Jak se zbavit PrivateContent? - VYŘEŠENO

thirty-six · Příspěvekod **thirty-six** » 20 čer 2009 22:13

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56:45, on 20.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Vlastník\Plocha\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4D91-8333-CF10577473F7} - C:\Documents and Settings\Vlastník\Google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 6773 bytes

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, June 20, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, June 20, 2009 19:45:16
Records in database: 2371472
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 113615
Threat name: 2
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 01:54:04

File name / Threat name / Threats count
C:\Documents and Settings\Vlastník\Dokumenty\Downloads\Programs\Daemon_tools.rar Infected: Trojan-Downloader.Win32.Small.alcv 2
C:\Documents and Settings\Vlastník\Dokumenty\Ztažené-rozbalené\Daemon_tools\DAEMON TOOLS PRO V4.10.0218\Setup\DTPro4100218Advanced.exe Infected: Trojan-Downloader.Win32.Small.alcv 1
C:\Documents and Settings\Vlastník\Dokumenty\Ztažené-rozbalené\Daemon_tools\daemon4122-lite.exe Infected: Trojan-Downloader.Win32.Small.alcv 1
C:\Documents and Settings\Vlastník\Google\googletoolbar1.dll Infected: not-a-virus:AdWare.Win32.Agent.okt 1

The selected area was scanned.

Reklama

Příspěvekod **jaro3** » 20 čer 2009 22:22

Příště nestahuj neleg. zavirované programy.
Použij znovu OTMoveIt3 s tímto scriptem:

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
C:\Documents and Settings\Vlastník\Dokumenty\Downloads\Programs\Daemon_tools.rar 
C:\Documents and Settings\Vlastník\Dokumenty\Ztažené-rozbalené\Daemon_tools\DAEMON TOOLS PRO V4.10.0218\Setup\DTPro4100218Advanced.exe
C:\Documents and Settings\Vlastník\Dokumenty\Ztažené-rozbalené\Daemon_tools\daemon4122-lite.exe 
C:\Documents and Settings\Vlastník\Google\googletoolbar1.dll 

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

postup stejný , nebo můžeš smazat i manuálně a nepoužít OTMoveIt ( ale pročišťuje i prohlížeče).
Dnes končím , zítra ...

thirty-six · Příspěvekod **thirty-six** » 21 čer 2009 10:41

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, June 20, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, June 20, 2009 19:45:16
Records in database: 2371472
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 113615
Threat name: 2
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 01:54:04

File name / Threat name / Threats count
C:\Documents and Settings\Vlastník\Dokumenty\Downloads\Programs\Daemon_tools.rar Infected: Trojan-Downloader.Win32.Small.alcv 2
C:\Documents and Settings\Vlastník\Dokumenty\Ztažené-rozbalené\Daemon_tools\DAEMON TOOLS PRO V4.10.0218\Setup\DTPro4100218Advanced.exe Infected: Trojan-Downloader.Win32.Small.alcv 1
C:\Documents and Settings\Vlastník\Dokumenty\Ztažené-rozbalené\Daemon_tools\daemon4122-lite.exe Infected: Trojan-Downloader.Win32.Small.alcv 1
C:\Documents and Settings\Vlastník\Google\googletoolbar1.dll Infected: not-a-virus:AdWare.Win32.Agent.okt 1

The selected area was scanned.

Příspěvekod **jaro3** » 21 čer 2009 14:19

No to si akorát vložil znovu log z Kaspersky...

Najdi a smaž (tučně označené):
C:\Documents and Settings\Vlastník\Dokumenty\Downloads\Programs\Daemon_tools.rar
C:\Documents and Settings\Vlastník\Dokumenty\Ztažené-rozbalené\Daemon_tools\DAEMON TOOLS PRO V4.10.0218\Setup\DTPro4100218Advanced.exe
C:\Documents and Settings\Vlastník\Dokumenty\Ztažené-rozbalené\Daemon_tools\daemon4122-lite.exe
C:\Documents and Settings\Vlastník\Google\googletoolbar1.dll

Odinstaluj Daemon Tools.

Stáhni si DDS :

a ulož ho na plochu.Zavři všechna spuštěná okna a spusť program, potvrď licenční podmínky a postupuj podle pokynů. Začne scanování.Až skončí, tak by měl vytvořit 2 logy proto se Ti 2krát otevře notepad. Jeden log bude mít název DDS.txt a druhý attach.txt. Tak sem zkopíruj pouze ten DDS.txt

Napiš , jak se chová PC...

thirty-six · Příspěvekod **thirty-six** » 21 čer 2009 16:27

s pc zatim nic novyho aspon mi to tak pripada (okna skacou a kody fungujou)...
tady je log:

DDS (Ver_09-05-14.01) - NTFSx86
Run by Vlastník at 16:12:45,04 on ne 21.06.2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1535.981 [GMT 2:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Vlastník\Plocha\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [STYLEXP] c:\program files\tgtsoft\stylexp\StyleXP.exe -Hide
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [ooccctrl.exe] c:\program files\oo software\clevercache\ooccctrl.exe /tasktray
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\nabdka~1\programy\posput~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\internet download manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\internet download manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\internet download manager\IEGetAll.htm
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\vlastn~1\dataap~1\mozilla\firefox\profiles\1ah2odcc.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor=

