Prosím o kontrolu logu, vyskakování oken

Andik · Příspěvekod **Andik** » 17 črc 2009 17:07

Dobrý den, moc prosím o kontrolu logu, pokud mám spuštěný prohlížeč firefox, vyskakují mi nechtěná okna (travian, nějaké lechtivé atd.).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:07, on 17.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbapp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbappHelper.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\HPBPRO.EXE
C:\Program Files\ICQ6.5\ICQ.exe
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
C:\WINDOWS\system32\HPBPRO.EXE
D:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.leadtek.com.tw/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Adobe_ID0EZEHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbapp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98c58fafcdd7a) (gupdate1c98c58fafcdd7a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10783 bytes

Reklama

Andik · Příspěvekod **Andik** » 17 črc 2009 17:09

Ještě když jsem si chtěla stáhnout přes firefox hijack, tak mě to vůbec nepustilo na stránky, přes IE se mi to podařilo stáhnout.

Damned · Příspěvekod **Damned** » 17 črc 2009 17:30

Vítám tě!

CTRL+Alt+Del a ve Správci úloh vypni HPBPRO.EXE

Odinstaluj: DoubleD (GamingHarbor Toolbar), DAEMON Tools Toolbar.

Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (zatrhnout políčko před hodnotou, zmáčknout
"Fix checked"):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.leadtek.com.tw/
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbapp.exe
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pepas87 · Příspěvekod **Pepas87** » 17 črc 2009 17:34

trošku zasáhnu..
včera jsem měl ten samý problém a myslím, že ho vyřešilo toto:

1. Do adresového řádku v prohlížeči stačí zadat příkaz about:config a stisknout enter.
2. Otevře se nová nabídka, kde je nutné do políčka Filtr napsat jit.
3. Na řádek s nápisem jit klikneme dvakrát levým tlačítkem myši, jako když otvíráme nějaký běžný soubor nebo program, změníme jeho hodnotu z true na false.
4. Pokud je hodnota nastavena na false, útočník nemůže chybu zneužít.

zdroj:Nejnovější Firefox má kritickou bezpečnostní chybu, záplata zatím chybí

Damned · Příspěvekod **Damned** » 17 črc 2009 17:39

To není problém FF, ale tím, že má trojana,a adware.

Andik · Příspěvekod **Andik** » 17 črc 2009 18:08

Malwarebytes' Anti-Malware 1.39
Verze databáze: 2451
Windows 5.1.2600 Service Pack 3

17.7.2009 18:06:46
mbam-log-2009-07-17 (18-06-41).txt

Typ skenu: Rychlý sken
Objektu skenováno: 90928
Uplynulý cas: 5 minute(s), 55 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 8
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 25
Infikované soubory: 48

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
C:\Program Files\DoubleD (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790 (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\Data (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\chrome (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\chrome\content (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\components (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850 (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\Data (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340 (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\Data (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.2.0.750 (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.2.0.750\Data (Adware.DoubleD) -> No action taken.

Infikované soubory:
c:\program files\media access startup\1.3.0.790\HPCommon.dll (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\HPIEAddOn.dll (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\hppx.exe (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\MAHelper.exe (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\unins000.dat (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\unins000.exe (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\Data\config.md (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\install.rdf (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\adwpx.exe (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\Ver\local settings\temporary internet files\ISOSetup.exe (Trojan.Agent) -> No action taken.

Damned · Příspěvekod **Damned** » 17 črc 2009 18:13

Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Andik · Příspěvekod **Andik** » 17 črc 2009 18:43

Malwarebytes' Anti-Malware 1.39
Verze databáze: 2451
Windows 5.1.2600 Service Pack 3

17.7.2009 18:21:44
mbam-log-2009-07-17 (18-21-44).txt

Typ skenu: Rychlý sken
Objektu skenováno: 91389
Uplynulý cas: 4 minute(s), 37 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 8
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 25
Infikované soubory: 48

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.2.0.750 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.2.0.750\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované soubory:
c:\program files\media access startup\1.3.0.790\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\HPIEAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\Ver\local settings\temporary internet files\ISOSetup.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Andik · Příspěvekod **Andik** » 17 črc 2009 18:44

