Bublina your computer is infected

Nejezchlebicek · Příspěvekod **Nejezchlebicek** » 30 zář 2009 14:19

Zdravím, včera jsem měl normálně zapnutý počítač a pak mi vyskočila bublina

Your computer is infected. In is recomendet to use special antispyware tools to prevent data Loss. Windows will now download the most up-to date antispyware for you.

Pak to stáhne nějakej antivir. Antivirus pro 2010, nebo něco takového a začne to skenovat viry, nějaké to najde, ale smazat nejdou, protože si samozřejmě musíte koupit plnou verzi.

Co to je? Mam tam opravdu spyware, nebo to je prostě ěnjaká aplikace, co mi to furt spouští za účelem, abych si koupil ten jejich antivir?
A kdyžtak jak se toho zbavit?

Reklama

Damned · Příspěvekod **Damned** » 30 zář 2009 14:27

Udělej mi log z HijackThis.

Nejezchlebicek · Příspěvekod **Nejezchlebicek** » 30 zář 2009 14:31

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:29:49, on 30.9.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\restorer32_a.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Vista Sidebar\sidebar.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Documents and Settings\Eda\restorer32_a.exe
C:\Documents and Settings\Eda\Data aplikací\seres.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Eda\Data aplikací\svcst.exe
C:\Program Files\OVISLINK\Common\AirliveUI.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Eda\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Eda\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\QIP\qip.exe
C:\Documents and Settings\Eda\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Eda\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Eda\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Eda\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Eda\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Eda\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=61005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=61005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe
O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Eda\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [restorer32_a] C:\Documents and Settings\Eda\restorer32_a.exe
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Eda\Data aplikací\seres.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Global Startup: AirLive 802.11G Wireless Utility.lnk = C:\Program Files\OVISLINK\Common\AirliveUI.exe
O4 - Global Startup: Místní vyhledávání.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-CE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: boardwalk - {75a65a53-15c9-4a0c-bb40-a7ca8b24f544} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 17117 bytes

Damned · Příspěvekod **Damned** » 30 zář 2009 14:58

Odinstaluj si ICQ6Toolbar, Remote Packet Capture Protocol , Logitech Desktop Messenger, Winamp Toolbar, Crawler Toolbar + Spyware Terminator, AskBarDis a Mega Upload Toolbar. Pokud něco nenajdeš, odstraníme to jinak.
*****************************************************************************************************************************************
Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=61005
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61005
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=61005
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [restorer32_a] C:\Documents and Settings\Eda\restorer32_a.exe
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Eda\Data aplikací\seres.exe
O4 - Startup: ikowin32.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: boardwalk - {75a65a53-15c9-4a0c-bb40-a7ca8b24f544} - (no file)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Nejezchlebicek · Příspěvekod **Nejezchlebicek** » 30 zář 2009 15:20

nevím, jak odinstalovat remote packed Capture Protocol, Crawler Toolbar a AskBarDis

jinak v tom hijackthis mam pak zaškrnout to, co si vypsal a fixnout to a pak stáhnout ten Malwarebytes' Anti-Malware ?

Damned · Příspěvekod **Damned** » 30 zář 2009 15:37

Píšu to dle pořadí, takže fix a pak stáhnout.

Co nešlo, odstraníme později jinak.

Nejezchlebicek · Příspěvekod **Nejezchlebicek** » 30 zář 2009 16:02

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2876
Windows 5.1.2600 Service Pack 2

30.9.2009 16:00:27
mbam-log-2009-09-30 (16-00-23).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 104530
Uplynulý čas: 9 minute(s), 19 second(s)

Infikované procesy v paměti: 4
Infikované moduly v paměti: 0
Infikované klíče registru: 43
Infikované hodnoty registru: 13
Infikované datové položky registru: 4
Infikované adresáře: 7
Infikované soubory: 43

Infikované procesy v paměti:
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\restorer32_a.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Eda\Data aplikací\seres.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eda\Data aplikací\svcst.exe (Trojan.Agent) -> No action taken.