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.SOAPEncoding.schemaCollection", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");

============= SERVICES / DRIVERS ===============

R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-1-13 15872]
R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-8-3 69120]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\anti trojan elite\atepmon.sys --> c:\program files\anti trojan elite\ATEPMon.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2007-12-5 13352]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [2007-12-5 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\drivers\se46mdfl.sys [2007-12-5 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\drivers\se46mdm.sys [2007-12-5 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se46mgmt.sys [2007-12-5 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\drivers\se46nd5.sys [2007-12-5 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\drivers\se46obex.sys [2007-12-5 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\drivers\se46unic.sys [2007-12-5 90800]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

=============== Created Last 30 ================

2009-06-20 22:23 <DIR> --d----- C:\_OTM
2009-06-20 18:27 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-20 18:27 1,409 a------- c:\windows\QTFont.for
2009-06-20 16:54 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-20 16:54 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-20 16:52 16,254,360 a------- C:\jre-6u14-windows-i586.exe
2009-06-19 08:26 12,770 a------- c:\windows\system32\oodbs.lor
2009-06-19 08:16 <DIR> --d----- c:\docume~1\vlastn~1\dataap~1\Malwarebytes
2009-06-19 08:16 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-19 08:16 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-19 08:16 <DIR> --d----- c:\docume~1\alluse~1\dataap~1\Malwarebytes
2009-06-19 08:16 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 23:14 <DIR> --d----- c:\windows\ERUNT
2009-06-18 23:14 <DIR> --d----- C:\!FixIEDef
2009-06-18 23:08 <DIR> --d----- c:\documents and settings\vlastník\DoctorWeb
2009-06-18 10:45 919,584 a------- c:\windows\system32\drivers\fidbox.dat
2009-06-18 10:45 29,728 a------- c:\windows\system32\drivers\fidbox2.dat
2009-06-18 10:45 12,872 a------- c:\windows\system32\drivers\fidbox.idx
2009-06-18 10:45 4,880 a------- c:\windows\system32\drivers\fidbox2.idx
2009-06-18 00:54 <DIR> a-dshr-- C:\cmdcons
2009-06-16 22:38 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-06-16 21:04 <DIR> --d----- c:\docume~1\alluse~1\dataap~1\DAEMON Tools Pro
2009-06-16 20:50 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-06-16 20:50 <DIR> --d----- c:\docume~1\vlastn~1\dataap~1\DAEMON Tools Pro
2009-06-07 20:31 <DIR> --d----- c:\docume~1\alluse~1\dataap~1\PC Tools
2009-06-04 20:37 <DIR> --d----- c:\windows\Internet Logs
2009-06-03 22:44 <DIR> --d----- c:\docume~1\vlastn~1\dataap~1\SUPERAntiSpyware.com
2009-06-03 21:43 6,968 a------- C:\rollback.ini
2009-06-03 19:00 <DIR> --d----- c:\program files\CZshare
2009-06-02 20:53 <DIR> --d----- c:\docume~1\vlastn~1\dataap~1\Hyperz
2009-06-02 18:10 32,480 a------- c:\windows\system32\Partizan.exe
2009-05-29 19:48 <DIR> --d----- c:\documents and settings\vlastník\Google
2009-05-24 13:23 235,965 a------- c:\documents and settings\vlastník\rosana1[1].dat

==================== Find3M ====================

2009-05-07 23:07 279,998 a------- c:\windows\Icon Converter Plus Uninstaller.exe
2009-05-07 17:44 345,088 a------- c:\windows\system32\localspl.dll
2009-04-29 06:53 660,480 a------- c:\windows\system32\wininet.dll
2009-04-29 06:53 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-19 22:11 1,846,656 a------- c:\windows\system32\win32k.sys
2009-04-16 23:08 403,596 a------- c:\windows\system32\perfh005.dat
2009-04-16 23:08 74,876 a------- c:\windows\system32\perfc005.dat
2009-04-15 17:18 584,192 a------- c:\windows\system32\rpcrt4.dll
2008-01-21 00:26 17,144 a------- c:\docume~1\vlastn~1\dataap~1\GDIPFONTCACHEV1.DAT
2004-10-01 15:00 40,960 a------- c:\program files\Uninstall_CDS.exe

============= FINISH: 16:12:57,46 ===============

Příspěvekod **jaro3** » 21 čer 2009 16:57

Použij znovu OTMoveIt3 s tímto scriptem:
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services
pctplsg;pctplsg
pctplsg

:Reg

:Files
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\drivers\fidbox2.dat
c:\windows\system32\drivers\fidbox.idx
c:\windows\system32\drivers\fidbox2.idx
c:\windows\system32\Partizan.exe
c:\windows\system32\drivers\pctplsg.sys
c:\rollback.ini

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Pokud budou stále problémy, vlož nový log z Combofixu. Jinak stačí nový log z HJT.

thirty-six · Příspěvekod **thirty-six** » 21 čer 2009 18:47

uz to vypadalo po OTM ze kody jsou zazehnany, jenomze reklamy zustaly tak jsem skusil jeste Combofix a mam pocit jestli mi nevratil
nejakou starou zalohu protoze na plose se objevila starsi tapeta. tak jsem to projel OTM jeste jednou a Combofixem taky a kody furt jsou..

