possible website hijack
nasiel mi to spyware doctor ale sa to mi doteraz nepodarilo odstranit.dakujem za pomoc.
Jsou zobrazeny jen nové odpovědi. Zobrazit všechny
Zpět do poradny Odpovědět na původní otázku Nahoru
a kde ti to našel?
ak mozem ,vedel by si skontrolovat hijack list?
Ten log z HJT sem zkopíruj (možná to budeš muset rozdělit do více příspěvků).
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb /*ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ig
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {bf23150a-b2ad-43e9-bdc0-6c0cc3d290d2} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\Program Files\Acronis\PrivacyExpert\PrivacyExpert\Blokován í.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: (no name) - {bf23150a-b2ad-43e9-bdc0-6c0cc3d290d2} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [BM87274053] Rundll32.exe "C:\WINDOWS\system32\kmpgojfg.dll",s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Acronis Blokování pop-up oken - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\Program Files\Acronis\PrivacyExpert\PrivacyExpert\Blokován í.dll
O9 - Extra 'Tools' menuitem: Acronis Blokování pop-up oken - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\Program Files\Acronis\PrivacyExpert\PrivacyExpert\Blokován í.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5C ontrols/en/x86/client/wuweb_site.cab?1232626477593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5C ontrols/en/x86/client/muweb_site.cab?1232626461421
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: oakarqbs - C:\Documents and Settings\peter\Application Data\oakarqbs.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySql - Unknown owner - C:/PROGRA~1/PHP Home Edition 2/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - 715.gif
Fixnout:
R3 - URLSearchHook: (no name) - {bf23150a-b2ad-43e9-bdc0-6c0cc3d290d2} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: (no name) - {bf23150a-b2ad-43e9-bdc0-6c0cc3d290d2} - (no file)
O4 - HKLM\..\Run: [BM87274053] Rundll32.exe "C:\WINDOWS\system32\kmpgojfg.dll",s
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\WINDOWS\System32\shdocvw.dll
O23 - Service: MySql - Unknown owner - C:/PROGRA~1/PHP Home Edition 2/mysql/bin/mysqld-nt.exe (file missing)
O24 - Desktop Component 0: (no name) - 715.gif
Jaké problémy jsou ještě z PC?
Zkoušels SuperAntiSpyware?
ziadny driver nefunguje co mam v pc,ked nieco pripojim telefon ,webcam,mp3,tak napise ze sa nasiel novy hardver,zrazu sa spusti services.exe,zvysi sa spotreba pamete,a ani zanic sa neda instalovat ziadny driver ,stale pise ze sa musi dokoncit instalacia,aj ked som ziadnu nezacal.:(
Zkus ještě ten SAS.
Ta hláška píše přesně co? Čeho instalace nebyla dokončena nepíše?
Co píše prohlížeč událostí?
nepise coho,len ked napise ze bol najdeny novy hardver a chcem ist ho dat instalovat tak mi napise ze sa neda lebo uz instalacia prebieha,ale nepise ze coho,
Nejdříve bych vypnul tu hovadinu Ad-watch (ideální je zbavit se celého Ad-Aware) a podíval se, jak velký je soubor hosts.
tak ad watch ci ako sa vola uz vypol a ten hosts kde najdem?
Ve Windows se dají hledat soubory a složky, to tam nemáš?
WINDOWS\system32\drivers\etc\
hosts je 291 788 a strasne vela je tam toho tych hosts a cisla
Ano, při obřím souboru hosts (poděkuj Ad-Aware) jsou problémy se services.exe zmiňovány.
okej dakujem a co stym teraz?
Nech tam jenom řádek 127.0.0.1 localhost, ostatní smazat.
hosts backup je tam 21 suborov,potom imhosts,networks,protocol,services,a jeden hosts o tej velkosti 291 788,to mam ktore zmazat?
V souboru hosts nech jen ten výše uvedený řádek. Soubor hosts se jmenuje hosts.
no uz .a teraz?restartovat>?
Co teraz? To je celý. Nechat jen ten řádek a uložit. Restartovat můžeš.
mas to u mna,webcam ide aj ostatne,len neviem instalovat realtek ,mam xp prof.a SP3 a nijak to neviem spustit.
To tady moc lidí hledat nebude, zkus raději nový dotaz.
zapomněl jsi na:
O20 - Winlogon Notify: oakarqbs - C:\Documents and Settings\peter\Application Data\oakarqbs.dll
to vypadá na nějakou sviňu.
u mě to samý nejde dát do karantény ani odstranit.P oradíte jak na něj??
Asi ne, když nedokážete napsat nic o svém operačním systému, antivirovém programu, opsat přesně hlášku a napsat, který program vám jí vypisuje.