ComboFix 09-07-14.08 - Ver 17.07.2009 18:37.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.545 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ver\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ver\Local Settings\Temporary Internet Files\_tm135.tmp
c:\documents and settings\Ver\Local Settings\Temporary Internet Files\_tm196C.tmp
c:\documents and settings\Ver\Local Settings\Temporary Internet Files\_tm1A9E.tmp
c:\documents and settings\Ver\Local Settings\Temporary Internet Files\_tm1FF.tmp
c:\documents and settings\Ver\Local Settings\Temporary Internet Files\_tm2002.tmp
c:\documents and settings\Ver\Local Settings\Temporary Internet Files\_tm38.tmp
c:\documents and settings\Ver\Local Settings\Temporary Internet Files\_tm41.tmp
c:\documents and settings\Ver\Local Settings\Temporary Internet Files\_tm747.tmp
c:\documents and settings\Ver\Local Settings\Temporary Internet Files\_tm796.tmp
c:\documents and settings\Ver\Local Settings\Temporary Internet Files\_tm9BD.tmp
c:\documents and settings\Ver\Local Settings\Temporary Internet Files\_tmB3E.tmp
c:\documents and settings\Ver\Local Settings\Temporary Internet Files\_tmF.tmp
c:\documents and settings\Ver\Local Settings\Temporary Internet Files\stb06759.tmp
c:\recycler\S-1-5-21-1715567821-1677128483-839522115-500
c:\windows\system32\Dvbpws.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-17 do 2009-07-17 )))))))))))))))))))))))))))))))
.

2009-07-17 15:59 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 15:59 . 2009-07-17 15:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 15:59 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 08:14 . 2009-07-17 08:14 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-07-17 08:14 . 2009-07-17 08:14 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-07-17 08:14 . 2009-07-17 08:14 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-17 08:14 . 2009-07-17 08:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-17 08:14 . 2009-07-17 08:14 -------- d-----w- c:\program files\Symantec
2009-07-17 08:13 . 2009-07-17 08:13 -------- d-----w- c:\windows\system32\drivers\NAV
2009-07-17 08:13 . 2009-07-17 08:13 -------- d-----w- c:\program files\Norton AntiVirus
2009-07-17 08:12 . 2009-07-17 08:12 -------- d-----w- c:\program files\NortonInstaller
2009-07-17 08:09 . 2009-07-17 08:29 -------- d-----w- C:\antivirus
2009-07-08 11:03 . 2009-07-08 18:46 -------- d-----w- c:\program files\AmeliesCafe_at
2009-07-08 10:30 . 2009-07-08 10:30 -------- d-----w- c:\program files\BurgerIsland2_at
2009-07-08 10:26 . 2009-07-08 10:29 -------- d-----w- c:\program files\NannyMania2_at
2009-07-07 21:45 . 2009-07-07 21:45 -------- d-----w- c:\program files\WinemakerExtraordinaire_at
2009-07-01 17:09 . 2009-07-01 17:10 -------- d-----w- c:\program files\CakeMania3_at
2009-06-30 11:47 . 2009-06-30 11:47 -------- d-----w- c:\program files\WendysWellness_at
2009-06-30 07:46 . 2009-06-30 07:46 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-06-30 07:46 . 2009-06-30 07:46 -------- d-----w- c:\program files\CreateAMall_at
2009-06-29 11:08 . 2009-06-29 11:08 -------- d-----w- c:\program files\HuruBeachParty_at