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver pctplsg;pctplsg not found.
Service\Driver pctplsg;pctplsg not found.
Service\Driver pctplsg not found.
Service\Driver pctplsg not found.
========== REGISTRY ==========
========== FILES ==========
File/Folder c:\windows\system32\drivers\fidbox.dat not found.
File/Folder c:\windows\system32\drivers\fidbox2.dat not found.
File/Folder c:\windows\system32\drivers\fidbox.idx not found.
File/Folder c:\windows\system32\drivers\fidbox2.idx not found.
File/Folder c:\windows\system32\Partizan.exe not found.
File/Folder c:\windows\system32\drivers\pctplsg.sys not found.
File/Folder c:\rollback.ini not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Vlastník\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_31c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5d8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 06212009_180539

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_31c.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_5d8.dat moved successfully.

Registry entries deleted on Reboot...

ComboFix 09-06-20.04 - Vlastník 21.06.2009 18:25.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1535.1093 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vlastník\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Vlastník\Plocha\pája2\RECTICEL\company document\28??????(07.07.25???\_desktop.ini
c:\documents and settings\Vlastník\Plocha\pája2\RECTICEL\NINGBO 3\Jason comp\company document\28??????(07.07.25???\_desktop.ini

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-21 do 2009-06-21 )))))))))))))))))))))))))))))))
.

2009-06-20 20:23 . 2009-06-20 20:23 -------- d-----w- C:\_OTM
2009-06-20 17:43 . 2009-06-20 17:43 -------- d-----w- c:\windows\Sun
2009-06-20 14:54 . 2009-06-20 14:54 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-20 14:54 . 2009-06-20 14:54 -------- d-----w- c:\program files\Java
2009-06-20 14:52 . 2009-06-20 14:52 16254360 ----a-w- C:\jre-6u14-windows-i586.exe
2009-06-19 06:16 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-19 06:16 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-19 06:16 . 2009-06-19 06:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 21:14 . 2009-06-18 21:14 -------- d-----w- C:\ERDNT
2009-06-18 21:14 . 2009-06-18 21:14 -------- d-----w- c:\windows\ERUNT
2009-06-18 21:14 . 2009-06-18 21:14 -------- d-----w- C:\!FixIEDef
2009-06-16 20:38 . 2009-06-21 14:10 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-16 18:50 . 2009-06-16 18:50 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-07 22:10 . 2009-06-07 22:10 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2009-06-04 18:37 . 2009-06-07 15:01 -------- d-----w- c:\windows\Internet Logs
2009-06-03 17:00 . 2009-06-03 17:00 -------- d-----w- c:\program files\CZshare

