Mám asi zavirovaný počítač. Co s tím? Vyřešeno

[sanko33]

Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.

Nelze mi vypnout AVG ani odinstalovat.

[Reklama]

[bledulka]

Zkus tento odinstalátor
http://download.avg.com/filedir/util/av ... emover.exe

[sanko33]

Jak se používá?:D jsem to stah a spustil..a ono se mi zobrazila nějaká černá tabulka.. a nic víc.

[bledulka]

Zkus mrknout sem - druhá tabulka AVG
http://www.raymond.cc/blog/archives/200 ... #more-2878

[sanko33]

jo už mám:D je to pryč.

[bledulka]

Teď ten combofix.

[sanko33]

ComboFix 10-08-08.03 - simon 09.08.2010 20:54:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.510.316 [GMT 2:00]
Spuštěný z: d:\staĺľenă© soubory 1\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\simon\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\simon\Local Settings\Temp\IadHide5.dll
c:\windows\system32\vbzlib1.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-09 do 2010-08-09 )))))))))))))))))))))))))))))))
.

2010-08-09 16:49 . 2010-08-09 16:49 -------- d-----w- C:\AVGTemp
2010-08-08 20:26 . 2010-08-08 20:27 -------- d-----w- c:\program files\trend micro
2010-08-08 20:26 . 2010-08-08 20:27 -------- d-----w- C:\rsit
2010-08-08 17:04 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-08 17:04 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-08 17:04 . 2010-08-08 17:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-08 16:46 . 2010-08-08 16:46 -------- d-----w- c:\program files\TrendMicro
2010-07-31 21:45 . 2010-07-31 21:45 -------- d-----w- c:\program files\WinPcap
2010-07-27 10:09 . 2010-07-27 10:09 -------- d-----w- c:\documents and settings\simon\WINDOWS
2010-07-27 09:21 . 2010-07-27 09:21 -------- d-----w- c:\program files\Alwil Software
2010-07-21 07:35 . 2010-07-21 07:38 -------- d-----w- c:\program files\ICQ6.5
2010-07-11 08:37 . 2010-07-11 08:37 -------- d-----w- c:\program files\GamePark

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 15:59 . 2010-07-05 22:47 -------- d-----w- c:\program files\uTorrent
2010-08-05 13:32 . 2010-06-05 11:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-31 21:43 . 2010-06-05 16:48 -------- d-----w- c:\program files\DsNET Corp
2010-07-21 09:24 . 2010-06-05 11:32 -------- d-----w- c:\program files\ICQ6Toolbar
2010-07-16 15:31 . 2010-06-05 12:37 -------- d-----w- c:\program files\BSplayer Pro
2010-07-13 20:22 . 2010-06-05 18:22 -------- d-----w- c:\program files\BS_Player
2010-07-06 22:33 . 2010-07-06 22:33 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-06-26 18:59 . 2010-06-26 18:57 -------- d-----w- c:\program files\ICQ6.521_09_30
2010-06-25 21:21 . 2004-08-18 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-06-25 21:21 . 2004-08-18 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-06-25 20:56 . 2010-06-25 20:55 -------- d-----w- c:\program files\GIMP-2.0
2010-06-16 19:14 . 2010-06-05 10:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-15 22:12 . 2010-06-15 22:12 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-14 14:30 . 2010-06-05 10:00 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 18:58 . 2010-06-13 18:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-05 18:17 . 2010-06-05 18:17 339456 ----a-w- c:\windows\UIA200.exe
2010-06-05 17:30 . 2010-06-05 17:30 118784 ------r- c:\windows\bwUnin-7.2.0.157-8876480SL.exe
2010-06-05 12:41 . 2010-06-05 12:41 138752 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-06-05 12:32 . 2010-06-05 12:29 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-05 11:29 . 2010-06-05 11:29 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-05 10:54 . 2010-06-05 10:54 0 ----a-w- c:\windows\nsreg.dat
2010-06-05 10:19 . 2010-06-05 10:01 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-05 10:19 . 2010-06-05 10:01 2378 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-05 10:18 . 2010-06-05 10:01 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-06-05 10:12 . 2010-06-05 10:12 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-06-05 10:00 . 2010-06-05 10:00 21812 ----a-w- c:\windows\system32\emptyregdb.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-06-08 2515552]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-06-08 04:27 2515552 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-06-08 2515552]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-06-08 2515552]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-06-05 36864]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-08-07 381304]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-01-03 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-06-05 2957824]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 49152]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-30 284184]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 746520]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\simon\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GameRanger.lnk - c:\documents and settings\simon\Data aplikacˇ\GameRanger\GameRanger\GameRanger.exe [2010-6-30 1240800]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AirLive WL1600USB Wireless Lan Utility.lnk - c:\program files\AirLive WL1600USB\AirLive WL1600USB Wireless Lan Utility\RtWLan.exe [2010-6-5 815104]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-6-5 196608]
Nokia Nseries PC Suite.lnk - c:\program files\Nokia\NNPCS\RunLauncher.exe [2008-1-9 679936]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\simon\\Plocha\\fifa07.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\simon\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [5.6.2010 14:41 138752]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [5.6.2010 12:12 38144]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30.3.2010 11:16 1107336]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R3 RTLWUSB;AirLive WL1600USB;c:\windows\system32\drivers\RTL8187.sys [5.6.2010 12:12 332928]
S2 gupdate1cb04a23c2055da;Služba Google Update (gupdate1cb04a23c2055da);c:\program files\Google\Update\GoogleUpdate.exe [5.6.2010 13:28 133104]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [5.6.2010 13:32 246520]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.6.2010 14:29 685816]
.
Obsah adresáře 'Naplánované úlohy'

