PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

Problémy s reklamami (IE)

https://pc-help.cnews.cz/viewtopic.php?f=3&t=45568

Stránka 1 z 2

Problémy s reklamami (IE)

Napsal: 10 říj 2009 16:26
od Zemish
Čau lidi, při prohlížení jakýkoliv stránek internetu v Opeře se mi otevírají reklamy v Internet Exploreru a to se děje i při tom, když internet zrovna neužívám. Prosím Vás, jak se toho v klidu zbavím! Vždycky mě to s prominutím "nasere".

Odměna za nalezení pachatele: 3000 WM

Re: Problémy s reklamami (IE)

Napsal: 10 říj 2009 16:29
od Damned
Zkus si neprohlížet internet v Opeře, ale třeba v divadle :lol: :lol:

Z mého podpisu si stáhni HijackThis, podle návodu udělej log a vlož mi ho sem.

Re: Problémy s reklamami (IE)

Napsal: 10 říj 2009 16:33
od Zemish
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:31:57, on 10.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\HP Wireless Keyboard\KMaestro.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ .exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Opera\opera.exe
C:\DOCUME~1\Zemish\LOCALS~1\Temp\ctv3778.exe
C:\Documents and Settings\Zemish\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP Wireless Keyboard\KMaestro.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{196A49A4-B71C-4F59-9789-1BC2C22A022D}: NameServer = 213.180.36.130,213.180.36.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{196A49A4-B71C-4F59-9789-1BC2C22A022D}: NameServer = 213.180.36.130,213.180.36.131
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6576 bytes

Re: Problémy s reklamami (IE)

Napsal: 10 říj 2009 16:42
od Damned
Odinstaluj si ICQ6Toolbar, DAEMON Tools Toolbar a podívej jestli v Přidat/odebrat programy nemáš něco jako MyWebSearch, FunnyWeb nebo Juicy Acces, System Search Dispatcher nebo Internet Saving Optimizer. Pokud ano, taky odinstaluj.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Re: Problémy s reklamami (IE)

Napsal: 10 říj 2009 16:57
od Zemish
Malwarebytes' Anti-Malware 1.41
Verze databáze: 2936
Windows 5.1.2600 Service Pack 3

10.10.2009 16:57:20
mbam-log-2009-10-10 (16-57-16).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 92132
Uplynulý čas: 3 minute(s), 29 second(s)

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 4
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 30

Infikované procesy v paměti:
C:\Program Files\WinFast\WFTVFM\wfwiz.exe (Trojan.Downloader) -> No action taken.

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winfast schedule (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lightscribe control panel (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nerofiltercheck (Trojan.Downloader) -> No action taken.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Program Files\WinFast\WFTVFM\wfwiz.exe (Trojan.Downloader) -> No action taken.
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (Trojan.Downloader) -> No action taken.
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Zemish\alcmtr.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Zemish\rthdcpl .exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Zemish\rthdcpl.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv1017.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv1908.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv1909.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv1915.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv1937.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv2829.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv2835.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv2836.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv2850.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv2858.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv3749.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv3756.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv3778.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv4670.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv4677.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv4696.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv4699.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv5590.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv5598.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv6532.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv7452.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv8373.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv9294.exe (Trojan.Dropper) -> No action taken.
C:\Program Files\Adobe\acrotray.exe (Trojan.Agent) -> No action taken.

Re: Problémy s reklamami (IE)

Napsal: 10 říj 2009 17:09
od Damned
Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Re: Problémy s reklamami (IE)

Napsal: 10 říj 2009 17:12
od Zemish
Malwarebytes' Anti-Malware 1.41
Verze databáze: 2936
Windows 5.1.2600 Service Pack 3

10.10.2009 17:12:37
mbam-log-2009-10-10 (17-12-37).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 92251
Uplynulý čas: 1 minute(s), 24 second(s)

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 4
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 31

Infikované procesy v paměti:
C:\Program Files\WinFast\WFTVFM\wfwiz.exe (Trojan.Downloader) -> Unloaded process successfully.