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 14:54 . 2007-12-09 11:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-04 18:21 . 2008-03-26 10:25 823 ----a-w- c:\windows\win.tmp
2009-05-20 11:12 . 2007-12-05 16:17 -------- d-----w- c:\program files\Sony Ericsson
2009-05-20 11:12 . 2007-12-05 16:17 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-05-20 11:07 . 2007-11-14 16:06 -------- d-----w- c:\program files\Testy Autoškola
2009-05-07 22:23 . 2008-09-04 21:37 -------- d-----w- c:\program files\SpeedFan
2009-05-07 21:41 . 2009-05-07 21:41 -------- d-----w- c:\program files\VeryPDF PDF2Word v3.0
2009-05-07 21:07 . 2009-05-07 21:07 279998 ----a-w- c:\windows\Icon Converter Plus Uninstaller.exe
2009-05-07 21:07 . 2009-05-07 21:07 -------- d-----w- c:\program files\Icon Converter Plus
2009-05-07 19:06 . 2008-08-13 20:55 -------- d-----w- c:\program files\IrfanView
2009-05-07 15:44 . 2004-08-17 13:49 345088 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:53 . 2004-08-17 13:49 660480 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:53 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 20:11 . 2004-08-17 13:44 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 21:08 . 2001-10-25 12:00 74876 ----a-w- c:\windows\system32\perfc005.dat
2009-04-16 21:08 . 2001-10-25 12:00 403596 ----a-w- c:\windows\system32\perfh005.dat
2009-04-15 15:18 . 2004-08-17 13:49 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2004-10-01 13:00 . 2007-10-01 20:23 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-21_15.37.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-21 16:07 . 2009-06-21 16:07 16384 c:\windows\temp\Perflib_Perfdata_4d0.dat
+ 2009-06-21 16:07 . 2009-06-21 16:07 16384 c:\windows\temp\Perflib_Perfdata_1c0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-08-08 2610608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"ooccctrl.exe"="c:\program files\OO Software\CleverCache\ooccctrl.exe" [2007-01-28 1911568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-20 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-7 113664]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 9:21 468224]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [5.12.2007 18:45 13352]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [5.12.2007 18:35 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\drivers\se46mdfl.sys [5.12.2007 18:35 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\drivers\se46mdm.sys [5.12.2007 18:35 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se46mgmt.sys [5.12.2007 18:41 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\drivers\se46nd5.sys [5.12.2007 18:41 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\drivers\se46obex.sys [5.12.2007 18:40 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\drivers\se46unic.sys [5.12.2007 18:41 90800]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2009-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2009-06-21 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-21 18:30
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):32,29,af,f1,c9,bf,ad,21,b3,01,ff,09,3f,8c,b2,1e,74,27,ca,5f,e6,
56,05,2d,da,bf,70,54,a7,a9,e6,55,1f,04,5c,f9,41,f5,3e,60,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6ea73178-4a5b-4344-99b9-3315bb61734b}]
@Denied: (Full) (Everyone)
"Model"=dword:00000001
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):76,8f,cb,8b,cc,98,f5,7e,ba,bd,45,f2,a9,ce,7f,5b,34,83,62,11,83,
f6,72,f7,b7,80,f5,68,7c,78,14,18,27,23,ca,61,56,67,c7,26,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b479778b-32c3-4501-a289-542d8126d0ce}]
@Denied: (Full) (Everyone)
"Model"=dword:0000007d
"Therad"=dword:0000001e
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,07,f3,08,32,3e,19,f6,d1,36,1e,bd,9f,03,55,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="80EA413A62D875761803D9B92F12D7E16E422F86570865B2B658B99088286EAD6985DA52E8CD0B21F7DE846DB554DA05E2A6A658BD3CA2360F40ED9EA05C36BCF31FD72DE5A4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CA6A0AC4980AC7933A6A0AC4980AC7933A7E04BA9E8C23738390AA8B2DF4BEB5F4D2325A8FE167C24C46189F05BA8859930444F314F88BDD0335EC94C0D038E9BBC2B266FFD0F71DF15F1B4A9F43DACF7AFC186172BB1D0A75A72D91B1339119D2EBED82CFB5FE7055F6B222D7BA388AB507B28D533B627AC7DF6DC3260C68A3D34422DAABA5FF2779C03501DA658CBBF8E9AE0083552B1353FA64C45F44848B9B71E8B58902DDCFB1971B341C2175BA33D47D16C918212F898BB942D679D48B1F23ECBC6E729A03E77F432842DE3D0AA02308EE83C0C1F94D17518E75FEA3EADF7163DABBFF8F04CAACE28755A04798C57891D053D7462890999AA159B989295A8962161A906B0187D45E247510257E40A09FB6CB1889BB9346C9679ECD2DFB63D3BAEE54B7CF7F68AA126502EAB2033BB691A6E48D53DEE973D967EB709F5C2427F0FDAE0CD15A5C2B1288D1E933CD963E8DBFE46316CD6CF58DDB1F5EFD7CE96E3DF0636B007C1ECC5959A6610CA22C9CB18370430857FC99491C236003ED46D6D33512F1B824DA0B68CBD5D3A1CB48C569C52ED2F175F4947480818759331512590CA414E70AEC95A9F5AEEF1B5A31DD529AF04CCE04D644C9178514FF8269A9670A5F7486D312A91577E1A5752DFC396F0535A6CDC860784ED33AAD140D8FAD34135EF4E4A02563B2DD672D1DD4317EB1C66193534ABEED2D0F6030671D2757065F4DC6B8BB336BF90381E0CFA0807AD46B2FC9144C0AF9E25AA49B84781E285B20384EBE7BC0907E39859F27ECD54B501AAD6B121AC2FD447D50578B337EDAEF2204160CDF8DC7E8092F238F29795E1CE5F0A8890BEA9E288264E1AD727178EE4B3819E5EA4189830E44FD3164DB416A88B8F4C0EA5ABBEADEBD2B60CECB149B9C6463FEBE3F24B3073E47FD6B96DB7790972F847F59A5EEE9CD2A85C83E5069787272080BB7A8F3644BD385D8C5333A2D7D34D9E282B3EFA502590874FAFF19946CD61D8188F63E782FA4182D8CBF4779DE7CDAA1AE8DE70C433538114DDBE4C7B7969E346E548DFFC4F9FD21711F1C0A077BFB689B2C1E65A7719F1F9952132BFFBE0C77707C3AE27029E91A1B09FB9CD5D2FC09BBA70E616864D34904D514151BAB45C4550605617EECC33390B7812B30CEA7ADA8975EC22842157C8500A6491B115AEA7F1AA4E0983FAE1FED77B6E8706074CB077E069C8A9079E77C08F78866DF97EFDF0B380D9C53FF8FC212BE6A1E35ACFEEB446"
"OOCC06.00.00.01WSSV"="337AD408FA42EF690B7682F617263DC4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CA6A0AC4980AC7933A6A0AC4980AC79335C891EFD61E0929DBB920102EBB221DB8BC15DDCECC0F0F0C75F9C9E69E1CAB4EA1217CC8EC477C714D92936C5B5F8F3079C94CE99711189783CAD1B67039EDC29C6DC3468BF42C8542BF15600BCD744EA87BEF7E56F3F0EA0828E009944745CC5386203A1D7F82BF9AD7F8E2A380B8AA164D709DE36AD0B37EDB0A1A5C6043166992ACCA1FA77FE75AF8D5688FCAF8588B86DF8C422DE12A8DA15156B94555DA0C34DE8027AEB57AC2267E312C43DFBF22F21FE0B79AEB9534F54B3FB1647E70232F7719109584DF6986E33722DF7362416A91A5BDE471C89EE199C1C9D8A5B8B85E9C6D2C0157B23CD198509B77D7FD9DD520A135E2A55938723B1455CA647AF00780B7C9CCC81F11CEE5FE949BD2ABE1DF7D341E52D092B06C41927EA733DD60A8AA5787CFC8296870F875CACFB09F68E0EC1AA48F75B007E67BCA1452054DC319DC166A6F8273C33A90A5B0D5076178E1AE048BC077636A7044BC949ADA71224414F9643E79BFE680439977C25CD2AA0B681C6DB2D07E2DBAA37E93BF254BAB59A00135DC48E7092F7277372BBF02EE8123907A48CBF919AFE357F42197D0EDF604C13665DB21545F22C8645A74493B2EDE01B7A1FD64106B741BC699CCB38BDDF6F0732D442E5B374659D35D02FC3EBA1164EA2318466E521970621D0E7DA8D79E69079A3F6CF3794B13761711F15A596391C48658766A4193C74BB5B800936A1F787581210B4CD7AB607501C065896CB70B5792E219DD0937356F0B54949BD6028F3D03F53E816E35C74EB3256CD975325FE295696D91E98492EDC2EF89950D1C396C4200636D5A24D9B806C8AACA752038FABF8335EE2C20A30FE65C8E8BD2658E17D7876D7769A7BCA40569E9EE705FB36BD8642629B40C9C5B8D2779CF9A13B7AA866F08085C69906BF5012C09E3846F17D46161164D5DD8D543EC90A9D9C813DD4D54CD532B42106F80DEA2635CE58F66C4F8689825A5F587AC60400640408B7780BDEEDD2044E35C81632D4BA3EF22E710E695EDA392EAB3DDC72BD2DD76DAB691B83D8DE6A9FB3714573C5E09294B457C32017FA726BC10DC86377FBAB149066739A96F431D9D4974B4068FB6802DA4B8589AE8E187D07C32228D3FAA7A4910FD0091B5437851F45AA2C1E0772C6A5E03B8D936B510F9D1C57196FF289880B67C63451636B6FCE67BDD0BCA077AECB8D2314A807D98D5A352A90DBD5A0EF91573C89942AD3A654502EC98E09D1CA3B2DCC0B467C01AAC892316C9B36514EEAACEB7737D50B0052B3FCB8D1286F70157C1DE4B78AAA5D259B5510"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-06-21 18:31
ComboFix-quarantined-files.txt 2009-06-21 16:31
ComboFix2.txt 2009-06-21 15:54
ComboFix3.txt 2009-06-21 15:38