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-05 11:28]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-05 11:28]

2010-08-05 c:\windows\Tasks\Norton Security Scan for simon.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-05 05:31]

2010-08-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\simon\Data aplikací\Mozilla\Firefox\Profiles\kevgnn1k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?cl ... e=en_EU&q=
FF - component: c:\documents and settings\simon\Data aplikací\Mozilla\Firefox\Profiles\kevgnn1k.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\simon\Data aplikací\Mozilla\Firefox\Profiles\kevgnn1k.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\simon\Data aplikací\Mozilla\Firefox\Profiles\kevgnn1k.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-avgrsstarter - avgrsstx.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-09 21:05
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="A76D1E2CF394A258C67FFA43FE8D50D557DF910E4DECCAB6F161186117EB43DC8465E9A1357128864876BC429E1C19EB4EB25119F594E5BF8C8B47FD2C2F27728DD0EDB92866DB4DA00C38C78B171C5A24312F68FD9EDF1E5894027D0D38CB9EC9BC1DBC97B3973946FD59B1527B7FD361642E8D50FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA9C6AECB7A5D1407A6171C11EC38DE3D526C5A601F71882AA22AE68A6347553E4FDEAF99F7CDFC817BFD5E340D72BBC526AD792BE9302A16B0C41680D5500D45314BCBFA5831F7901A84FB4EC0213BC6A71BEFCF07CBA88FADD13A40F5B09C30A741F51FA8AFE6751AAD4992552275944EEA425DEC89D6B8CF4C7D6805458D0344A720D2955D28B48F681B9F0462BCD5C933CCE6034F20F80193601DB80DFB854F470C6E43F52E19BD071A1E7EF3F775FA6E3A02A4AAFDFC616E3307B92F9AC4C34E5447C55700309C4042B5E4102320787D8EC8234A02B242049D4FA4F32E0FD24FE13D288337C8592D661450904DC70AA31FDB4103CE4C2AE01B298AC7907ADEBC77AEE89E017953CCA86BCA749A24AD08945DB7CC9FC2D375F845F03C2EDDFE7226807874A29CA003837254DDC1AE16B56E72B2C13ED02E955BDBD08589D67FABD59C3E72EECD0994C2E0DE150D25A61CFCC7D0248BF45B7AB9A9187CB544DF8CC4EE1329D26D88AB09F551835C8A7A0FE68B29D67CF1B2BF5C6E269E5DCA5398006746D04BA250D7C8F1073924A3DFC6A56F40619951BDE7636C508C3ED2C1B8EDFB19C16BD5450B4D9B50686AFBD6DC06A99470FCDABAD342EADF0B2987463CC324C27AD7B3009AB0BC6E694BE19451AC769453D9219C4EBEB8920482D8B0530F5DEB9C4CACCBC264A19935746683880C1426FD72F40B04F4A11882C57D8393AD28B2EE96F72A212F1C7BEAAB5FC148EFC49E889F6DDE04527C96B8FD6B7876D509A8D9990E4F382704344F466920BDF5CF4C2F4EE627C3981F27FB4DDEF8590E08D5EB4BABA46E3C30D7C6AFDEA3F58F7E6F52FC80A71AE1E4D5C36958A67DB1B2B2D636D1448EAB016ADE67E586678121BA73429CD4C596AE242E1A1D538871992DF177C581458CD569C402E0B667680AD5BCC4E25AE575DF87FB3F338684D0D0A8B44290DFA64694C24AA47D5431AE0FDDF9413E96FE125FE89047E8FB5D2772F93F5C8018289728DA690CA73565188BE29908DD9CF7531A2477394C24652199EAD1212595260F7C07BA07916407395D6831FDB5339F737E0CDBAE33A152BD67BAD37D53F95C920613FD79B31EFC7D67E5F71A7BD2A58001E38ED3344C3CD0009A4EF42799EE5B373E16D9445513211248C8E92AAB1E5F19E605692DAFA2820D306E9CFA7CE275"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(7012)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Celkový čas: 2010-08-09 21:09:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-09 19:09