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winfast schedule (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lightscribe control panel (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nerofiltercheck (Trojan.Downloader) -> Quarantined and deleted successfully.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Program Files\WinFast\WFTVFM\wfwiz.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\alcmtr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\rthdcpl .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\rthdcpl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv1017.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv1028.exe (Trojan.Dropper) -> Delete on reboot.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv1908.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv1909.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv1915.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv1937.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv2829.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv2835.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv2836.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv2850.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv2858.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv3749.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv3756.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv3778.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv4670.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv4677.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv4696.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv4699.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv5590.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv5598.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv6532.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv7452.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv8373.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zemish\Local Settings\temp\ctv9294.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\acrotray.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Re: Problémy s reklamami (IE)

Napsal: 10 říj 2009 17:15
od Damned
Výborně, ještě ten ComboFix

Re: Problémy s reklamami (IE)

Napsal: 10 říj 2009 17:24
od Zemish
ComboFix 09-10-08.04 - Zemish 10.10.2009 17:18.3.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1428 [GMT 2:00]
Spuštěný z: c:\documents and settings\Zemish\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ctfmon .exe
c:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-10 do 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-10-10 14:52 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-10 14:52 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-10 14:52 . 2009-10-10 14:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-07 18:37 . 2009-10-07 18:37 -------- d-sh--w- c:\documents and settings\Zemish\IECompatCache
2009-10-04 10:38 . 2009-10-04 10:38 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-10-04 10:38 . 2009-10-04 10:38 298104 ----a-w- c:\windows\system32\imon.dll
2009-10-04 10:38 . 2009-10-04 10:38 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-10-04 10:37 . 2009-10-04 10:47 -------- d-----w- c:\program files\Eset
2009-10-02 11:52 . 2009-10-02 11:52 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-02 11:47 . 2009-10-02 11:47 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-16 14:54 . 2009-09-16 14:54 -------- d-sh--w- c:\documents and settings\Zemish\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 15:12 . 2009-05-30 17:45 -------- d-----w- c:\program files\Common Files\LightScribe
2009-10-10 14:46 . 2009-05-26 16:00 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-09-26 16:48 . 2009-08-22 17:40 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-08 14:55 . 2009-09-08 14:55 -------- d-----w- c:\program files\Bonjour
2009-09-08 14:55 . 2009-09-08 14:55 -------- d-----w- c:\program files\QuickTime
2009-09-01 12:34 . 2009-09-01 12:34 -------- d-----w- c:\program files\HP Wireless Keyboard