Před spuštěním: Volných bajtů: 24 190 545 920
Po spuštění: Volných bajtů: 24 189 427 712

165 --- E O F --- 2009-06-11 22:23

Příspěvekod **jaro3** » 21 čer 2009 18:56

Ještě zbytek po Anti Trojan Elite a klíče...

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\program files\Anti Trojan Elite\ATEPMon.sys

Folder::
c:\program files\Anti Trojan Elite

Driver::
ATEPMon
ATE_PROCMON
ATE_PROCMON;ATE_PROCMON

RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6ea73178-4a5b-4344-99b9-3315bb61734b}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b479778b-32c3-4501-a289-542d8126d0ce}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

thirty-six · Příspěvekod **thirty-six** » 21 čer 2009 19:29

ComboFix 09-06-20.04 - Vlastník 21.06.2009 19:10.7 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1535.1084 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vlastník\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Vlastník\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\program files\Anti Trojan Elite\ATEPMon.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Vlastník\Plocha\pája2\RECTICEL\company document\28??????(07.07.25???\_desktop.ini
c:\documents and settings\Vlastník\Plocha\pája2\RECTICEL\NINGBO 3\Jason comp\company document\28??????(07.07.25???\_desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATE_PROCMON
-------\Service_ATE_PROCMON

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-21 do 2009-06-21 )))))))))))))))))))))))))))))))
.

2009-06-20 20:23 . 2009-06-20 20:23 -------- d-----w- C:\_OTM
2009-06-20 17:43 . 2009-06-20 17:43 -------- d-----w- c:\windows\Sun
2009-06-20 14:54 . 2009-06-20 14:54 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-20 14:54 . 2009-06-20 14:54 -------- d-----w- c:\program files\Java
2009-06-20 14:52 . 2009-06-20 14:52 16254360 ----a-w- C:\jre-6u14-windows-i586.exe
2009-06-19 06:16 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-19 06:16 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-19 06:16 . 2009-06-19 06:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 21:14 . 2009-06-18 21:14 -------- d-----w- C:\ERDNT
2009-06-18 21:14 . 2009-06-18 21:14 -------- d-----w- c:\windows\ERUNT
2009-06-18 21:14 . 2009-06-18 21:14 -------- d-----w- C:\!FixIEDef
2009-06-16 20:38 . 2009-06-21 14:10 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-16 18:50 . 2009-06-16 18:50 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-07 22:10 . 2009-06-07 22:10 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2009-06-04 18:37 . 2009-06-07 15:01 -------- d-----w- c:\windows\Internet Logs
2009-06-03 17:00 . 2009-06-03 17:00 -------- d-----w- c:\program files\CZshare