Před spuštěním: 1 284 247 552
Po spuštění: 2 899 902 464

- - End Of File - - BB63B482F9ED430A534D092262160239

[bledulka]

Combofix přesuň na plochu
-otevři si Poznámkový blok
-Do něj zkopíruj text z tohoto okénka

Kód: Vybrat vše



Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
"{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}"=-
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[-HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

File::
e:\NTGLM7X.sys
c:\program files\BS_Player\tbBS_1.dll
c:\windows\system32\ezsidmv.dat
c:\windows\nsreg.dat

Folder::
c:\program files\AVG
c:\program files\Ask.com
c:\program files\Winamp Toolbar

Driver::
AVG Security Toolbar Service
SetupNTGLM7X

DDS::
uStart Page = hxxp://start.icq.com/

Firefox::
FF - ProfilePath - c:\documents and settings\simon\Data aplikací\Mozilla\Firefox\Profiles\kevgnn1k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?cl ... e=en_EU&q=

 


-vytvořený TXT soubor ulož jako CFScript.txt na plochu a levým myšítkem přesuň nad ikonu Combofixu, kde ho upustíš

-Po proběhnutí skenu a ukončení combofixu by se měl objevit log, vlož ho zde.

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.



Otestuj na http://www.virustotal.com


c:\windows\UIA200.exe

-Do okénka zkopíruj cestu k souboru , pokud napíše, že soubor byl už testován, dej otestovat znovu.
-Sem vlož link s výsledky.

[sanko33]

ComboFix 10-08-08.03 - simon 10.08.2010 8:19.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.510.342 [GMT 2:00]
Spuštěný z: c:\documents and settings\simon\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\simon\Plocha\CFScript.txt

