Security tool zoufalost Vyřešeno

[joseee]

Ahojte, mám problém a jak jsem se docetl nejsem sám, cosi jsem už precetl ale potrebuju asi nejaky jinaci postup.
Tento program mi atakuje system ze se neda skoro nic delat.
Docetl jsem se prvni krok a to stahnout hijack a vlozit sem log, ale me ten program nejde na notasu ktery je napaden spustit.
Tak jsem ho prejmenoval ale stejne to nejde spustit.
Mate radu?

[Reklama]

[Luboš]

Pokud se dostaneš z jiného počítače na tuto anebo tuto stránku, tak tam je popis na jeho odstranění - v angličtině.

[memphisto]

Pokud máš Windows 7, tak na spouštěcí soubor klikni pravým a vyber Spustit jako administrátor a nebo Odstranit problémy s kompatibilitou a mělo by to v pohodě jet.Případně udělej tohle:

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Luboš]

Pro memphisto - myslím si, že na uvedených stránkách je uveden jednoduchý postup, nemusí kvůli tomu stahovat, instalovat a spouštět tři programy (můj názor, sorry).

[memphisto]

No,a když se podíváš na ty tvé odkazy, tak co doporučují na odstranění? Malwarebytes, který tam mám taky a Spyware Doctor, který je v tomhle případě naprd. ATF Cleaner vyčistí Tempy a cache, Dr.WEB zhruba zkontroluje nákazy a odstraní případné další nálezy a Malwarebytes dokončí zbytek. Věř, že tohle je prověřený postup a funguje

[Luboš]

OK, OK - počkáme na reakci.

[joseee]

Tak jsem vjel pres nouzovy rezim do Win, nasel a smazal security tool.
Pak pc projel avastem.
Potom projel ATF Cleaner
Potom projel Dr. Web
Nakonec Malwarebytes' Anti-Malware
A tady je ten log.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 5065

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

7.11.2010 8:21:22
mbam-log-2010-11-07 (08-21-22).txt

Typ skenu: Rychlý sken
Skenované objekty: 144208
Uplynulý čas: 7 minuta(y), 53 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 17
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 4
Infikované soubory: 18

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge (Trojan.SearchRedir.G) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{01677b4b-0610-4814-94a0-5f570dd7a88f} (Trojan.SearchRedir.G) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01677b4b-0610-4814-94a0-5f570dd7a88f} (Trojan.SearchRedir.G) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01677b4b-0610-4814-94a0-5f570dd7a88f} (Trojan.SearchRedir.G) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01677b4b-0610-4814-94a0-5f570dd7a88f} (Trojan.SearchRedir.G) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e3cfdfe-79c8-4225-81b9-20fc99da6972} (Trojan.SearchRedir.G) -> No action taken.
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge.1 (Trojan.SearchRedir.G) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.SearchPage) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.SearchPage) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{fd90c192-481b-4a89-9fd7-cfa65709f541} (Adware.SuperSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0fdcf5f0-d211-4412-a6e3-dd4938e26e24} (Adware.SuperSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{105e2c3f-b804-4e5b-acdd-fd7733908d0e} (Adware.SuperSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a30dfaca-4174-438e-bdb8-ae8fd54313a7} (Adware.SuperSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aff229f4-c47c-4965-8a83-2bfca62ab441} (Adware.SuperSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cb5a0bc8-e15f-48e8-afc2-95cef3e97ac3} (Adware.SuperSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d5f2caa6-16d2-4d34-9aff-3dc30d94b8c1} (Adware.SuperSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sitevacuum (Adware.SuperSearch) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Program Files\EasySearch (Adware.SuperSearch) -> No action taken.
C:\Program Files\EasySearch\FFExt (Adware.SuperSearch) -> No action taken.
C:\Program Files\EasySearch\FFExt\chrome (Adware.SuperSearch) -> No action taken.
C:\Program Files\EasySearch\FFExt\chrome\content (Adware.SuperSearch) -> No action taken.