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2f5e2da4-b0d9-1715-429d-5b5dce6535af} (Rogue.AntiVirus.Gold) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7a7f202e-af91-4889-9dd5-2fe241085cc1} (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{faad2038-c371-473d-86f1-5b11d39c3775} (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac3-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ab692f9b-27fe-4511-8885-ed62bb45197b} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b499d34e-58ef-4927-ab9f-7af52b2c4c82} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ca49fdd-4aeb-4f08-a394-c0a1f82caa16} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\activationmanager.activationmanager (Trojan.MultiDefender) -> No action taken.
HKEY_CLASSES_ROOT\activationmanager.activationmanager.1 (Trojan.MultiDefender) -> No action taken.
HKEY_CLASSES_ROOT\adstechnology.adstechnology (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\adstechnology.adstechnology.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ACM.dll (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\AppID\Cerberus.exe (Rogue.AntiVirus.Gold) -> No action taken.
HKEY_CLASSES_ROOT\AppID\PG.dll (Rogue.WinSecureAv) -> No action taken.
HKEY_CLASSES_ROOT\engine.backup (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.backup.1 (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.ignorelist (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.ignorelist.1 (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.log (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.log.1 (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.logrecord (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.logrecord.1 (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.paths (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.paths.1 (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.quarantine (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.quarantine.1 (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.runas (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.runas.1 (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.searchitem (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.searchitem.1 (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.threat (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.threat.1 (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\iVideo (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ActivationManager (Trojan.MultiDefender) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\iVideo (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iVideo (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer32_a (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer32_a (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Trojan.Agent) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> No action taken.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.SpyGuard) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> No action taken.

Infikované datové položky registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované adresáře:
C:\Program Files\ActivationManager (Trojan.MultiDefender) -> No action taken.
C:\Program Files\ADSTechnology (Trojan.BHO) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1 (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1\Logs (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\iVideo (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\ADSTechnology (Trojan.BHO) -> No action taken.
C:\Program Files\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> No action taken.

Infikované soubory:
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Eda\Data aplikací\lizkavd.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\LocalService\Data aplikací\lizkavd.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temp\msupd_2.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temporary Internet Files\Content.IE5\N1SQLVJK\Install[1].exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M5YJG76F\(SC)[1].(N) (Trojan.FakeAlert) -> No action taken.
C:\Program Files\ADSTechnology\Uninstall.exe (Trojan.BHO) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1\AntiSpyGolden AntiSpyGolden.url (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1\Logs\scan_log_10252007-205904.html (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1\Logs\scan_log_10252007-205925.html (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1\Logs\scan_log_10252007-210139.html (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1\Logs\scan_log_10262007-081718.html (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1\Logs\scan_log_10262007-090648.html (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1\Logs\scan_log_10262007-090919.html (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1\Logs\scan_log_10262007-093404.html (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\iVideo\Uninstall.exe (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\ADSTechnology\Uninstall.lnk (Trojan.BHO) -> No action taken.
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.cfg (Rogue.AntiVirusPro2010) -> No action taken.
C:\Documents and Settings\Eda\restorer32_a.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\restorer32_a.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Eda\Data aplikací\seres.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\Data aplikací\seres.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eda\Data aplikací\svcst.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\Data aplikací\svcst.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\luhyjycu.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eda\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\Máma\Oblíbené položky\Online Security Test.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temp\BN37.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temp\BN39.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temp\BN1.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temp\BN6.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temp\tmpwr2 (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temp\tmpwr3 (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temp\tmpwr4 (Rogue.Installer) -> No action taken.
C:\WINDOWS\Temp\wpv351254042811.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\wpv411253926400.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eda\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.

Damned · Příspěvekod **Damned** » 30 zář 2009 16:11

Jinak Antivirus pro 2010 není antivir, ale šmejd co láká prachy.
Restartuj do Nouzového režimu.

V něm spusť znovu MbAM a dej Úpný sken
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Nejezchlebicek · Příspěvekod **Nejezchlebicek** » 30 zář 2009 16:13

ten combo fix mam dělat už normálně, nebo taky v nouzovym režimu?

jinak jaká klávesa se mačká při vstupu do nouzového režimu? už sem to zapoměl.. dlouho sem to nedělělal

Damned · Příspěvekod **Damned** » 30 zář 2009 16:46

F8 do NR. Pokud vše v MbAM smažeš v nouzáku, bude chtít restart, tak ComboFix už v normálním režimu.

