Fri Oct 20 21:39:35 2006 => Offending Key found: HKLM\Software\microsoft\downloadmanager !!!
Fri Oct 20 21:39:36 2006 => Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 21:39:38 2006 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com !!!
Fri Oct 20 21:39:38 2006 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 21:39:39 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Fri Oct 20 21:39:39 2006 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 21:39:39 2006 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Fri Oct 20 21:39:39 2006 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 21:39:52 2006 => Offending value found in HKLM\Software\Licenses: {k7c0db872a3f777c0} !!!
Fri Oct 20 21:39:52 2006 => Object "spywarestrike Trojan" found in File System! Action Taken: No Action Taken.
Fri Oct 20 21:42:13 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MP3 CD Doctor Lite_is1". Action Taken: No Action Taken.
Fri Oct 20 21:42:14 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Poker". Action Taken: No Action Taken.
Fri Oct 20 21:27:44 2006 => File D:\WINDOWS\system32\winjcr32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.
Fri Oct 20 21:30:04 2006 => File D:\WINDOWS\system32\winjcr32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.
Fri Oct 20 21:50:29 2006 => File D:\WINDOWS\System32\winjcr32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.
/úprava logu + nadpisu
/mikel
Log z MWAV - nález!
Nevím, který log je dobře. tentoje zkopírovany z MWAVu (spodního okna). Absolutně v tom nejsem zběhlý...
File D:\WINDOWS\system32\winjcr32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.
File D:\WINDOWS\system32\winjcr32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "spywarestrike Trojan" found in File System! Action Taken: No Action Taken.
Entry "HKCR\AcroIEHelper.AcroIEHlprObj" refers to invalid object "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}". Action Taken: No Action Taken.
Entry "HKCR\AcroIEHelper.AcroIEHlprObj.1" refers to invalid object "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControl.CDDBControl2" refers to invalid object "{69E9B473-22E6-471D-8683-84BD1E4BECE1}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControl.CDDBControl2.1" refers to invalid object "{69E9B473-22E6-471D-8683-84BD1E4BECE1}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp.CddbDisc" refers to invalid object "{c2e21ac1-675c-4cae-ba0c-98d25a5e5b84}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CddbCacheManager" refers to invalid object "{efe52f1e-1427-4ce9-acfe-0e050e498e63}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CddbCacheManager.1" refers to invalid object "{efe52f1e-1427-4ce9-acfe-0e050e498e63}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CddbCredit" refers to invalid object "{bfe639ee-762e-46c4-ae7c-3c34ccc317ff}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CddbCredit.1" refers to invalid object "{bfe639ee-762e-46c4-ae7c-3c34ccc317ff}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CddbDisc.1" refers to invalid object "{c2e21ac1-675c-4cae-ba0c-98d25a5e5b84}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CddbFullName.1" refers to invalid object "{f1110c60-736a-4d58-8e2a-4935dfcf9ac7}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CDDBWinamp5Control" refers to invalid object "{f2e9891e-0ce2-40bc-a6df-ed87c817b83d}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CDDBWinamp5Control.1" refers to invalid object "{f2e9891e-0ce2-40bc-a6df-ed87c817b83d}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.FullName" refers to invalid object "{f1110c60-736a-4d58-8e2a-4935dfcf9ac7}". Action Taken: No Action Taken.
Entry "HKCR\CDDBUIControlWinamp5.CddbWinamp5UI" refers to invalid object "{0dabacb1-1a16-4082-a610-3d0b3a2a94fc}". Action Taken: No Action Taken.
Entry "HKCR\CDDBUIControlWinamp5.CddbWinamp5UI.1" refers to invalid object "{0dabacb1-1a16-4082-a610-3d0b3a2a94fc}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.Actions" refers to invalid object "{FB53B9F5-7549-49EC-9741-67725D24A989}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.ActiveScript Host" refers to invalid object "{DB01A1E3-A42B-11CF-8F20-00805F2CD064}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.Constants" refers to invalid object "{EE4D45D8-8C42-4721-ACF7-F8D0A3DC81B3}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.EditControl" refers to invalid object "{2FB80EA7-796F-4938-9D51-56E9B80C5AD7}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.Help" refers to invalid object "{D7712D85-6B1D-4524-BB4C-F3FDCD8D3520}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.Lines" refers to invalid object "{1BBF5ABF-76F5-4D88-BED4-B491C0EDDCB4}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.Menu" refers to invalid object "{2F2F425D-570F-467A-841F-574C384692C0}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.SecretClass" refers to invalid object "{CDDAC1C7-07E5-4AE8-8EE6-AC31FDA6293B}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.Variables" refers to invalid object "{6B9A7CE4-0517-430A-95F2-157FAB5B9555}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MP3 CD Doctor Lite_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Poker". Action Taken: No Action Taken.