Infikované soubory:
C:\Program Files\GooglePlusVideos\23.GooglePlusVideos.dll (Trojan.SearchRedir.G) -> No action taken.
C:\Program Files\EasySearch\ISiteVacuumXPCOM.xpt (Adware.SuperSearch) -> No action taken.
C:\Program Files\EasySearch\MFC42U.DLL (Adware.SuperSearch) -> No action taken.
C:\Program Files\EasySearch\SiteVacuumClient.bue (Adware.SuperSearch) -> No action taken.
C:\Program Files\EasySearch\SiteVacuumClient.tlb (Adware.SuperSearch) -> No action taken.
C:\Program Files\EasySearch\SiteVacuumLicense.txt (Adware.SuperSearch) -> No action taken.
C:\Program Files\EasySearch\SiteVacuumXPCOM.dll (Adware.SuperSearch) -> No action taken.
C:\Program Files\EasySearch\tskill.exe (Adware.SuperSearch) -> No action taken.
C:\Program Files\EasySearch\uninst.exe (Adware.SuperSearch) -> No action taken.
C:\Program Files\EasySearch\UpdateHelper.exe (Adware.SuperSearch) -> No action taken.
C:\Program Files\EasySearch\what.is.SiteVacuumClient.exe.txt (Adware.SuperSearch) -> No action taken.
C:\Program Files\EasySearch\WSConfig.ini (Adware.SuperSearch) -> No action taken.
C:\Program Files\EasySearch\FFExt\chrome.manifest (Adware.SuperSearch) -> No action taken.
C:\Program Files\EasySearch\FFExt\install.rdf (Adware.SuperSearch) -> No action taken.
C:\Program Files\EasySearch\FFExt\chrome\content\script-injector.js (Adware.SuperSearch) -> No action taken.
C:\Program Files\EasySearch\FFExt\chrome\content\sitevacuum.xul (Adware.SuperSearch) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.
C:\Users\Aqwertz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.

[memphisto]

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[joseee]

tak jsem to smazal a tady je log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 5065

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

7.11.2010 8:35:42
mbam-log-2010-11-07 (08-35-42).txt

Typ skenu: Rychlý sken
Skenované objekty: 144208
Uplynulý čas: 7 minuta(y), 53 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 17
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 4
Infikované soubory: 18

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge (Trojan.SearchRedir.G) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01677b4b-0610-4814-94a0-5f570dd7a88f} (Trojan.SearchRedir.G) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01677b4b-0610-4814-94a0-5f570dd7a88f} (Trojan.SearchRedir.G) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01677b4b-0610-4814-94a0-5f570dd7a88f} (Trojan.SearchRedir.G) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01677b4b-0610-4814-94a0-5f570dd7a88f} (Trojan.SearchRedir.G) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e3cfdfe-79c8-4225-81b9-20fc99da6972} (Trojan.SearchRedir.G) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge.1 (Trojan.SearchRedir.G) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.SearchPage) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.SearchPage) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{fd90c192-481b-4a89-9fd7-cfa65709f541} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0fdcf5f0-d211-4412-a6e3-dd4938e26e24} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{105e2c3f-b804-4e5b-acdd-fd7733908d0e} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a30dfaca-4174-438e-bdb8-ae8fd54313a7} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aff229f4-c47c-4965-8a83-2bfca62ab441} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cb5a0bc8-e15f-48e8-afc2-95cef3e97ac3} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d5f2caa6-16d2-4d34-9aff-3dc30d94b8c1} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sitevacuum (Adware.SuperSearch) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Program Files\EasySearch (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\FFExt (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\FFExt\chrome (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\FFExt\chrome\content (Adware.SuperSearch) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Program Files\GooglePlusVideos\23.GooglePlusVideos.dll (Trojan.SearchRedir.G) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\ISiteVacuumXPCOM.xpt (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\MFC42U.DLL (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\SiteVacuumClient.bue (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\SiteVacuumClient.tlb (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\SiteVacuumLicense.txt (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\SiteVacuumXPCOM.dll (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\tskill.exe (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\uninst.exe (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\UpdateHelper.exe (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\what.is.SiteVacuumClient.exe.txt (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\WSConfig.ini (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\FFExt\chrome.manifest (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\FFExt\install.rdf (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\FFExt\chrome\content\script-injector.js (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\FFExt\chrome\content\sitevacuum.xul (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Aqwertz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.



A ted jdu na ten druhy krok.