Nejezchlebicek · Příspěvekod **Nejezchlebicek** » 30 zář 2009 19:19

Tady je mbam
Malwarebytes' Anti-Malware 1.41
Verze databáze: 2876
Windows 5.1.2600 Service Pack 2 (Safe Mode)

30.9.2009 18:42:34
mbam-log-2009-09-30 (18-42-29).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|X:\|)
Zkontrolované objekty: 235181
Uplynulý čas: 1 hour(s), 46 minute(s), 0 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 43
Infikované hodnoty registru: 13
Infikované datové položky registru: 4
Infikované adresáře: 7
Infikované soubory: 47

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2f5e2da4-b0d9-1715-429d-5b5dce6535af} (Rogue.AntiVirus.Gold) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7a7f202e-af91-4889-9dd5-2fe241085cc1} (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{faad2038-c371-473d-86f1-5b11d39c3775} (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac3-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ab692f9b-27fe-4511-8885-ed62bb45197b} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b499d34e-58ef-4927-ab9f-7af52b2c4c82} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ca49fdd-4aeb-4f08-a394-c0a1f82caa16} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\activationmanager.activationmanager (Trojan.MultiDefender) -> No action taken.
HKEY_CLASSES_ROOT\activationmanager.activationmanager.1 (Trojan.MultiDefender) -> No action taken.
HKEY_CLASSES_ROOT\adstechnology.adstechnology (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\adstechnology.adstechnology.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ACM.dll (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\AppID\Cerberus.exe (Rogue.AntiVirus.Gold) -> No action taken.
HKEY_CLASSES_ROOT\AppID\PG.dll (Rogue.WinSecureAv) -> No action taken.
HKEY_CLASSES_ROOT\engine.backup (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.backup.1 (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.ignorelist (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.ignorelist.1 (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.log (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.log.1 (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.logrecord (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.logrecord.1 (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.paths (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.paths.1 (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.quarantine (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.quarantine.1 (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.runas (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.runas.1 (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.searchitem (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.searchitem.1 (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.threat (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\engine.threat.1 (Rogue.AntiSpyKit) -> No action taken.
HKEY_CLASSES_ROOT\iVideo (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ActivationManager (Trojan.MultiDefender) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\iVideo (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iVideo (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer32_a (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer32_a (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Trojan.Agent) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> No action taken.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.SpyGuard) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> No action taken.

Infikované datové položky registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované adresáře:
C:\Program Files\ActivationManager (Trojan.MultiDefender) -> No action taken.
C:\Program Files\ADSTechnology (Trojan.BHO) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1 (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1\Logs (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\iVideo (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\ADSTechnology (Trojan.BHO) -> No action taken.
C:\Program Files\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> No action taken.