File D:\WINDOWS\System32\winjcr32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.
File D:\WINDOWS\system32\winjcr32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.
File D:\WINDOWS\system32\winjcr32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "spywarestrike Trojan" found in File System! Action Taken: No Action Taken.
Entry "HKCR\AcroIEHelper.AcroIEHlprObj" refers to invalid object "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}". Action Taken: No Action Taken.
Entry "HKCR\AcroIEHelper.AcroIEHlprObj.1" refers to invalid object "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControl.CDDBControl2" refers to invalid object "{69E9B473-22E6-471D-8683-84BD1E4BECE1}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControl.CDDBControl2.1" refers to invalid object "{69E9B473-22E6-471D-8683-84BD1E4BECE1}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp.CddbDisc" refers to invalid object "{c2e21ac1-675c-4cae-ba0c-98d25a5e5b84}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CddbCacheManager" refers to invalid object "{efe52f1e-1427-4ce9-acfe-0e050e498e63}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CddbCacheManager.1" refers to invalid object "{efe52f1e-1427-4ce9-acfe-0e050e498e63}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CddbCredit" refers to invalid object "{bfe639ee-762e-46c4-ae7c-3c34ccc317ff}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CddbCredit.1" refers to invalid object "{bfe639ee-762e-46c4-ae7c-3c34ccc317ff}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CddbDisc.1" refers to invalid object "{c2e21ac1-675c-4cae-ba0c-98d25a5e5b84}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CddbFullName.1" refers to invalid object "{f1110c60-736a-4d58-8e2a-4935dfcf9ac7}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CDDBWinamp5Control" refers to invalid object "{f2e9891e-0ce2-40bc-a6df-ed87c817b83d}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.CDDBWinamp5Control.1" refers to invalid object "{f2e9891e-0ce2-40bc-a6df-ed87c817b83d}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlWinamp5.FullName" refers to invalid object "{f1110c60-736a-4d58-8e2a-4935dfcf9ac7}". Action Taken: No Action Taken.
Entry "HKCR\CDDBUIControlWinamp5.CddbWinamp5UI" refers to invalid object "{0dabacb1-1a16-4082-a610-3d0b3a2a94fc}". Action Taken: No Action Taken.
Entry "HKCR\CDDBUIControlWinamp5.CddbWinamp5UI.1" refers to invalid object "{0dabacb1-1a16-4082-a610-3d0b3a2a94fc}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.Actions" refers to invalid object "{FB53B9F5-7549-49EC-9741-67725D24A989}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.ActiveScript Host" refers to invalid object "{DB01A1E3-A42B-11CF-8F20-00805F2CD064}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.Constants" refers to invalid object "{EE4D45D8-8C42-4721-ACF7-F8D0A3DC81B3}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.EditControl" refers to invalid object "{2FB80EA7-796F-4938-9D51-56E9B80C5AD7}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.Help" refers to invalid object "{D7712D85-6B1D-4524-BB4C-F3FDCD8D3520}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.Lines" refers to invalid object "{1BBF5ABF-76F5-4D88-BED4-B491C0EDDCB4}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.Menu" refers to invalid object "{2F2F425D-570F-467A-841F-574C384692C0}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.SecretClass" refers to invalid object "{CDDAC1C7-07E5-4AE8-8EE6-AC31FDA6293B}". Action Taken: No Action Taken.
Entry "HKCR\rkEdit.Variables" refers to invalid object "{6B9A7CE4-0517-430A-95F2-157FAB5B9555}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MP3 CD Doctor Lite_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Poker". Action Taken: No Action Taken.
