.. takže je potřeba zase zapnout ty služby?
po restartu mě Vista psala hlášku že je v módu ladění nebo tak nějak
po smazání těch souborů už jsem to nerestartoval
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:18:16, on 1.1.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\msconfig.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Prgwin\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
--
End of file - 8351 bytes
ještě upřesním, po každém restartu mi teď vyjíždí hlášení
Konfigurace systému
Pomocí nástroje Konfigurace systému jste provedli změny způsobu spouštění systému Windows.
Nástroj Konfigurace systému je nyní v diagnostickém režimu nebo v režimu výběrového spuštění.
Chcete-li systém Windows spustit normálně a vrátit provedené změny zpět, zvolte na kartě Obecné režim Normální a restartujte počítač.
když dám normální a odkliknu a restartuju, najede to znovu.. takže je potřeba zase zapnout ty služby?
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >
Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj + dej sem nový log z HJT
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >
Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj + dej sem nový log z HJT
fredik píše:Otevře se ti Okno s logem tak jeho obsah sem zkopíruj + dej sem nový log z HJT
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/03/2008 at 00:12 AM
Application Version : 3.9.1008
Core Rules Database Version : 3371
Trace Rules Database Version: 1366
Scan type : Complete Scan
Total Scan Time : 01:16:28
Memory items scanned : 575
Memory threats detected : 0
Registry items scanned : 8031
Registry threats detected : 0
File items scanned : 81238
File threats detected : 231
Adware.Tracking Cookie
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ads4.blastro[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@server.iad.liveperson[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@questionmarket[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@hitbox[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@stats.channel4[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adx.centrum[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@k.iinfo[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@www.hotfuckgirls[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@metacafe.122.2o7[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@sales.liveperson[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@richmedia.yahoo[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adserver.artempireindustries[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ehg-nokiafin.hitbox[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@tribalfusion[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@server.lon.liveperson[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@eyewonder[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad.yieldmanager[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@counter.mirohost[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@www.googleadservices[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@tacoda[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@eas.apm.emediate[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@realmedia[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@be.sitestat[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@indextools[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@sales.liveperson[3].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@jizdnirady.idnes[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ads.pointroll[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@burstnet[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@doubleclick[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad1.emediate[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@bs.serving-sys[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adserver.easyad[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adinterax[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@counter.cnw[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@wysistat[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@euros4click[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad.uk.tangozebra[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad1.soundpedia[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@collective-media[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad2.billboard[3].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@bbtrack.billboard[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@tradedoubler[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@be.sitestat[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@imrworldwide[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@serving-sys[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adrevolver[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@smileycentral[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@tizer.mediarotator[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@atdmt[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@rambler[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@clickaider[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@philips.112.2o7[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@2o7[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ehg-seagate.hitbox[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@revsci[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adbrite[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@fastclick[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@statse.webtrendslive[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@easywarez[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adopt.euroclick[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@anad.tacoda[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@phg.hitbox[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ads.adbrite[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@zedo[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adecn[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad2.billboard[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@statcounter[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@toplist[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad2.bbmedia[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@www.sexualfunk[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@atwola[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adidnes2.bbmedia[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@edge.ru4[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@spylog[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ads.as4x.tmcs[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@sex-sex.webpark[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adarbo2.bbmedia[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@bwincom.122.2o7[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@server.lon.liveperson[3].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad2.bbmedia[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adrenaline[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@advertising[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@toplist[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ads.blog[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad2.billboard[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@media.adrevolver[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@mediaplex[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@tracking.summitmedia.co[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adtech[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@server.iad.liveperson[3].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@overture[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@partners.webmasterplan[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@bonusweb.idnes[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@www.3dstats[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@rotabanner.utro[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adultfriendfinder[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@clicktorrent[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@server.cpmstar[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@rotor6.newzfind[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@www.tns-counter[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@hotlog[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@4.adbrite[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adrenalinesk[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@www.burstnet[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@azjmp[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adserver.a1media[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ehg-groupernetworks.hitbox[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@yadro[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@counter.hitslink[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adultxdating.co[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad1.clickhype[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ads.ookla[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ads.bridgetrack[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@fortunecity.us.intellitxt[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@downloadwarez[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@e-2dj6wjl4wkcjsbq.stats.esomniture[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@click.payserve[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ice.112.2o7[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@www.sex-seek.co[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@counter.top[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@casalemedia[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@gcc-06.googleadservices[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad.ural-banners.bb[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@specificclick[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@mrdacka.sexyvidea[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@www.burstbeacon[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@counter.internet[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@softonic.112.2o7[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@list[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@server.iad.liveperson[4].