Infikované soubory:
C:\Documents and Settings\Eda\Data aplikací\lizkavd.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temp\msupd_2.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temporary Internet Files\Content.IE5\N1SQLVJK\Install[1].exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\LocalService\Data aplikací\lizkavd.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M5YJG76F\(SC)[1].(N) (Trojan.FakeAlert) -> No action taken.
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{ABBC1891-7104-429C-9B52-7380107D7A8D}\RP610\A0205746.cpl (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{ABBC1891-7104-429C-9B52-7380107D7A8D}\RP610\A0205753.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{ABBC1891-7104-429C-9B52-7380107D7A8D}\RP610\A0205761.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{ABBC1891-7104-429C-9B52-7380107D7A8D}\RP610\A0205762.cpl (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> No action taken.
C:\Program Files\ADSTechnology\Uninstall.exe (Trojan.BHO) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1\AntiSpyGolden AntiSpyGolden.url (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1\Logs\scan_log_10252007-205904.html (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1\Logs\scan_log_10252007-205925.html (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1\Logs\scan_log_10252007-210139.html (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1\Logs\scan_log_10262007-081718.html (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1\Logs\scan_log_10262007-090648.html (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1\Logs\scan_log_10262007-090919.html (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\AntiSpyGolden 5.1\Logs\scan_log_10262007-093404.html (Rogue.AntiSpyGolden) -> No action taken.
C:\Program Files\iVideo\Uninstall.exe (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\ADSTechnology\Uninstall.lnk (Trojan.BHO) -> No action taken.
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.cfg (Rogue.AntiVirusPro2010) -> No action taken.
C:\Documents and Settings\Eda\restorer32_a.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\restorer32_a.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Eda\Data aplikací\seres.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\Data aplikací\seres.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eda\Data aplikací\svcst.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService\Data aplikací\svcst.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\luhyjycu.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eda\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\Máma\Oblíbené položky\Online Security Test.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temp\BN37.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temp\BN39.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temp\BN1.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temp\BN6.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temp\tmpwr2 (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temp\tmpwr3 (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Eda\Local Settings\Temp\tmpwr4 (Rogue.Installer) -> No action taken.
C:\WINDOWS\Temp\wpv351254042811.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\wpv411253926400.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Eda\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.

Nejezchlebicek · Příspěvekod **Nejezchlebicek** » 30 zář 2009 19:19

a tady je combofix, jinak problém s tim fake virem ustal

ComboFix 09-09-29.04 - Eda 30.09.2009 18:59.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1023.537 [GMT 2:00]
Spuštěný z: X:\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081226-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
/wow section - STAGE 10

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dokumenty\arykuty.pif
c:\documents and settings\All Users\Dokumenty\byzax.sys
c:\documents and settings\All Users\Dokumenty\esologihil.inf
c:\documents and settings\All Users\Dokumenty\jyqidan.exe
c:\documents and settings\All Users\Dokumenty\tevajab.exe
c:\documents and settings\All Users\Dokumenty\tuzuwe.dll
c:\documents and settings\All Users\Dokumenty\wamezipy.dl
c:\documents and settings\Eda\Data aplikací\Microsoft\Clip Organizer\mstore10.mgc
c:\documents and settings\Eda\Data aplikací\Microsoft\Clip Organizer\Offic10.MGC
c:\documents and settings\LocalService\Cookies\cukokyryt.inf
c:\documents and settings\LocalService\Cookies\gafaqyq.dl
c:\documents and settings\LocalService\Cookies\irytyger.bat
c:\documents and settings\LocalService\Cookies\lejih.com
c:\documents and settings\LocalService\Cookies\olak.scr
c:\documents and settings\LocalService\Local Settings\Data aplikacˇ\byxo.vbs
c:\documents and settings\LocalService\Local Settings\Data aplikacˇ\feverejuw.vbs
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\azywure.inf
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ifefocewob.bin
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\pipafyp.inf
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\pory.sys
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\sexodego.reg
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\wureno._dl
c:\program files\Common Files\acoro.inf
c:\program files\Common Files\egih.exe
c:\windows\ajydejuqi._dl
c:\windows\amilyfix.pif
c:\windows\egedam.vbs
c:\windows\gaminof.dll
c:\windows\Installer\1658554.msi
c:\windows\Installer\9521fa.msi
c:\windows\puwoxu.pif
c:\windows\system32\_scui.cpl
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\tmp47.tmp
c:\windows\system32\tmp74.tmp
c:\windows\system32\ubosaxa.ban
c:\windows\system32\udex.pif
c:\windows\system32\uqazaquwi._dl
c:\windows\system32\wpcap.dll
c:\windows\UA000079.DLL
c:\windows\UA000080.DLL
c:\windows\wyduf._dl

Nakažená kopie c:\windows\system32\drivers\AGP440.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Soubory vytvořené od 2009-08-28 do 2009-09-30 )))))))))))))))))))))))))))))))
.