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 14:54 . 2007-12-09 11:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-04 18:21 . 2008-03-26 10:25 823 ----a-w- c:\windows\win.tmp
2009-05-20 11:12 . 2007-12-05 16:17 -------- d-----w- c:\program files\Sony Ericsson
2009-05-20 11:12 . 2007-12-05 16:17 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-05-20 11:07 . 2007-11-14 16:06 -------- d-----w- c:\program files\Testy Autoškola
2009-05-07 22:23 . 2008-09-04 21:37 -------- d-----w- c:\program files\SpeedFan
2009-05-07 21:41 . 2009-05-07 21:41 -------- d-----w- c:\program files\VeryPDF PDF2Word v3.0
2009-05-07 21:07 . 2009-05-07 21:07 279998 ----a-w- c:\windows\Icon Converter Plus Uninstaller.exe
2009-05-07 21:07 . 2009-05-07 21:07 -------- d-----w- c:\program files\Icon Converter Plus
2009-05-07 19:06 . 2008-08-13 20:55 -------- d-----w- c:\program files\IrfanView
2009-05-07 15:44 . 2004-08-17 13:49 345088 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:53 . 2004-08-17 13:49 660480 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:53 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-19 20:11 . 2004-08-17 13:44 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 21:08 . 2001-10-25 12:00 74876 ----a-w- c:\windows\system32\perfc005.dat
2009-04-16 21:08 . 2001-10-25 12:00 403596 ----a-w- c:\windows\system32\perfh005.dat
2009-04-15 15:18 . 2004-08-17 13:49 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2004-10-01 13:00 . 2007-10-01 20:23 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-21_15.37.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-21 17:13 . 2009-06-21 17:13 16384 c:\windows\temp\Perflib_Perfdata_76c.dat
+ 2009-06-21 16:07 . 2009-06-21 16:07 16384 c:\windows\temp\Perflib_Perfdata_4d0.dat
+ 2009-06-21 17:13 . 2009-06-21 17:13 16384 c:\windows\temp\Perflib_Perfdata_128.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-08-08 2610608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"ooccctrl.exe"="c:\program files\OO Software\CleverCache\ooccctrl.exe" [2007-01-28 1911568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-20 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-7 113664]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 9:21 468224]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [5.12.2007 18:45 13352]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [5.12.2007 18:35 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\drivers\se46mdfl.sys [5.12.2007 18:35 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\drivers\se46mdm.sys [5.12.2007 18:35 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se46mgmt.sys [5.12.2007 18:41 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\drivers\se46nd5.sys [5.12.2007 18:41 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\drivers\se46obex.sys [5.12.2007 18:40 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\drivers\se46unic.sys [5.12.2007 18:41 90800]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2009-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2009-06-21 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-31 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-21 19:14
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):32,29,af,f1,c9,bf,ad,21,b3,01,ff,09,3f,8c,b2,1e,74,27,ca,5f,e6,
56,05,2d,da,bf,70,54,a7,a9,e6,55,1f,04,5c,f9,41,f5,3e,60,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6ea73178-4a5b-4344-99b9-3315bb61734b}]
@Denied: (Full) (Everyone)
"Model"=dword:00000001
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):76,8f,cb,8b,cc,98,f5,7e,ba,bd,45,f2,a9,ce,7f,5b,34,83,62,11,83,
f6,72,f7,b7,80,f5,68,7c,78,14,18,27,23,ca,61,56,67,c7,26,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b479778b-32c3-4501-a289-542d8126d0ce}]
@Denied: (Full) (Everyone)
"Model"=dword:0000007d
"Therad"=dword:0000001e