File D:\WINDOWS\System32\winjcr32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
C:\WINDOWS\SYSTEM32\winjcr32.dll odstraň Killboxem: http://www.viry.cz/forum/viewtopic.php?t=2305 . spusť a do okénka zkopíruj cestu k souboru. zaškrtni Delete on reboot a unregister dll before deleting a stiskni křížek.
komp pude do restartu. potom pošli log z HijackThis a napiš co máš za potíže
komp pude do restartu. potom pošli log z HijackThis a napiš co máš za potíže
Logfile of HijackThis v1.99.1
Scan saved at 0:35:41, on 21. 10. 2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Ondra\Antivirové systémy\iAVS\Adres\aswUpdSv.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\ashServ.exe
D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\ashWebSv.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\ashMaiSv.exe
D:\WINDOWS\AGRSMMSG.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
D:\Ondra\ANTIVI~1\iAVS\Adres\ashDisp.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Ondra\ICQ\5\ICQLite\ICQLite.exe
D:\ondra\příslušenství\nová složka\quicktimeinstaller\qttask.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Omezenec\Plocha\hijekt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz/home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] D:\Ondra\ANTIVI~1\iAVS\Adres\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] "D:\Ondra\ICQ\5\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "D:\ondra\příslušenství\nová složka\quicktimeinstaller\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Task Catcher] D:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Ondra\ICQ\5\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Ondra\ICQ\5\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Ondra\ICQ\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Ondra\ICQ\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Ondra\ICQ\5\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Ondra\ICQ\5\ICQLite\ICQLite.exe
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.cz/Comp/signer.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: winjcr32 - D:\WINDOWS\SYSTEM32\winjcr32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\ashWebSv.exe" /service (file missing)
O23 - Service: hpdj - HP - D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
Scan saved at 0:35:41, on 21. 10. 2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Ondra\Antivirové systémy\iAVS\Adres\aswUpdSv.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\ashServ.exe
D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\ashWebSv.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\ashMaiSv.exe
D:\WINDOWS\AGRSMMSG.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
D:\Ondra\ANTIVI~1\iAVS\Adres\ashDisp.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Ondra\ICQ\5\ICQLite\ICQLite.exe
D:\ondra\příslušenství\nová složka\quicktimeinstaller\qttask.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Omezenec\Plocha\hijekt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz/home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] D:\Ondra\ANTIVI~1\iAVS\Adres\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] "D:\Ondra\ICQ\5\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "D:\ondra\příslušenství\nová složka\quicktimeinstaller\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Task Catcher] D:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Ondra\ICQ\5\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Ondra\ICQ\5\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Ondra\ICQ\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Ondra\ICQ\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Ondra\ICQ\5\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Ondra\ICQ\5\ICQLite\ICQLite.exe
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.cz/Comp/signer.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: winjcr32 - D:\WINDOWS\SYSTEM32\winjcr32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\ashWebSv.exe" /service (file missing)
O23 - Service: hpdj - HP - D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hpdj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
jo,moje chyba. ty to máš v D:
fixni
O20 - Winlogon Notify: winjcr32 - D:\WINDOWS\SYSTEM32\winjcr32.dll
O23 - Service: hpdj - HP - D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hpdj.exe
potom použij killbox a do okýnka zkopíruj
D:\WINDOWS\SYSTEM32\winjcr32.dll
zaškrtni Delete on reboot a unregister dll before deleting a stiskni křížek.
komp pude do restartu.
a ještě jeden log na dočištění
fixni
O20 - Winlogon Notify: winjcr32 - D:\WINDOWS\SYSTEM32\winjcr32.dll
O23 - Service: hpdj - HP - D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hpdj.exe
potom použij killbox a do okýnka zkopíruj
D:\WINDOWS\SYSTEM32\winjcr32.dll
zaškrtni Delete on reboot a unregister dll before deleting a stiskni křížek.
komp pude do restartu.