[joseee]

Tak z toho Comba je log takovy
ComboFix 10-11-07.01 - Aqwertz 07.11.2010 8:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1033.18.3066.1980 [GMT 1:00]
Spuštěný z: c:\users\Aqwertz\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\GooglePlusVideos
c:\program files\GooglePlusVideos\DeploymentHelper.exe
c:\program files\GooglePlusVideos\FFExt\chrome.manifest
c:\program files\GooglePlusVideos\FFExt\chrome\content\googleplusvideos.xul
c:\program files\GooglePlusVideos\FFExt\chrome\content\script-injector.js
c:\program files\GooglePlusVideos\FFExt\install.rdf
c:\program files\GooglePlusVideos\GooglePlusVideosLicense.txt
c:\program files\GooglePlusVideos\GooglePlusVideosXPCOM.dll
c:\program files\GooglePlusVideos\GVConfig.ini
c:\program files\GooglePlusVideos\IGooglePlusVideosXPCOM.xpt
c:\program files\GooglePlusVideos\MFC42U.DLL
c:\program files\GooglePlusVideos\Uninstall.bat
c:\windows\ST6UNST.000

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-07 do 2010-11-07 )))))))))))))))))))))))))))))))
.

2010-11-07 08:00 . 2010-11-07 08:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-07 07:12 . 2010-11-07 07:12 -------- d-----w- c:\users\Aqwertz\AppData\Roaming\Malwarebytes
2010-11-07 07:11 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-07 07:11 . 2010-11-07 07:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-07 07:11 . 2010-11-07 07:11 -------- d-----w- c:\programdata\Malwarebytes
2010-11-07 07:11 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-06 19:55 . 2010-11-06 19:55 -------- d-----w- c:\users\Aqwertz\DoctorWeb
2010-11-06 17:29 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-06 17:29 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-06 17:29 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-06 17:29 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-06 17:29 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-11-06 17:27 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-06 17:27 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-06 17:27 . 2010-11-06 17:27 -------- d-----w- c:\programdata\Alwil Software
2010-11-06 17:27 . 2010-11-06 17:27 -------- d-----w- c:\program files\Alwil Software
2010-11-06 08:42 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6C838F1-E771-42FB-8E4B-D195BBA03A3E}\mpengine.dll
2010-10-09 21:02 . 2010-10-09 23:27 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-10-09 21:02 . 2010-10-09 23:27 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-10-09 21:02 . 2010-10-09 23:27 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-10-09 21:01 . 1999-04-23 20:22 151552 ----a-w- c:\windows\system32\MSOSS.DLL
2010-10-09 12:53 . 2010-10-09 12:53 -------- d-----w- c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-05 09:06 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 02:50 . 2010-08-04 12:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-17 14:11 . 2010-09-15 18:12 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 03:15 . 2010-08-10 03:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 03:15 . 2010-08-10 03:15 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-13 20:11 . 2009-08-10 04:21 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D286E828-E6B9-484d-A058-D7323666DE33}]
2010-01-20 10:28 225280 ----a-w- c:\program files\RecFree.com\recfree\1.3.60.10\recfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0508F8F1-08E3-43EE-AAA8-09AD09803084}"= "c:\program files\RecFree.com\recfree\1.3.60.10\recfreeTlbr.dll" [2010-01-20 167936]

[HKEY_CLASSES_ROOT\clsid\{0508f8f1-08e3-43ee-aaa8-09ad09803084}]
[HKEY_CLASSES_ROOT\escorTlbr.DskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\escorTlbr.DskBnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-25 39408]
"Sidebar"="c:\program files\Windows Sidebar\SideBar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"DAEMON Tools Lite"="c:\programy\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-13 30192]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\programy\Winamp\winampa.exe" [2006-06-21 35328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-01 202256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-17 442433]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-25 08:08 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1431754263-3123048416-4286111678-1000]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca89a4acfcf020;Služba Google Update (gupdate1ca89a4acfcf020);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 133104]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-13 30192]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-16 691696]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [2008-07-17 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-07-28 54784]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-05-29 203264]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-07-04 3663360]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-09-22 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-09-22 277632]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 23:06]

2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 23:06]

2010-11-07 c:\windows\Tasks\User_Feed_Synchronization-{89ED00AA-BCCD-4A5A-9369-37806B817BF4}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.mydtzone.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Aqwertz\AppData\Roaming\Mozilla\Firefox\Profiles\apk9mtfy.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage| ... t.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.2&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\ffxtlbr@recfree.com\components\FFHst.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\Aqwertz\AppData\Roaming\Mozilla\Firefox\Profiles\apk9mtfy.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-07 09:01
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,91,a1,63,31,37,ab,40,b8,fb,65,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,91,a1,63,31,37,ab,40,b8,fb,65,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-11-07 09:04:14
ComboFix-quarantined-files.txt 2010-11-07 08:04

Před spuštěním: 127 678 603 264 bytes free
Po spuštění: 129 076 776 960 bytes free