FILE ::
"c:\program files\BS_Player\tbBS_1.dll"
"c:\windows\nsreg.dat"
"c:\windows\system32\ezsidmv.dat"
"e:\NTGLM7X.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_2d.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\AVG
c:\program files\AVG\AVG9\Chjw\a8cc0f66cc0f2e5e\avgcchfi.dat
c:\program files\AVG\AVG9\Chjw\a8cc0f66cc0f2e5e\avgcchmi.dat
c:\program files\AVG\AVG9\Chjw\e6bd26d3-03fe-4996-a228-cab66c0c54ad.cm-2-i.dat
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_23\chrome\content\config.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_23\chrome\content\html\tabswelcome.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_23\chrome\content\html\tabswelcome_ie7header.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_23\chrome\content\Languages\en.ini
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_23\chrome\skin\searchProvider.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_23\sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39\chrome\content\config.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39\chrome\content\html\tabswelcome.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39\chrome\content\html\tabswelcome_ie7header.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39\chrome\content\Languages\en.ini
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39\chrome\skin\searchProvider.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39\chrome\skin\spGeneralSearch.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39\sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40\chrome\content\config.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40\chrome\content\html\tabswelcome.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40\chrome\content\html\tabswelcome_ie7header.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40\chrome\content\Languages\en.ini
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40\chrome\skin\searchProvider.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40\chrome\skin\spYandex.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40\sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48\chrome\content\config.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48\chrome\content\html\tabswelcome.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48\chrome\content\html\tabswelcome_ie7header.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48\chrome\content\Languages\en.ini
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48\chrome\skin\searchProvider.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48\chrome\skin\spBaidu.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48\sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_57\chrome\content\config.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_57\chrome\content\html\tabswelcome.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_57\chrome\content\html\tabswelcome_ie7header.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_57\sp.xml
c:\program files\BS_Player\tbBS_1.dll
c:\program files\Winamp Toolbar
c:\program files\Winamp Toolbar\apopup.dll
c:\program files\Winamp Toolbar\install.log
c:\program files\Winamp Toolbar\msvcr71.dll
c:\program files\Winamp Toolbar\uninstall.exe
c:\program files\Winamp Toolbar\winamptb.dll
c:\program files\Winamp Toolbar\winampTbServer.exe
c:\program files\Winamp Toolbar\winamptbServerPS.dll
c:\program files\Winamp Toolbar\xprt5.dll
c:\windows\nsreg.dat
c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVG_SECURITY_TOOLBAR_SERVICE
-------\Legacy_SETUPNTGLM7X
-------\Service_AVG Security Toolbar Service
-------\Service_SetupNTGLM7X


((((((((((((((((((((((((( Soubory vytvořené od 2010-07-10 do 2010-08-10 )))))))))))))))))))))))))))))))
.

2010-08-09 16:49 . 2010-08-09 16:49 -------- d-----w- C:\AVGTemp
2010-08-08 20:26 . 2010-08-08 20:27 -------- d-----w- c:\program files\trend micro
2010-08-08 20:26 . 2010-08-08 20:27 -------- d-----w- C:\rsit
2010-08-08 17:04 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-08 17:04 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-08 17:04 . 2010-08-08 17:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-08 16:46 . 2010-08-08 16:46 -------- d-----w- c:\program files\TrendMicro
2010-07-31 21:45 . 2010-07-31 21:45 -------- d-----w- c:\program files\WinPcap
2010-07-27 10:09 . 2010-07-27 10:09 -------- d-----w- c:\documents and settings\simon\WINDOWS
2010-07-27 09:21 . 2010-07-27 09:21 -------- d-----w- c:\program files\Alwil Software
2010-07-21 07:35 . 2010-07-21 07:38 -------- d-----w- c:\program files\ICQ6.5
2010-07-11 08:37 . 2010-07-11 08:37 -------- d-----w- c:\program files\GamePark

