modré okno your system is infected vxp Vyřešeno

[georgecowley]

Zdravím po zavirování počítače mi na ploše vyskočilo toto okno a i po odvirování a dokonce po vrácení systému do poslední funkční konfigurace mi tam to okno zůstává,nejde změnit ani v ovl panelech kde je uveden jako pozadí critical error
Taky mi nejdou spouštět některé prohlížeč např google,seznam apod a místo nich to po mě chce nějaké heslo,nebo se adresa přesměruje na nějakou stránku s léky,jiné adresy jdou normálně,je možné je je comp pořád zavirovaný i když mi to antivir není schopný najít?
Díky za radu
Lukas
Jsem laik

[Reklama]

[alenka_v_říši_divů]

Zdravím... nejlepší bude dát log do sekce HijackThis.
Návod : viewtopic.php?f=70&t=5119

[georgecowley]

mám to nějaký blokovaný při pokusu o stažení hijack mi místo hijcks vyběhne stránka z léky:(

[peacoq]

Pouzij tedy alternativni moznost, napriklad ceskou Slunecnici: HJT verze 2.0.2 http://www.slunecnice.cz/sw/hijackthis/
A kfy ti to otvira jinou stranku> pri kliknuti na odkaz co ti napsal? ..je dulezite, aby jsi videl, jak instalovat a pouzit HJT, a nebo se 'neco' otevre v okamziku, kdy se z te stranky pokousis stahovat onene test?
MUSIS vedet co delat, aby jsi se neunahlil, protze tento test muze svadet k necemu, cemu se rika 'podivam se a neco odkliknu' , !.
Nemuzes-li stahnout navod, naisiti ho/prekopiruji, aby jsi veel, jak postupovat.

[alenka_v_říši_divů]

Tak zkus stáhnout zde .... pak to smažu ...