2009-09-30 16:48 . 2009-09-30 16:48 17300 ----a-w- c:\windows\iqaxulu.dat
2009-09-30 16:48 . 2009-09-30 16:48 12196 ----a-w- c:\windows\system32\wuvile.com
2009-09-30 16:48 . 2009-09-30 16:49 -------- d-----w- c:\program files\AntivirusPro_2010
2009-09-30 13:49 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 13:49 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-30 13:49 . 2009-09-30 13:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 12:29 . 2009-09-30 12:29 -------- d-----w- c:\program files\Trend Micro
2009-09-30 05:12 . 2009-09-30 05:12 -------- d-----w- C:\AntivirusPro_2010
2009-09-22 21:31 . 2009-09-22 21:31 -------- d-----w- c:\program files\CountDown ShutDown PC
2009-09-22 13:21 . 2007-08-22 15:02 32768 ----a-w- c:\documents and settings\Eda\mspformat.exe
2009-09-21 20:54 . 2009-09-21 20:54 -------- d-sh--w- c:\documents and settings\Eda\IECompatCache
2009-09-08 12:59 . 2009-09-08 12:59 -------- d-----w- C:\Sounds
2009-09-08 12:45 . 2008-11-11 11:42 24832 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2009-09-08 12:45 . 2008-11-11 11:41 19968 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2009-09-08 12:45 . 2008-11-11 11:41 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2009-09-08 12:45 . 2009-09-08 12:45 -------- d-----w- c:\program files\LG Electronics
2009-09-08 12:43 . 2007-11-08 14:26 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2009-09-08 12:43 . 2009-09-28 21:22 -------- d-----w- c:\program files\LG PC Suite II
2009-09-03 17:42 . 2005-04-25 11:01 458752 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2009-09-03 17:42 . 2005-04-04 15:21 602112 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2009-09-03 17:42 . 2005-03-28 13:54 479232 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2009-09-03 17:42 . 2005-02-24 09:51 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2009-09-03 17:42 . 2005-05-18 09:52 1212416 ----a-w- c:\windows\system32\NCTAudioInformation2.dll
2009-09-03 17:42 . 2005-05-17 10:37 1986560 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2009-09-03 17:42 . 2005-04-25 11:01 458752 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2009-09-03 17:42 . 2005-04-15 10:08 880640 ----a-w- c:\windows\system32\NCTAudioEditor2.dll
2009-09-03 17:42 . 2004-11-04 11:31 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll
2009-09-03 17:42 . 2009-09-03 17:42 -------- d-----w- c:\program files\Mp3 Editor for Free
2009-09-01 18:31 . 2009-09-01 18:31 -------- d-----w- c:\program files\ICQ6Toolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 16:45 . 2009-01-29 23:20 -------- d-----w- c:\program files\ViStart
2009-09-30 13:47 . 2008-02-26 15:59 -------- d-----w- c:\program files\ICQToolbar
2009-09-30 13:10 . 2007-10-06 19:25 -------- d-----w- c:\program files\Logitech
2009-09-23 05:08 . 2008-07-07 21:05 -------- d-----w- c:\program files\7-Zip
2009-09-23 05:08 . 2008-03-21 18:49 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-21 19:42 . 2009-03-08 18:34 -------- d-----w- c:\program files\CamStudio
2009-09-21 19:42 . 2008-03-12 16:53 -------- d-----w- c:\program files\LimeWire
2009-09-21 19:39 . 2008-07-10 11:28 260 ----a-w- c:\windows\system32\FSEPath.dat
2009-09-08 12:45 . 2007-05-13 11:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-05 22:00 . 2009-02-12 21:11 -------- d-----w- c:\program files\Microsoft Works
2009-09-01 18:30 . 2008-02-26 15:57 -------- d-----w- c:\program files\ICQ6
2009-08-07 07:04 . 2004-08-18 12:00 91916 ----a-w- c:\windows\system32\perfc005.dat
2009-08-07 07:04 . 2004-08-18 12:00 461950 ----a-w- c:\windows\system32\perfh005.dat
2009-08-05 09:07 . 2004-08-18 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:57 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-18 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2004-08-18 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2004-03-11 11:27 . 2007-05-13 17:08 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-01-30 1363968]
"PowerBar"="c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2003-12-22 86016]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"UIWatcher"="c:\program files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe" [2008-08-12 3508568]
"Vista Sidebar"="c:\program files\Vista Sidebar\sidebar.exe" [2007-11-20 524288]
"ViStart"="c:\program files\ViStart\ViStart.exe" [2007-11-26 593920]
"Google Update"="c:\documents and settings\Eda\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-10-15 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AirLive 802.11G Wireless Utility.lnk - c:\program files\OVISLINK\Common\AirliveUI.exe [2009-2-6 1290240]
Mˇstnˇ vyhled v nˇ.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^EA_RESTART_001.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\EA_RESTART_001.lnk
backup=c:\windows\pss\EA_RESTART_001.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Eda^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\Eda\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Eda^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Eda\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Eda^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Eda\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\nejezchlebicek\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\nejezchlebicek\\condition zero\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\nejezchlebicek\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\nejezchlebicek\\deathmatch classic\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\nejezchlebicek\\day of defeat\\hl.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\nejezchlebicek\\ricochet\\hl.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"x:\\metin2.bin"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12973:TCP"= 12973:TCP:BitComet 12973 TCP
"12973:UDP"= 12973:UDP:BitComet 12973 UDP