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-10 06:23 . 2010-06-05 18:22 -------- d-----w- c:\program files\BS_Player
2010-08-07 15:59 . 2010-07-05 22:47 -------- d-----w- c:\program files\uTorrent
2010-08-05 13:32 . 2010-06-05 11:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-31 21:43 . 2010-06-05 16:48 -------- d-----w- c:\program files\DsNET Corp
2010-07-21 09:24 . 2010-06-05 11:32 -------- d-----w- c:\program files\ICQ6Toolbar
2010-07-16 15:31 . 2010-06-05 12:37 -------- d-----w- c:\program files\BSplayer Pro
2010-07-06 22:33 . 2010-07-06 22:33 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-06-26 18:59 . 2010-06-26 18:57 -------- d-----w- c:\program files\ICQ6.521_09_30
2010-06-25 21:21 . 2004-08-18 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-06-25 21:21 . 2004-08-18 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-06-25 20:56 . 2010-06-25 20:55 -------- d-----w- c:\program files\GIMP-2.0
2010-06-16 19:14 . 2010-06-05 10:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-15 22:12 . 2010-06-15 22:12 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-14 14:30 . 2010-06-05 10:00 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 18:58 . 2010-06-13 18:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-05 18:17 . 2010-06-05 18:17 339456 ----a-w- c:\windows\UIA200.exe
2010-06-05 17:30 . 2010-06-05 17:30 118784 ------r- c:\windows\bwUnin-7.2.0.157-8876480SL.exe
2010-06-05 12:41 . 2010-06-05 12:41 138752 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-06-05 12:32 . 2010-06-05 12:29 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-05 10:19 . 2010-06-05 10:01 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-05 10:19 . 2010-06-05 10:01 2378 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-05 10:18 . 2010-06-05 10:01 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-06-05 10:12 . 2010-06-05 10:12 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-06-05 10:00 . 2010-06-05 10:00 21812 ----a-w- c:\windows\system32\emptyregdb.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-06-05 36864]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-08-07 381304]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-01-03 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-06-05 2957824]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 49152]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-30 284184]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 746520]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\simon\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GameRanger.lnk - c:\documents and settings\simon\Data aplikacˇ\GameRanger\GameRanger\GameRanger.exe [2010-6-30 1240800]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AirLive WL1600USB Wireless Lan Utility.lnk - c:\program files\AirLive WL1600USB\AirLive WL1600USB Wireless Lan Utility\RtWLan.exe [2010-6-5 815104]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-6-5 196608]
Nokia Nseries PC Suite.lnk - c:\program files\Nokia\NNPCS\RunLauncher.exe [2008-1-9 679936]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\simon\\Plocha\\fifa07.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\simon\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [5.6.2010 14:41 138752]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [5.6.2010 12:12 38144]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30.3.2010 11:16 1107336]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [5.6.2010 13:32 246520]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R3 RTLWUSB;AirLive WL1600USB;c:\windows\system32\drivers\RTL8187.sys [5.6.2010 12:12 332928]
S2 gupdate1cb04a23c2055da;Služba Google Update (gupdate1cb04a23c2055da);c:\program files\Google\Update\GoogleUpdate.exe [5.6.2010 13:28 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.6.2010 14:29 685816]
.
Obsah adresáře 'Naplánované úlohy'

2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-05 11:28]

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-05 11:28]