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,07,f3,08,32,3e,19,f6,d1,36,1e,bd,9f,03,55,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="80EA413A62D875761803D9B92F12D7E16E422F86570865B2B658B99088286EAD6985DA52E8CD0B21F7DE846DB554DA05E2A6A658BD3CA2360F40ED9EA05C36BCF31FD72DE5A4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CA6A0AC4980AC7933A6A0AC4980AC7933A7E04BA9E8C23738390AA8B2DF4BEB5F4D2325A8FE167C24C46189F05BA8859930444F314F88BDD0335EC94C0D038E9BBC2B266FFD0F71DF15F1B4A9F43DACF7AFC186172BB1D0A75A72D91B1339119D2EBED82CFB5FE7055F6B222D7BA388AB507B28D533B627AC7DF6DC3260C68A3D34422DAABA5FF2779C03501DA658CBBF8E9AE0083552B1353FA64C45F44848B9B71E8B58902DDCFB1971B341C2175BA33D47D16C918212F898BB942D679D48B1F23ECBC6E729A03E77F432842DE3D0AA02308EE83C0C1F94D17518E75FEA3EADF7163DABBFF8F04CAACE28755A04798C57891D053D7462890999AA159B989295A8962161A906B0187D45E247510257E40A09FB6CB1889BB9346C9679ECD2DFB63D3BAEE54B7CF7F68AA126502EAB2033BB691A6E48D53DEE973D967EB709F5C2427F0FDAE0CD15A5C2B1288D1E933CD963E8DBFE46316CD6CF58DDB1F5EFD7CE96E3DF0636B007C1ECC5959A6610CA22C9CB18370430857FC99491C236003ED46D6D33512F1B824DA0B68CBD5D3A1CB48C569C52ED2F175F4947480818759331512590CA414E70AEC95A9F5AEEF1B5A31DD529AF04CCE04D644C9178514FF8269A9670A5F7486D312A91577E1A5752DFC396F0535A6CDC860784ED33AAD140D8FAD34135EF4E4A02563B2DD672D1DD4317EB1C66193534ABEED2D0F6030671D2757065F4DC6B8BB336BF90381E0CFA0807AD46B2FC9144C0AF9E25AA49B84781E285B20384EBE7BC0907E39859F27ECD54B501AAD6B121AC2FD447D50578B337EDAEF2204160CDF8DC7E8092F238F29795E1CE5F0A8890BEA9E288264E1AD727178EE4B3819E5EA4189830E44FD3164DB416A88B8F4C0EA5ABBEADEBD2B60CECB149B9C6463FEBE3F24B3073E47FD6B96DB7790972F847F59A5EEE9CD2A85C83E5069787272080BB7A8F3644BD385D8C5333A2D7D34D9E282B3EFA502590874FAFF19946CD61D8188F63E782FA4182D8CBF4779DE7CDAA1AE8DE70C433538114DDBE4C7B7969E346E548DFFC4F9FD21711F1C0A077BFB689B2C1E65A7719F1F9952132BFFBE0C77707C3AE27029E91A1B09FB9CD5D2FC09BBA70E616864D34904D514151BAB45C4550605617EECC33390B7812B30CEA7ADA8975EC22842157C8500A6491B115AEA7F1AA4E0983FAE1FED77B6E8706074CB077E069C8A9079E77C08F78866DF97EFDF0B380D9C53FF8FC212BE6A1E35ACFEEB446"
"OOCC06.00.00.01WSSV"="337AD408FA42EF690B7682F617263DC4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CA6A0AC4980AC7933A6A0AC4980AC79335C891EFD61E0929DBB920102EBB221DB8BC15DDCECC0F0F0C75F9C9E69E1CAB4EA1217CC8EC477C714D92936C5B5F8F3079C94CE99711189783CAD1B67039EDC29C6DC3468BF42C8542BF15600BCD744EA87BEF7E56F3F0EA0828E009944745CC5386203A1D7F82BF9AD7F8E2A380B8AA164D709DE36AD0B37EDB0A1A5C6043166992ACCA1FA77FE75AF8D5688FCAF8588B86DF8C422DE12A8DA15156B94555DA0C34DE8027AEB57AC2267E312C43DFBF22F21FE0B79AEB9534F54B3FB1647E70232F7719109584DF6986E33722DF7362416A91A5BDE471C89EE199C1C9D8A5B8B85E9C6D2C0157B23CD198509B77D7FD9DD520A135E2A55938723B1455CA647AF00780B7C9CCC81F11CEE5FE949BD2ABE1DF7D341E52D092B06C41927EA733DD60A8AA5787CFC8296870F875CACFB09F68E0EC1AA48F75B007E67BCA1452054DC319DC166A6F8273C33A90A5B0D5076178E1AE048BC077636A7044BC949ADA71224414F9643E79BFE680439977C25CD2AA0B681C6DB2D07E2DBAA37E93BF254BAB59A00135DC48E7092F7277372BBF02EE8123907A48CBF919AFE357F42197D0EDF604C13665DB21545F22C8645A74493B2EDE01B7A1FD64106B741BC699CCB38BDDF6F0732D442E5B374659D35D02FC3EBA1164EA2318466E521970621D0E7DA8D79E69079A3F6CF3794B13761711F15A596391C48658766A4193C74BB5B800936A1F787581210B4CD7AB607501C065896CB70B5792E219DD0937356F0B54949BD6028F3D03F53E816E35C74EB3256CD975325FE295696D91E98492EDC2EF89950D1C396C4200636D5A24D9B806C8AACA752038FABF8335EE2C20A30FE65C8E8BD2658E17D7876D7769A7BCA40569E9EE705FB36BD8642629B40C9C5B8D2779CF9A13B7AA866F08085C69906BF5012C09E3846F17D46161164D5DD8D543EC90A9D9C813DD4D54CD532B42106F80DEA2635CE58F66C4F8689825A5F587AC60400640408B7780BDEEDD2044E35C81632D4BA3EF22E710E695EDA392EAB3DDC72BD2DD76DAB691B83D8DE6A9FB3714573C5E09294B457C32017FA726BC10DC86377FBAB149066739A96F431D9D4974B4068FB6802DA4B8589AE8E187D07C32228D3FAA7A4910FD0091B5437851F45AA2C1E0772C6A5E03B8D936B510F9D1C57196FF289880B67C63451636B6FCE67BDD0BCA077AECB8D2314A807D98D5A352A90DBD5A0EF91573C89942AD3A654502EC98E09D1CA3B2DCC0B467C01AAC892316C9B36514EEAACEB7737D50B0052B3FCB8D1286F70157C1DE4B78AAA5D259B5510"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3384)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\program files\OO Software\CleverCache\ooccag.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WgaTray.exe
.
**************************************************************************
.
Celkový čas: 2009-06-21 19:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-21 17:17
ComboFix2.txt 2009-06-21 16:31
ComboFix3.txt 2009-06-21 15:54
ComboFix4.txt 2009-06-21 15:38