2009-06-24 15:33 . 2009-06-24 15:33 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-24 13:18 . 2004-08-18 03:14 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2009-06-24 13:15 . 2009-07-17 15:52 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-24 13:15 . 2009-06-24 13:15 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-24 13:09 . 2009-06-24 13:13 721904 ----a-w- c:\windows\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 08:14 . 2009-07-17 08:14 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-17 08:14 . 2009-07-17 08:14 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-14 13:50 . 2009-02-17 18:12 -------- d-----w- c:\program files\RealArcade
2009-07-14 13:47 . 2009-02-11 22:28 -------- d-----w- c:\program files\iWin Games
2009-07-10 19:38 . 2009-02-11 09:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-08 09:52 . 2009-02-11 22:32 -------- d-----w- c:\program files\iWin.com
2009-06-22 08:11 . 2001-10-25 15:00 68736 ----a-w- c:\windows\system32\perfc005.dat
2009-06-22 08:11 . 2001-10-25 15:00 389664 ----a-w- c:\windows\system32\perfh005.dat
2009-06-16 14:40 . 2004-08-17 16:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 15:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:11 . 2004-08-17 16:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-30 05:25 . 2009-03-30 22:02 -------- d-----w- c:\program files\iWin
2009-05-19 14:44 . 2009-02-11 14:56 -------- d-----w- c:\program files\Google
2009-05-14 13:49 . 2007-12-21 07:21 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2007-12-21 07:19 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-07 15:33 . 2004-08-17 16:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:47 . 2004-08-17 16:49 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:47 . 2004-08-17 16:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-20 18:45 . 2009-04-20 18:45 4580 ----a-w- c:\documents and settings\Ver\FMCodec.dat
2009-04-19 19:52 . 2004-08-17 16:44 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-06-22 21:12 . 2009-02-09 17:24 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2008-10-02 2916352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2008-10-24 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [17.7.2009 10:14 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [17.7.2009 10:13 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [17.7.2009 10:13 482352]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 9:21 94360]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSXpx86.sys [17.7.2009 13:17 276344]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [11.2.2009 11:01 9856]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [17.7.2009 10:13 115560]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [11.2.2009 11:01 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [11.2.2009 11:01 167040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [17.7.2009 10:13 101936]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [11.2.2009 11:01 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [11.2.2009 11:01 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [11.2.2009 11:01 10496]
S2 gupdate1c98c58fafcdd7a;Google Update Service (gupdate1c98c58fafcdd7a);c:\program files\Google\Update\GoogleUpdate.exe [11.2.2009 16:56 133104]
S4 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9.7.2009 22:21 78104]
.
Obsah adresáře 'Naplánované úlohy'