- - End Of File - - BC09937532271912B06BFB3BF476596E

[memphisto]

Odinstaluj RecFree Toolbar

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1431754263-3123048416-4286111678-1000]
"EnableNotificationsRef"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= -
"EnableUIADesktopToggle"= -
[-HKEY_CLASSES_ROOT\clsid\{0508f8f1-08e3-43ee-aaa8-09ad09803084}]
[-HKEY_CLASSES_ROOT\escorTlbr.DskBnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_CLASSES_ROOT\escorTlbr.DskBnd]

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]

RegNull::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Toto otestuj na Virustotal
c:\windows\system32\SIntfNT.dll
c:\windows\system32\SIntf32.dll
c:\windows\system32\SIntf16.dll
c:\windows\system32\spoolsv.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

+log HijackThis

[joseee]

tak tadyk prvni log

ComboFix 10-11-07.01 - Aqwertz 07.11.2010 9:52.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1033.18.3066.1878 [GMT 1:00]
Spuštěný z: c:\users\Aqwertz\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Aqwertz\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-07 do 2010-11-07 )))))))))))))))))))))))))))))))
.

2010-11-07 08:58 . 2010-11-07 08:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-07 07:12 . 2010-11-07 07:12 -------- d-----w- c:\users\Aqwertz\AppData\Roaming\Malwarebytes
2010-11-07 07:11 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-07 07:11 . 2010-11-07 07:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-07 07:11 . 2010-11-07 07:11 -------- d-----w- c:\programdata\Malwarebytes
2010-11-07 07:11 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-06 19:55 . 2010-11-06 19:55 -------- d-----w- c:\users\Aqwertz\DoctorWeb
2010-11-06 17:29 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-06 17:29 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-06 17:29 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-06 17:29 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-06 17:29 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-11-06 17:27 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-06 17:27 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-06 17:27 . 2010-11-06 17:27 -------- d-----w- c:\programdata\Alwil Software
2010-11-06 17:27 . 2010-11-06 17:27 -------- d-----w- c:\program files\Alwil Software
2010-11-06 08:42 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6C838F1-E771-42FB-8E4B-D195BBA03A3E}\mpengine.dll
2010-10-09 21:02 . 2010-10-09 23:27 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-10-09 21:02 . 2010-10-09 23:27 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-10-09 21:02 . 2010-10-09 23:27 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-10-09 21:01 . 1999-04-23 20:22 151552 ----a-w- c:\windows\system32\MSOSS.DLL
2010-10-09 12:53 . 2010-10-09 12:53 -------- d-----w- c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-05 09:06 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-15 02:50 . 2010-08-04 12:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-17 14:11 . 2010-09-15 18:12 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-13 20:11 . 2009-08-10 04:21 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-25 39408]
"Sidebar"="c:\program files\Windows Sidebar\SideBar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"DAEMON Tools Lite"="c:\programy\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-13 30192]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinampAgent"="c:\programy\Winamp\winampa.exe" [2006-06-21 35328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-01 202256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-17 442433]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-25 08:08 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1431754263-3123048416-4286111678-1000]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca89a4acfcf020;Služba Google Update (gupdate1ca89a4acfcf020);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 133104]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-13 30192]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-16 691696]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [2008-07-17 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2008-07-28 54784]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-05-29 203264]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-07-04 3663360]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-09-22 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-09-22 277632]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 23:06]

2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 23:06]

2010-11-07 c:\windows\Tasks\User_Feed_Synchronization-{89ED00AA-BCCD-4A5A-9369-37806B817BF4}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.mydtzone.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Aqwertz\AppData\Roaming\Mozilla\Firefox\Profiles\apk9mtfy.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage| ... t.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.2&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\ffxtlbr@recfree.com\components\FFHst.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\Aqwertz\AppData\Roaming\Mozilla\Firefox\Profiles\apk9mtfy.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-07 09:58
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,91,a1,63,31,37,ab,40,b8,fb,65,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,91,a1,63,31,37,ab,40,b8,fb,65,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(4808)
c:\windows\system32\btmmhook.dll
.
Celkový čas: 2010-11-07 10:00:24
ComboFix-quarantined-files.txt 2010-11-07 09:00
ComboFix2.txt 2010-11-07 08:04

Před spuštěním: 128 135 213 056 bytes free
Po spuštění: 128 143 839 232 bytes free

- - End Of File - - 387E97B8DFBA8D8B90CD203CA468F74D



A ted jdu na druhy krok virtualstal......