2010-08-05 c:\windows\Tasks\Norton Security Scan for simon.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-05 05:31]
.
.
------- Doplňkový sken -------
.
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\simon\Data aplikací\Mozilla\Firefox\Profiles\kevgnn1k.default\
FF - component: c:\documents and settings\simon\Data aplikací\Mozilla\Firefox\Profiles\kevgnn1k.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\simon\Data aplikací\Mozilla\Firefox\Profiles\kevgnn1k.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\simon\Data aplikací\Mozilla\Firefox\Profiles\kevgnn1k.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\simon\Data aplikací\Mozilla\Firefox\Profiles\kevgnn1k.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Winamp Toolbar - c:\program files\Winamp Toolbar\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 08:25
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="A76D1E2CF394A258C67FFA43FE8D50D557DF910E4DECCAB6F161186117EB43DC8465E9A1357128864876BC429E1C19EB4EB25119F594E5BF8C8B47FD2C2F27728DD0EDB92866DB4DA00C38C78B171C5A24312F68FD9EDF1E5894027D0D38CB9EC9BC1DBC97B3973946FD59B1527B7FD361642E8D50FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA9C6AECB7A5D1407A6171C11EC38DE3D526C5A601F71882AA22AE68A6347553E4FDEAF99F7CDFC817BFD5E340D72BBC526AD792BE9302A16B0C41680D5500D45314BCBFA5831F7901A84FB4EC0213BC6A71BEFCF07CBA88FADD13A40F5B09C30A741F51FA8AFE6751AAD4992552275944EEA425DEC89D6B8CF4C7D6805458D0344A720D2955D28B48F681B9F0462BCD5C933CCE6034F20F80193601DB80DFB854F470C6E43F52E19BD071A1E7EF3F775FA6E3A02A4AAFDFC616E3307B92F9AC4C34E5447C55700309C4042B5E4102320787D8EC8234A02B242049D4FA4F32E0FD24FE13D288337C8592D661450904DC70AA31FDB4103CE4C2AE01B298AC7907ADEBC77AEE89E017953CCA86BCA749A24AD08945DB7CC9FC2D375F845F03C2EDDFE7226807874A29CA003837254DDC1AE16B56E72B2C13ED02E955BDBD08589D67FABD59C3E72EECD0994C2E0DE150D25A61CFCC7D0248BF45B7AB9A9187CB544DF8CC4EE1329D26D88AB09F551835C8A7A0FE68B29D67CF1B2BF5C6E269E5DCA5398006746D04BA250D7C8F1073924A3DFC6A56F40619951BDE7636C508C3ED2C1B8EDFB19C16BD5450B4D9B50686AFBD6DC06A99470FCDABAD342EADF0B2987463CC324C27AD7B3009AB0BC6E694BE19451AC769453D9219C4EBEB8920482D8B0530F5DEB9C4CACCBC264A19935746683880C1426FD72F40B04F4A11882C57D8393AD28B2EE96F72A212F1C7BEAAB5FC148EFC49E889F6DDE04527C96B8FD6B7876D509A8D9990E4F382704344F466920BDF5CF4C2F4EE627C3981F27FB4DDEF8590E08D5EB4BABA46E3C30D7C6AFDEA3F58F7E6F52FC80A71AE1E4D5C36958A67DB1B2B2D636D1448EAB016ADE67E586678121BA73429CD4C596AE242E1A1D538871992DF177C581458CD569C402E0B667680AD5BCC4E25AE575DF87FB3F338684D0D0A8B44290DFA64694C24AA47D5431AE0FDDF9413E96FE125FE89047E8FB5D2772F93F5C8018289728DA690CA73565188BE29908DD9CF7531A2477394C24652199EAD1212595260F7C07BA07916407395D6831FDB5339F737E0CDBAE33A152BD67BAD37D53F95C920613FD79B31EFC7D67E5F71A7BD2A58001E38ED3344C3CD0009A4EF42799EE5B373E16D9445513211248C8E92AAB1E5F19E605692DAFA2820D306E9CFA7CE275"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(5296)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\docume~1\simon\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Celkový čas: 2010-08-10 08:27:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-10 06:27
ComboFix2.txt 2010-08-09 19:09

Před spuštěním: 2 831 843 328
Po spuštění: 2 757 074 944

- - End Of File - - 8F3E052786D10B8367E0999B2AA8EC43

[sanko33]

http://www.virustotal.com/cs/analisis/9 ... 1259222768

[bledulka]

Smaž
C:\AVGTemp

****************

Odinstaluj combofix přes
Start >> Spustit zkopíruj do okénka:
ComboFix /Uninstall

stiskni Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


Stáhni T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusť,pro potvrzení volby mačkej klávesu A, Enter
-po použití prográmek vymaž.Pozor,antiviry ho mohou falešně označit za vir


******************

Vlož nový log ze Rsitu a popiš, jak se chová počítač.

[sanko33]

Po zmáčknutí A,Enter : Mi to píše:
Zalozní adresa byla uspesne vymazany.Stisknete libovolnou klavesu k ukonceni programu... zadny log nenaskočí