2009-08-21 12:49 . 2002-09-23 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-08-21 12:49 . 2002-09-23 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-08-06 17:24 . 2009-05-25 16:20 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-05-25 16:20 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-05-25 16:20 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-05-25 15:14 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2002-09-23 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-05-25 16:20 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-05-25 15:14 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2002-09-23 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-21 08:04 . 2009-07-21 08:04 98304 ----a-w- c:\windows\system32\qttask.exe
2009-07-20 16:42 . 2009-07-20 16:42 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-20 07:34 . 2009-07-20 07:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-07-17 19:04 . 2002-09-23 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2009-05-25 16:20 286208 ------w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-03_18.05.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-09-23 12:00 . 2009-06-25 08:27 54272 c:\windows\system32\wdigest.dll
+ 2002-09-23 12:00 . 2008-04-14 06:52 37888 c:\windows\system32\url.dll
+ 2009-10-07 14:07 . 2009-08-06 17:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-07 14:07 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2002-09-23 12:00 . 2009-06-25 08:27 56832 c:\windows\system32\secur32.dll
- 2002-09-23 12:00 . 2009-02-03 19:58 56832 c:\windows\system32\secur32.dll
+ 2002-09-23 12:00 . 2008-04-14 06:51 39424 c:\windows\system32\pngfilt.dll
+ 2002-09-23 12:00 . 2008-04-14 06:51 96768 c:\windows\system32\occache.dll
+ 2002-09-23 12:00 . 2008-04-14 05:42 56832 c:\windows\system32\mshtmler.dll
+ 2002-09-23 12:00 . 2008-04-14 06:52 29184 c:\windows\system32\mshta.exe
+ 2002-09-23 12:00 . 2008-04-14 06:51 22016 c:\windows\system32\licmgr10.dll
+ 2002-09-23 12:00 . 2008-04-14 06:51 15872 c:\windows\system32\jsproxy.dll
+ 2002-09-23 12:00 . 2008-04-14 06:51 96768 c:\windows\system32\inseng.dll
+ 2002-09-23 12:00 . 2008-04-14 06:51 35840 c:\windows\system32\imgutil.dll
+ 2002-09-23 12:00 . 2008-04-14 06:51 62976 c:\windows\system32\iesetup.dll
+ 2002-09-23 12:00 . 2008-04-14 06:51 48128 c:\windows\system32\iernonce.dll
+ 2009-07-09 05:56 . 2009-06-26 16:51 81920 c:\windows\system32\ieencode.dll
+ 2002-09-23 12:00 . 2008-04-14 06:52 34304 c:\windows\system32\ie4uinit.exe
+ 2002-09-23 12:00 . 2009-06-24 11:18 92928 c:\windows\system32\drivers\ksecdd.sys
+ 2009-05-25 16:20 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2009-05-25 15:14 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2009-06-25 08:27 . 2009-06-25 08:27 54272 c:\windows\system32\dllcache\wdigest.dll
- 2009-02-03 19:58 . 2009-02-03 19:58 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-02-03 19:58 . 2009-06-25 08:27 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2009-07-09 05:56 . 2009-06-26 16:51 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2002-09-23 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2002-09-23 12:00 . 2008-04-14 06:51 35328 c:\windows\system32\corpol.dll
+ 2002-09-23 12:00 . 2008-04-14 06:51 61440 c:\windows\system32\admparse.dll
+ 2009-10-04 09:33 . 2008-07-08 12:59 26488 c:\windows\$hf_mig$\KB968389\update\spcustom.dll
+ 2009-10-04 09:33 . 2008-07-08 12:59 18296 c:\windows\$hf_mig$\KB968389\spmsg.dll
+ 2009-06-25 08:42 . 2009-06-25 08:42 54272 c:\windows\$hf_mig$\KB968389\SP3QFE\wdigest.dll
+ 2009-06-25 08:42 . 2009-06-25 08:42 56832 c:\windows\$hf_mig$\KB968389\SP3QFE\secur32.dll
+ 2009-06-24 10:28 . 2009-06-24 10:28 92928 c:\windows\$hf_mig$\KB968389\SP3QFE\ksecdd.sys
+ 2002-09-23 12:00 . 2009-06-26 16:51 667648 c:\windows\system32\wininet.dll
+ 2002-09-23 12:00 . 2008-04-14 06:52 278528 c:\windows\system32\webcheck.dll
+ 2002-09-23 12:00 . 2008-05-09 10:56 430080 c:\windows\system32\vbscript.dll
+ 2002-09-23 12:00 . 2009-06-26 16:51 619520 c:\windows\system32\urlmon.dll
+ 2002-09-23 12:00 . 2009-06-25 08:27 147456 c:\windows\system32\schannel.dll
+ 2002-09-23 12:00 . 2009-06-25 08:27 136192 c:\windows\system32\msv1_0.dll
+ 2002-09-23 12:00 . 2008-04-14 06:51 532480 c:\windows\system32\mstime.dll
+ 2002-09-23 12:00 . 2008-04-14 06:51 146432 c:\windows\system32\msrating.dll