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@pornozpravy[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@rotabanner234.utro[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@nextstat[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@www.100.rbcmedia[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad.adfox[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@mediacollege[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@usenext[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ads.o2[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ads.czc[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@paypal.112.2o7[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@3.adbrite[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ads.mobygames[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@crackle[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad.iqsys[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@fr.clickintext[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@e-2dj6wgmywlazihp.stats.esomniture[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ads.str8up[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@www6.addfreestats[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@www.adbrite[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@xiti[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@partygaming.122.2o7[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad7.bannerbank[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@247realmedia[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad.crazytomato[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ehg-newegg.hitbox[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ehg-wssuk.hitbox[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@partypoker[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ads.revsci[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@rotabanner100.utro[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@www.234.rbcmedia[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@gcc-08.googleadservices[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@paycounter[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@precisionclick[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@www.zanox-affiliate[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@pennystocksexchange[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@atlassian.122.2o7[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@media.adrevolver[3].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@counter.studentagency[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@hit.stat[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@media.ps3.ign[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@sextracker[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@downtracker[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@rotabanner468.utro[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@counter.plugin[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@microsoftwlmessengermkt.112.2o7[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adsys.internet-media[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@100.media.lbn[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adserver.adreactor[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad2.bannerbank[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@warezak[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@234.media.lbn[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@stat.onestat[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad.gdi[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ehg-youtube.hitbox[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@zpravy.idnes[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@e-2dj6wjnyandzcdo.stats.esomniture[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@bannerbank[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adbrite.122.2o7[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@shinystat[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad2.adecn[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@counter6.sextracker[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@networksolutions.112.2o7[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ads.techguy[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@clicksor[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@it-crowd.serial4u[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@tracking.quisma[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@audit.median[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@sex-porn-site[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@aukro.idnes[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@iacas.adbureau[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@serialzone[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@trafficmp[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad3.bannerbank[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@image.masterstats[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@revenue[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@clickintext[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@sexus[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ad.cernak[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@server.iad.liveperson[5].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ads.mkgmedia[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@www.blowadvertising[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ads.sup[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@msnportal.112.2o7[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@pornopovidky[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@counter2.hitslink[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@fortunecity[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@sexy-seznamka[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@adopt.specificclick[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ads.oxyonline[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@creview.adbureau[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@rotator.adjuggler[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@counter7.sextracker[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ehg-foxsports.hitbox[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@ds.clickexperts[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\panXYZ@2o7[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\panXYZ@ad2.bbmedia[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\panXYZ@ad2.billboard[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\panXYZ@ad2.billboard[2].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\panXYZ@toplist[1].txt
C:\Users\PanXYZ\AppData\Roaming\Microsoft\Windows\Cookies\panXYZ@richmedia.yahoo[1].txt
Trojan.Downloader-Gen/INDT2
C:\WINDOWS\SYSTEM32\INDT2.SYS
a ještě Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:19:30, on 3.1.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\notepad.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Prgwin\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
--
End of file - 8992 bytes
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Můžeš ještě fixnout v HJT tyto položky:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Doporučil bych ti aktualizovat Javu:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6 Update 3
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 3 a klikni na tlačítko Download
- Zatrhni možnost kde je napsáno: Accept License Agreement
- Stránka se ti znovu načte.
- Klikni na odkaz pro stažení: Windows Offline Installation, Multi-language a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u3-windows-i586-p.exe, který sis stáhl na začátku.
Pokud už nepoužíváš nic od Symantec/Norton tak ještě zastav tuto službu:
Symantec Lic NetConnect service
Log vypadá dobře, máš ještě problémy?
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Doporučil bych ti aktualizovat Javu:
- Stáhni si poslení verzi Java Runtime Environment (JRE) 6 Update 3
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 3 a klikni na tlačítko Download
- Zatrhni možnost kde je napsáno: Accept License Agreement
- Stránka se ti znovu načte.
- Klikni na odkaz pro stažení: Windows Offline Installation, Multi-language a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:
- J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u3-windows-i586-p.exe, který sis stáhl na začátku.
Pokud už nepoužíváš nic od Symantec/Norton tak ještě zastav tuto službu:
Symantec Lic NetConnect service
Log vypadá dobře, máš ještě problémy?
Děkuji!
Případně zkusím i ty posledně doporučené kroky. To hlášení mi již nevyjíždí, zato mě teď trápilo ono:
Konfigurace systému
Pomocí nástroje Konfigurace systému jste provedli změny způsobu spouštění systému Windows.
Nástroj Konfigurace systému je nyní v diagnostickém režimu nebo v režimu výběrového spuštění.
Chcete-li systém Windows spustit normálně a vrátit provedené změny zpět, zvolte na kartě Obecné režim Normální a restartujte počítač.
Ale dnes jsem zkusil v msconfig vypnout a opětovně zapnout vechny služby a už se to postartu systému neobjevuje.
Případně zkusím i ty posledně doporučené kroky. To hlášení mi již nevyjíždí, zato mě teď trápilo ono:
Konfigurace systému
Pomocí nástroje Konfigurace systému jste provedli změny způsobu spouštění systému Windows.
Nástroj Konfigurace systému je nyní v diagnostickém režimu nebo v režimu výběrového spuštění.
Chcete-li systém Windows spustit normálně a vrátit provedené změny zpět, zvolte na kartě Obecné režim Normální a restartujte počítač.
Ale dnes jsem zkusil v msconfig vypnout a opětovně zapnout vechny služby a už se to postartu systému neobjevuje.
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 2 hosti