"Antivirus XP 2008" again

[ismit]

ahoj, dle rad od někoho zde jsem stáhl Malwarebytes' anti-malware a ten vypisuje toto:

Malwarebytes' Anti-Malware 1.28
Verze databáze: 1136
Windows 5.1.2600 Service Pack 2

12/09/2008 13:46:01
mbam-log-2008-09-12 (13-45-50).txt

Typ skenu: Rychlý sken
Objektu skenováno: 105583
Uplynulý cas: 16 minute(s), 20 second(s)

Infikované procesy pameti: 1
Infikované pametové moduly: 0
Infikované klíce registru: 15
Infikované hodnoty registru: 6
Infikované položky dat registru: 2
Infikované složky: 23
Infikované soubory: 37

Infikované procesy pameti:
C:\WINDOWS\system32\pphcrqbj0ee43.exe (Trojan.FakeAlert) -> No action taken.

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcvqbj0ee43 (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcvqbj0ee43 (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcvqbj0ee43 (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\csrss (Spyware.Banker) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
C:\Program Files\rhcvqbj0ee43 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\rodina\Data aplikací\rhcvqbj0ee43 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\rodina\Data aplikací\rhcvqbj0ee43\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\rodina\Data aplikací\rhcvqbj0ee43\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\rodina\Data aplikací\rhcvqbj0ee43\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\rodina\Data aplikací\rhcvqbj0ee43\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\rodina\Data aplikací\rhcvqbj0ee43\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\rodina\Data aplikací\rhcvqbj0ee43\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\rodina\Data aplikací\rhcvqbj0ee43\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\rodina\Data aplikací\rhcvqbj0ee43\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\rodina\Data aplikací\rhcvqbj0ee43\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\rodina\Data aplikací\rhcvqbj0ee43\Quarantine\Packages (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mates\Data aplikací\rhcvqbj0ee43 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mates\Data aplikací\rhcvqbj0ee43\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mates\Data aplikací\rhcvqbj0ee43\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mates\Data aplikací\rhcvqbj0ee43\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mates\Data aplikací\rhcvqbj0ee43\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mates\Data aplikací\rhcvqbj0ee43\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mates\Data aplikací\rhcvqbj0ee43\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mates\Data aplikací\rhcvqbj0ee43\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mates\Data aplikací\rhcvqbj0ee43\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mates\Data aplikací\rhcvqbj0ee43\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\mates\Data aplikací\rhcvqbj0ee43\Quarantine\Packages (Rogue.Multiple) -> No action taken.

Infikované soubory:
C:\WINDOWS\system32\blphcrqbj0ee43.scr (Trojan.FakeAlert) -> No action taken.
C:\Program Files\rhcvqbj0ee43\database.dat (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcvqbj0ee43\license.txt (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcvqbj0ee43\MFC71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcvqbj0ee43\MFC71ENU.DLL (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcvqbj0ee43\msvcp71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcvqbj0ee43\msvcr71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcvqbj0ee43\rhcvqbj0ee43.exe (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcvqbj0ee43\rhcvqbj0ee43.exe.local (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcvqbj0ee43\Uninstall.exe (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Plocha\Antivirus XP 2008.lnk (Rogue.Antivirus) -> No action taken.
C:\WINDOWS\system32\netstat.com (Worm.Alcra) -> No action taken.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\phcrqbj0ee43.bmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\pphcrqbj0ee43.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\rodina\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\rodina\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\rodina\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\rodina\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\rodina\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\rodina\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mates\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mates\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mates\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mates\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mates\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mates\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mates\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mates\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mates\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mates\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mates\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mates\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mates\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mates\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\mates\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> No action taken.

kdyby byl někdo ochoten mi poradit, budu mu vděčný, díky

[fredik]

Spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results (Zobrazit výsledky)
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected (Odstranit vybrané)
- když skončí odstraňování tak se ti zobrazí log, vlož ho sem
- pak zvol v programu OK a pak program ukonči přes Exit
+
dej sem nový log z HJT.

[ismit]

tak díky, už se to vyčistilo. 0 infikovaných.