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [12.7.2008 17:17 39472]
R0 wxbfileb;XB File System Filter Driver;c:\windows\system32\drivers\wxbfileb.sys [10.7.2008 13:28 18816]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.5.2008 16:40 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.5.2008 16:40 20560]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-Series Mouse\KMWDSrv.exe [9.6.2007 1:23 208896]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [22.4.2009 13:59 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [22.4.2009 13:59 3072]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [11.7.2008 19:36 13352]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [15.11.2008 13:45 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-09-30 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-09-13 09:08]

2009-09-30 c:\windows\Tasks\User_Feed_Synchronization-{79F3AA60-B8C3-4A39-9663-FB760B2A1711}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]

2009-09-30 c:\windows\Tasks\User_Feed_Synchronization-{8A1CF739-A63D-4154-AEB9-91B14C533DC1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
Notify-AtiExtEvent - (no file)
AddRemove-eMusic Promotion - x:\winamp\eMusic\Uninst-eMusic-promotion.exe
AddRemove-Video Player ActiveX 1.05a - c:\program files\Video Player ActiveX 1.05a
AddRemove-Winamp - x:\winamp\UninstWA.exe
AddRemove-{FlatOut} - d:\\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 19:09
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-861567501-117609710-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:19,0d,4f,00,1c,6e,c4,ae,5b,4b,ca,25,71,9b,14,88,74,fd,f6,3a,6d,33,2f,
8a,e5,8f,82,02,75,8b,b5,1c,85,3f,14,68,70,2e,04,31,71,24,76,84,e0,e1,d6,f2,\
"??"=hex:19,ba,59,ea,19,57,ef,1e,db,35,28,3a,74,e6,dd,04

[HKEY_USERS\S-1-5-21-861567501-117609710-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:0d,9f,a3,41,fa,47,21,2c,e5,7a,a8,16,e3,1f,ea,39,ea,58,80,c7,6b,
8b,14,f4,53,bd,69,38,2d,c7,28,8f,2f,b3,6b,57,3c,ca,24,a3,45,b6,8e,9e,41,19,\
"rkeysecu"=hex:55,72,b1,1f,88,a2,03,c5,fe,42,58,65,86,b9,0f,2f
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2444)
c:\program files\ViStart\MainHook.Dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\searchindexer.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Celkový čas: 2009-09-30 19:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-30 17:16

Před spuštěním: 4 023 230 464
Po spuštění: 6 432 665 600

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

290 --- E O F --- 2009-09-23 05:14

Bublina your computer is infected

Bublina your computer is infected

Re: Bublina your computer is infected

Re: Bublina your computer is infected

Re: Bublina your computer is infected

Re: Bublina your computer is infected

Re: Bublina your computer is infected

Re: Bublina your computer is infected

Re: Bublina your computer is infected

Re: Bublina your computer is infected

Re: Bublina your computer is infected

Re: Bublina your computer is infected

Re: Bublina your computer is infected

Kdo je online