a ještě jeden log na dočištění
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Posledni log
Logfile of HijackThis v1.99.1
Scan saved at 9:22:22, on 21. 10. 2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\aswUpdSv.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\ashServ.exe
D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\ashMaiSv.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\ashWebSv.exe
D:\WINDOWS\AGRSMMSG.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
D:\Ondra\ANTIVI~1\iAVS\Adres\ashDisp.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Ondra\ICQ\5\ICQLite\ICQLite.exe
D:\ondra\příslušenství\nová složka\quicktimeinstaller\qttask.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Omezenec\Plocha\hijekt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz/home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] D:\Ondra\ANTIVI~1\iAVS\Adres\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] "D:\Ondra\ICQ\5\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "D:\ondra\příslušenství\nová složka\quicktimeinstaller\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Task Catcher] D:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Ondra\ICQ\5\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Ondra\ICQ\5\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Ondra\ICQ\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Ondra\ICQ\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Ondra\ICQ\5\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Ondra\ICQ\5\ICQLite\ICQLite.exe
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.cz/Comp/signer.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: winjcr32 - winjcr32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 9:22:22, on 21. 10. 2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\aswUpdSv.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\ashServ.exe
D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\ashMaiSv.exe
D:\Ondra\Antivirové systémy\iAVS\Adres\ashWebSv.exe
D:\WINDOWS\AGRSMMSG.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
D:\Ondra\ANTIVI~1\iAVS\Adres\ashDisp.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Ondra\ICQ\5\ICQLite\ICQLite.exe
D:\ondra\příslušenství\nová složka\quicktimeinstaller\qttask.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Omezenec\Plocha\hijekt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz/home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] D:\Ondra\ANTIVI~1\iAVS\Adres\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] "D:\Ondra\ICQ\5\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "D:\ondra\příslušenství\nová složka\quicktimeinstaller\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Task Catcher] D:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Ondra\ICQ\5\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Ondra\ICQ\5\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Ondra\ICQ\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Ondra\ICQ\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Ondra\ICQ\5\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Ondra\ICQ\5\ICQLite\ICQLite.exe
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.cz/Comp/signer.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: winjcr32 - winjcr32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Ondra\Antivirové systémy\iAVS\Adres\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
1. Hijack - fixni tohle:
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] "D:\Ondra\ICQ\5\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "D:\ondra\příslušenství\nová složka\quicktimeinstaller\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Ondra\ICQ\5\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O20 - Winlogon Notify: winjcr32 - winjcr32.dll (file missing)
Jak ti radil náš pan baron, musíš zastavit jeden z antivirů! Jestli je jeden z nich plná verze, tak zastav ten druhý. Jestli je NOD trial, tak zastav NODa.
A ty by ses měl urychleně řídit druhou radou a nainstalovat nejdříve SP1 a pak SP2.
2. MWAV
- nejdříve v registrech najdi a smaž červeně označené klíče:
HOT_KEY_LOCAL_MACHINE\Software\microsoft\downloadmanager
HOT_KEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com
HOT_KEY_LOCAL_MACHINE\Software\Licenses: {k7c0db872a3f777c0} - pozor, to je pouze hodnota v pravé straně okna!
HOT_KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com
HOT_KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] "D:\Ondra\ICQ\5\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "D:\ondra\příslušenství\nová složka\quicktimeinstaller\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Ondra\ICQ\5\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O20 - Winlogon Notify: winjcr32 - winjcr32.dll (file missing)
Jak ti radil náš pan baron, musíš zastavit jeden z antivirů! Jestli je jeden z nich plná verze, tak zastav ten druhý. Jestli je NOD trial, tak zastav NODa.
A ty by ses měl urychleně řídit druhou radou a nainstalovat nejdříve SP1 a pak SP2.
2. MWAV
- nejdříve v registrech najdi a smaž červeně označené klíče:
HOT_KEY_LOCAL_MACHINE\Software\microsoft\downloadmanager
HOT_KEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com
HOT_KEY_LOCAL_MACHINE\Software\Licenses: {k7c0db872a3f777c0} - pozor, to je pouze hodnota v pravé straně okna!
HOT_KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com
HOT_KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com
Znáte pravidla?
Tipy a triky ve Windows XP
Návody: HijackThis, MWAV, CCleaner (THX to mijaja)
Problémy, které chcete vyřešit pište sem do fóra. Neposílejte je emailem ani po ICQ!
Tipy a triky ve Windows XP
Návody: HijackThis, MWAV, CCleaner (THX to mijaja)
Problémy, které chcete vyřešit pište sem do fóra. Neposílejte je emailem ani po ICQ!
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 1 host