[georgecowley]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15:28, on 9.8.2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\ntvdm.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\windows\ld12.exe
G:\Spyware Terminator\SpywareTerminatorShield.exe
D:\WINDOWS\System32\ctfmon.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
D:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
D:\Program Files\ICQ6Toolbar\ICQ Service.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\System32\PnkBstrA.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Administrator\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F3 - REG:win.ini: load=awintabf.exe
O1 - Hosts: 78.46.129.168 en.wikipedia.org
O1 - Hosts: 78.46.129.168 ru.wikipedia.org
O1 - Hosts: 78.46.129.168 www.wikipedia.org
O1 - Hosts: 78.46.129.168 www.rxlist.com
O1 - Hosts: 78.46.129.168 rxlist.com
O1 - Hosts: 78.46.129.168 www.youtube.com
O1 - Hosts: 78.46.129.168 youtube.com
O1 - Hosts: 78.46.129.168 www.viagra.com
O1 - Hosts: 78.46.129.168 viagra.com
O1 - Hosts: 78.46.129.168 www.adultswim.com
O1 - Hosts: 78.46.129.168 adultswim.com
O1 - Hosts: 78.46.129.168 www.adultperiod.com
O1 - Hosts: 78.46.129.168 adultperiod.com
O1 - Hosts: 78.46.129.168 fishki.net
O1 - Hosts: 78.46.129.168 www.fishki.net
O1 - Hosts: 78.46.129.168 foto.mail.ru
O1 - Hosts: 78.46.129.168 go.mail.ru
O1 - Hosts: 78.46.129.168 my.mail.ru
O1 - Hosts: 78.46.129.168 vkontakte.ru
O1 - Hosts: 78.46.129.168 www.vkontakte.ru
O1 - Hosts: 78.46.129.168 www.vkontakte.com
O1 - Hosts: 78.46.129.168 vkontakte.com
O1 - Hosts: 78.46.129.168 news.mail.ru
O1 - Hosts: 78.46.129.168 www.livejournal.com
O1 - Hosts: 78.46.129.168 livejournal.com
O1 - Hosts: 78.46.129.168 www.gismeteo.ru
O1 - Hosts: 78.46.129.168 gismeteo.ru
O1 - Hosts: 78.46.129.168 mail.ru
O1 - Hosts: 78.46.129.168 love.mail.ru
O1 - Hosts: 78.46.129.168 dating.ru
O1 - Hosts: 78.46.129.168 www.videoklas.ru
O1 - Hosts: 78.46.129.168 www.24open.ru
O1 - Hosts: 78.46.129.168 www.dating.lt
O1 - Hosts: 78.46.129.168 dating.lt
O1 - Hosts: 78.46.129.168 protoplex.ru
O1 - Hosts: 78.46.129.168 samlab.ws
O1 - Hosts: 78.46.129.168 www.2baksa.net
O1 - Hosts: 78.46.129.168 2baksa.net
O1 - Hosts: 78.46.129.168 www.gismeteo.ua
O1 - Hosts: 78.46.129.168 gismeteo.ua
O1 - Hosts: 78.46.129.168 podrobnosti.ua
O1 - Hosts: 78.46.129.168 www.webgari.com
O1 - Hosts: 78.46.129.168 webgari.com
O1 - Hosts: 78.46.129.168 segodnya.ua
O1 - Hosts: 78.46.129.168 www.kmindex.ru
O1 - Hosts: 78.46.129.168 www.marketgid.com
O1 - Hosts: 78.46.129.168 alive.org.ua
O1 - Hosts: 78.46.129.168 upload.com.ua
O1 - Hosts: 78.46.129.168 icq.com
O1 - Hosts: 78.46.129.168 qip.com
O1 - Hosts: 78.46.129.168 qip.ru
O1 - Hosts: 78.46.129.168 microsoft.com
O1 - Hosts: 78.46.129.168 www.esetnod32.ru
O1 - Hosts: 78.46.129.168 www.kaspersky.ru
O1 - Hosts: 78.46.129.168 www.drweb.com
O1 - Hosts: 78.46.129.168 news.softodrom.ru
O1 - Hosts: 78.46.129.168 www.avsoft.ru
O1 - Hosts: 78.46.129.168 biblprog.org.ua
O1 - Hosts: 78.46.129.168 help-antivirus.ru
O1 - Hosts: 78.46.129.168 www.virustotal.com
O1 - Hosts: 78.46.129.168 virustotal.com
O1 - Hosts: 78.46.129.168 www.securitylab.ru
O1 - Hosts: 78.46.129.168 stopvirus.com.ua
O1 - Hosts: 78.46.129.168 www.free-av.com
O1 - Hosts: 78.46.129.168 www.avast.com
O1 - Hosts: 78.46.129.168 rapidshare.com
O1 - Hosts: 78.46.129.168 www.rapidshare.com
O1 - Hosts: 78.46.129.168 ukr.net
O1 - Hosts: 78.46.129.168 bigmir.net
O1 - Hosts: 78.46.129.168 meta.ua
O1 - Hosts: 78.46.129.168 korrespondent.net
O1 - Hosts: 78.46.129.168 pravda.com.ua
O1 - Hosts: 78.46.129.168 i.ua
O1 - Hosts: 78.46.129.168 online.ua
O1 - Hosts: 78.46.129.168 oboz.ua
O1 - Hosts: 78.46.129.168 www.ukr.net
O1 - Hosts: 78.46.129.168 www.bigmir.net
O1 - Hosts: 78.46.129.168 www.meta.ua
O1 - Hosts: 78.46.129.168 www.korrespondent.net
O1 - Hosts: 78.46.129.168 www.pravda.com.ua
O1 - Hosts: 78.46.129.168 www.i.ua
O1 - Hosts: 78.46.129.168 www.online.ua
O1 - Hosts: 78.46.129.168 www.oboz.ua
O1 - Hosts: 78.46.129.168 gogo.ru
O1 - Hosts: 78.46.129.168 www.gogo.ru
O1 - Hosts: 78.46.129.168 www.yandex.ru
O1 - Hosts: 78.46.129.168 yandex.ru
O1 - Hosts: 78.46.129.168 yahoo.com
O1 - Hosts: 78.46.129.168 www.yahoo.com
O1 - Hosts: 78.46.129.168 bing.com
O1 - Hosts: 78.46.129.168 www.bing.com
O1 - Hosts: 78.46.129.168 aport.com
O1 - Hosts: 78.46.129.168 www.aport.com
O1 - Hosts: 78.46.129.168 bing.ru
O1 - Hosts: 78.46.129.168 www.bing.ru
O1 - Hosts: 78.46.129.168 aport.ru
O1 - Hosts: 78.46.129.168 www.aport.ru
O1 - Hosts: 78.46.129.168 21150.com
O1 - Hosts: 78.46.129.168 3576.net
O1 - Hosts: 78.46.129.168 38389438.com
O1 - Hosts: 78.46.129.168 466453.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe
O4 - HKLM\..\Run: [SpywareTerminator] "G:\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "D:\WINDOWS\TEMP\E_SB1.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Media Card Companion Monitor.lnk = D:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4131526296
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://66.117.37.13/cza2218.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://66.117.37.13/cza2218.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DF8107D-203D-4EB8-AF0A-047DAB41444D}: NameServer = 85.255.114.37,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5D152D9-7AD0-4E6F-BCB8-79D8DF1D3759}: NameServer = 85.255.114.37,85.255.112.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.37 85.255.112.13
O17 - HKLM\System\CS1\Services\Tcpip\..\{8DF8107D-203D-4EB8-AF0A-047DAB41444D}: NameServer = 85.255.114.37,85.255.112.13
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.37 85.255.112.13
O17 - HKLM\System\CS2\Services\Tcpip\..\{8DF8107D-203D-4EB8-AF0A-047DAB41444D}: NameServer = 85.255.114.37,85.255.112.13
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.37 85.255.112.13
O17 - HKLM\System\CS3\Services\Tcpip\..\{8DF8107D-203D-4EB8-AF0A-047DAB41444D}: NameServer = 85.255.114.37,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.37 85.255.112.13
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ICQ Service - Unknown owner - D:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - D:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\System32\PnkBstrA.exe

--
End of file - 11826 bytes
takhle?

[peacoq]

Uz se ti to resi v novem tematu. Toto si uzavri (zelena fajfka vpravo v prispevku) ..neni ucelne mit dve temata stejneho obsahu.