Před spuštěním: Volných bajtů: 24 186 847 232
Po spuštění: Volných bajtů: 24 138 473 472

191 --- E O F --- 2009-06-11 22:23

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:28, on 21.6.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Vlastník\Plocha\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 6634 bytes

Příspěvekod **jaro3** » 21 čer 2009 20:07

Hm , log je čistý až na opakované výmazy tohoto:
c:\documents and settings\Vlastník\Plocha\pája2\RECTICEL\company document\28??????(07.07.25???\_desktop.ini
c:\documents and settings\Vlastník\Plocha\pája2\RECTICEL\NINGBO 3\Jason comp\company document\28??????(07.07.25???\_desktop.ini
Nevíš o co se jedná?

Zkus ještě jeden on-line scanner:
Spusť F-Secure Online Scanner z některého odkazu.
http://support.f-secure.com/enu/home/ols.shtml
http://support.f-secure.com/enu/home/ols3.shtml#

Tento skener je možno použít jen v prohlížeči Internet Explorer! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci. Akceptuj licenci. Po instalaci ActiveX, klikni na Full System Scan. Když stahování skončeno, automaticky začne sken . Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken klikni na tlačítko Automatic clearing (recommended). Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .

thirty-six · Příspěvekod **thirty-six** » 21 čer 2009 22:11

jo, to jsou dokumenty z ciny dovezeny - proto ty otazniky v nazvech. radeji jsem to dal pryc z pc na cd...
stranku se scan reportem bohuzel z F-secure neslo zobrazit, tak jsem to nejako otevrel ve wordu a poupravil aby to bylo alespon trochu prehledne...

Online Scanner - Scanning Report - Sunday, June 21, 2009 21:45:56

Scanning Report Sunday, June 21, 2009 20:31:45 - 21:45:56
Computer name: PAVOL-S5096KMH0
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ H:\
5 malware found "http://cgi.f-secure.com/cgi-bin/websearch/vsearch.cgi?q=TrackingCookie.2o7&orig='disk'">TrackingCookie. (spyware)

System (Disinfected)

href="http://cgi.f-secure.com/cgi-bin/websearch/vsearch.cgi?q=TrackingCookie.Atdmt&orig='disk'">TrackingCookie.Atdmt (spyware)

System (Disinfected)

href="http://cgi.f-secure.com/cgi-bin/websearch/vsearch.cgi?q=TrackingCookie.Doubleclick&orig='disk'">TrackingCookie.Doubleclick (spyware)

System (Disinfected)

href="http://cgi.f-secure.com/cgi-bin/websearch/vsearch.cgi?q=W32/Packed_FSG.D&orig='disk'">W32/Packed_FSG.D (virus)
C:\PROGRAM FILES\PDF CREATOR PLUS 4.0\PNEPUB2.EXE (Disinfected & Submitted)
href="http://cgi.f-secure.com/cgi-bin/websearch/vsearch.cgi?q=NetBot.O&orig='disk'">NetBot.O (virus)

C:\DOCUMENTS AND SETTINGS\VLASTNÍK\DOKUMENTY\ZTAŽENÉ-ROZBALENÉ\UNHACKME 5.0.0.FINAL WWW.SOFTARCHIVE.NET\NONSPIN\UNHACKME.EXE (Disinfected & Submitted)

Scanned:

Files: 57363
System: 3371
Not scanned: 7

Actions:

Disinfected: 5
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 2

Files not scanned:
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\VLASTNÍK\LOCAL SETTINGS\TEMP\ETILQS_1DUASMOL0ANAJLEUFGBI

Scanning engines:
Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

Use advanced heuristics

HREF=http://support.f-secure.com/> Product support
HREF=http://support.f-secure.com//enu/home/virusproblem/sample/> Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Příspěvekod **jaro3** » 22 čer 2009 07:50

Vlož ještě nový log z HJT.
popiš jak se chová PC, podrobně. Na nákazu to nevypadá, leda opravit systém.

Jak se zbavit PrivateContent? - VYŘEŠENO Vyřešeno

Re: Jak se zbavit PrivateContent?

Re: Jak se zbavit PrivateContent?

Re: Jak se zbavit PrivateContent?

Re: Jak se zbavit PrivateContent?

Re: Jak se zbavit PrivateContent?

Re: Jak se zbavit PrivateContent?

Re: Jak se zbavit PrivateContent?

Re: Jak se zbavit PrivateContent?

Re: Jak se zbavit PrivateContent?

Re: Jak se zbavit PrivateContent?

Re: Jak se zbavit PrivateContent?

Re: Jak se zbavit PrivateContent?

Kdo je online