+ 2002-09-23 12:00 . 2002-09-23 12:00 146432 c:\windows\system32\msls31.dll
+ 2002-09-23 12:00 . 2008-04-14 06:51 449024 c:\windows\system32\mshtmled.dll
+ 2002-09-23 12:00 . 2009-06-25 08:27 729088 c:\windows\system32\lsasrv.dll
+ 2002-09-23 12:00 . 2009-06-25 08:27 301568 c:\windows\system32\kerberos.dll
+ 2002-09-23 12:00 . 2009-08-13 15:24 512000 c:\windows\system32\jscript.dll
+ 2002-09-23 12:00 . 2008-04-14 06:51 251904 c:\windows\system32\iepeers.dll
+ 2002-09-23 12:00 . 2008-04-14 06:51 323584 c:\windows\system32\iedkcs32.dll
+ 2002-09-23 12:00 . 2002-09-23 12:00 225280 c:\windows\system32\ieakui.dll
+ 2002-09-23 12:00 . 2008-04-14 06:51 219136 c:\windows\system32\ieaksie.dll
+ 2002-09-23 12:00 . 2008-04-14 06:51 143360 c:\windows\system32\ieakeng.dll
+ 2002-09-23 12:00 . 2008-04-14 06:51 205312 c:\windows\system32\dxtrans.dll
+ 2002-09-23 12:00 . 2008-04-14 06:51 357888 c:\windows\system32\dxtmsft.dll
+ 2009-05-25 16:20 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2009-05-25 16:20 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2009-05-25 16:20 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-02-20 08:12 . 2009-06-26 16:51 667648 c:\windows\system32\dllcache\wininet.dll
+ 2008-05-09 10:56 . 2008-05-09 10:56 430080 c:\windows\system32\dllcache\vbscript.dll
+ 2009-02-20 08:12 . 2009-06-26 16:51 619520 c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-05 06:57 . 2009-06-25 08:27 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-06-25 08:27 . 2009-06-25 08:27 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2002-09-23 12:00 . 2002-09-23 12:00 146432 c:\windows\system32\dllcache\msls31.dll
+ 2009-05-25 17:04 . 2009-06-25 08:27 729088 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:27 . 2009-06-25 08:27 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2008-05-09 10:56 . 2009-08-13 15:24 512000 c:\windows\system32\dllcache\jscript.dll
+ 2002-09-23 12:00 . 2002-09-23 12:00 225280 c:\windows\system32\dllcache\ieakui.dll
+ 2002-09-23 12:00 . 2008-04-14 06:51 100352 c:\windows\system32\advpack.dll
+ 2009-10-04 09:33 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB968389\update\updspapi.dll
+ 2009-10-04 09:33 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB968389\update\update.exe
+ 2009-10-04 09:33 . 2008-07-08 12:59 233848 c:\windows\$hf_mig$\KB968389\spuninst.exe
+ 2009-06-25 08:42 . 2009-06-25 08:42 147456 c:\windows\$hf_mig$\KB968389\SP3QFE\schannel.dll
+ 2009-06-25 08:42 . 2009-06-25 08:42 136704 c:\windows\$hf_mig$\KB968389\SP3QFE\msv1_0.dll
+ 2009-06-26 09:42 . 2009-06-26 09:42 729088 c:\windows\$hf_mig$\KB968389\SP3QFE\lsasrv.dll
+ 2009-06-25 08:42 . 2009-06-25 08:42 301568 c:\windows\$hf_mig$\KB968389\SP3QFE\kerberos.dll
+ 2002-09-23 12:00 . 2009-07-18 16:05 1510400 c:\windows\system32\shdocvw.dll
+ 2002-09-23 12:00 . 2009-07-18 16:05 3090432 c:\windows\system32\mshtml.dll
+ 2009-05-25 15:14 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2009-03-02 23:11 . 2009-07-18 16:05 1510400 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-02-20 08:12 . 2009-07-18 16:05 3090432 c:\windows\system32\dllcache\mshtml.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"BtcMaestro"="c:\program files\HP Wireless Keyboard\KMaestro.exe" [2007-11-15 348160]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-10-04 949376]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-26 18081280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Zemish\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [25.5.2009 20:03 17640]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [4.10.2009 12:38 15424]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [1.4.2009 13:28 93184]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [27.5.2009 15:56 9446]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.5.2009 14:39 1684736]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Doplňkový sken -------
.
TCP: {196A49A4-B71C-4F59-9789-1BC2C22A022D} = 213.180.36.130,213.180.36.131
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-10 17:21
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(584)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2009-10-10 17:21
ComboFix-quarantined-files.txt 2009-10-10 15:21

Před spuštěním: Volných bajtů: 42 486 276 096
Po spuštění: Volných bajtů: 42 777 833 472

201 --- E O F --- 2009-10-10 11:34

Re: Problémy s reklamami (IE)

Napsal: 10 říj 2009 17:44
od Damned
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\ezsidmv.dat

Folder::
c:\program files\DAEMON Tools Toolbar



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
Obrázek

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

Re: Problémy s reklamami (IE)

Napsal: 10 říj 2009 17:56
od Zemish
ComboFix 09-10-08.04 - Zemish 10.10.2009 17:49.4.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1517 [GMT 2:00]
Spuštěný z: c:\documents and settings\Zemish\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Zemish\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý


FILE ::
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-10 do 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-10-10 14:52 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-10 14:52 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-10 14:52 . 2009-10-10 14:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-07 18:37 . 2009-10-07 18:37 -------- d-sh--w- c:\documents and settings\Zemish\IECompatCache
2009-10-04 10:38 . 2009-10-04 10:38 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-10-04 10:38 . 2009-10-04 10:38 298104 ----a-w- c:\windows\system32\imon.dll
2009-10-04 10:38 . 2009-10-04 10:38 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-10-04 10:37 . 2009-10-04 10:47 -------- d-----w- c:\program files\Eset
2009-10-02 11:52 . 2009-10-02 11:52 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-02 11:47 . 2009-10-02 11:47 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-16 14:54 . 2009-09-16 14:54 -------- d-sh--w- c:\documents and settings\Zemish\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 15:12 . 2009-05-30 17:45 -------- d-----w- c:\program files\Common Files\LightScribe
2009-09-26 16:48 . 2009-08-22 17:40 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-08 14:55 . 2009-09-08 14:55 -------- d-----w- c:\program files\Bonjour
2009-09-08 14:55 . 2009-09-08 14:55 -------- d-----w- c:\program files\QuickTime
2009-09-01 12:34 . 2009-09-01 12:34 -------- d-----w- c:\program files\HP Wireless Keyboard
2009-08-21 12:49 . 2002-09-23 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-08-21 12:49 . 2002-09-23 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-08-06 17:24 . 2009-05-25 16:20 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-05-25 16:20 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-05-25 16:20 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-05-25 15:14 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2002-09-23 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-05-25 16:20 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-05-25 15:14 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2002-09-23 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-21 08:04 . 2009-07-21 08:04 98304 ----a-w- c:\windows\system32\qttask.exe
2009-07-20 07:34 . 2009-07-20 07:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-07-17 19:04 . 2002-09-23 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2009-05-25 16:20 286208 ------w- c:\windows\system32\wmpdxm.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"BtcMaestro"="c:\program files\HP Wireless Keyboard\KMaestro.exe" [2007-11-15 348160]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-10-04 949376]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-26 18081280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Zemish\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [25.5.2009 20:03 17640]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [4.10.2009 12:38 15424]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [1.4.2009 13:28 93184]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [26.5.2009 14:39 1684736]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [27.5.2009 15:56 9446]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Doplňkový sken -------
.
TCP: {196A49A4-B71C-4F59-9789-1BC2C22A022D} = 213.180.36.130,213.180.36.131
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-10 17:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-10-10 17:53
ComboFix-quarantined-files.txt 2009-10-10 15:53
ComboFix2.txt 2009-10-10 15:22

Před spuštěním: Volných bajtů: 42 788 827 136
Po spuštění: Volných bajtů: 42 754 510 848

117 --- E O F --- 2009-10-10 11:34

Re: Problémy s reklamami (IE)

Napsal: 10 říj 2009 17:57
od Zemish
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:29, on 10.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP Wireless Keyboard\KMaestro.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Zemish\Plocha\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP Wireless Keyboard\KMaestro.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{196A49A4-B71C-4F59-9789-1BC2C22A022D}: NameServer = 213.180.36.130,213.180.36.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{196A49A4-B71C-4F59-9789-1BC2C22A022D}: NameServer = 213.180.36.130,213.180.36.131
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5354 bytes
Časové pásmo: UTC+02:00
Stránka 1 z 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/