2009-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 14:56]

2009-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 14:56]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ver\Data aplikací\Mozilla\Firefox\Profiles\5pcnstau.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - component: c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-17 18:40
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-07-17 18:41
ComboFix-quarantined-files.txt 2009-07-17 16:41

Před spuštěním: Volných bajtů: 24 764 911 616
Po spuštění: Volných bajtů: 25 175 724 032

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

183 --- E O F --- 2009-07-15 17:27

Damned · Příspěvekod **Damned** » 17 črc 2009 19:00

Který antivir používáš? ESET nebo Norton? Odinstaluj si Norto.
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

Folder::
c:\program files\DAEMON Tools Toolbar

DirLook::
C:\antivirus

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

Andik · Příspěvekod **Andik** » 17 črc 2009 20:17

Pri spusteni Firefoxu uz nevyskakuji dalsi okna (Travian, ...)

ComboFix 09-07-14.08 - Ver 17.07.2009 19:57.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.563 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ver\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ver\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-17 do 2009-07-17 )))))))))))))))))))))))))))))))
.

2009-07-17 17:53 . 2009-07-17 17:53 -------- d-----w- c:\windows\LastGood
2009-07-17 15:59 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 15:59 . 2009-07-17 15:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 15:59 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 08:14 . 2009-07-17 17:53 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-17 08:13 . 2009-07-17 17:53 -------- d-----w- c:\program files\Norton AntiVirus
2009-07-17 08:12 . 2009-07-17 17:53 -------- d-----w- c:\program files\NortonInstaller
2009-07-17 08:09 . 2009-07-17 08:29 -------- d-----w- C:\antivirus
2009-07-08 11:03 . 2009-07-08 18:46 -------- d-----w- c:\program files\AmeliesCafe_at
2009-07-08 10:30 . 2009-07-08 10:30 -------- d-----w- c:\program files\BurgerIsland2_at
2009-07-08 10:26 . 2009-07-08 10:29 -------- d-----w- c:\program files\NannyMania2_at
2009-07-07 21:45 . 2009-07-07 21:45 -------- d-----w- c:\program files\WinemakerExtraordinaire_at
2009-07-01 17:09 . 2009-07-01 17:10 -------- d-----w- c:\program files\CakeMania3_at
2009-06-30 11:47 . 2009-06-30 11:47 -------- d-----w- c:\program files\WendysWellness_at
2009-06-30 07:46 . 2009-06-30 07:46 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-06-30 07:46 . 2009-06-30 07:46 -------- d-----w- c:\program files\CreateAMall_at
2009-06-29 11:08 . 2009-06-29 11:08 -------- d-----w- c:\program files\HuruBeachParty_at
2009-06-24 15:33 . 2009-06-24 15:33 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-24 13:18 . 2004-08-18 03:14 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2009-06-24 13:15 . 2009-06-24 13:15 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-24 13:09 . 2009-06-24 13:13 721904 ----a-w- c:\windows\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 13:50 . 2009-02-17 18:12 -------- d-----w- c:\program files\RealArcade
2009-07-14 13:47 . 2009-02-11 22:28 -------- d-----w- c:\program files\iWin Games
2009-07-10 19:38 . 2009-02-11 09:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-08 09:52 . 2009-02-11 22:32 -------- d-----w- c:\program files\iWin.com
2009-06-22 08:11 . 2001-10-25 15:00 68736 ----a-w- c:\windows\system32\perfc005.dat
2009-06-22 08:11 . 2001-10-25 15:00 389664 ----a-w- c:\windows\system32\perfh005.dat
2009-06-16 14:40 . 2004-08-17 16:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 15:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:11 . 2004-08-17 16:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-30 05:25 . 2009-03-30 22:02 -------- d-----w- c:\program files\iWin
2009-05-19 14:44 . 2009-02-11 14:56 -------- d-----w- c:\program files\Google
2009-05-14 13:49 . 2007-12-21 07:21 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2007-12-21 07:19 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-07 15:33 . 2004-08-17 16:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:47 . 2004-08-17 16:49 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:47 . 2004-08-17 16:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-20 18:45 . 2009-04-20 18:45 4580 ----a-w- c:\documents and settings\Ver\FMCodec.dat
2009-04-19 19:52 . 2004-08-17 16:44 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-06-22 21:12 . 2009-02-09 17:24 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\antivirus ----

2009-07-17 08:29 . 2009-07-17 08:29 31863808 ----a-w- c:\antivirus\eav_nt32_csy(2).msi
2009-07-17 08:18 . 2009-07-17 08:29 31863808 ----a-w- c:\antivirus\eav_nt32_csy.msi
2009-07-17 08:09 . 2009-07-17 08:12 63022848 ----a-w- c:\antivirus\NAV09EN.exe

((((((((((((((((((((((((((((( SnapShot@2009-07-17_16.40.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-17 17:53 . 2009-07-17 08:14 36400 c:\windows\LastGood\system32\DRIVERS\SymIM.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2008-10-02 2916352]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2008-10-24 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2007 9:21 94360]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [11.2.2009 11:01 9856]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [11.2.2009 11:01 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [11.2.2009 11:01 167040]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [11.2.2009 11:01 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [11.2.2009 11:01 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [11.2.2009 11:01 10496]
R4 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090712.001\IDSxpx86.sys --> c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090712.001\IDSxpx86.sys [?]
R4 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SYMEFA.SYS --> c:\windows\system32\drivers\NAV\1005000.086\SYMEFA.SYS [?]
S2 gupdate1c98c58fafcdd7a;Google Update Service (gupdate1c98c58fafcdd7a);c:\program files\Google\Update\GoogleUpdate.exe [11.2.2009 16:56 133104]
S4 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9.7.2009 22:21 78104]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - BHDrvx86
*Deregistered* - ccHP
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SRTSPX
.
Obsah adresáře 'Naplánované úlohy'

2009-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 14:56]

2009-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 14:56]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ver\Data aplikací\Mozilla\Firefox\Profiles\5pcnstau.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-17 20:02
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1024)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-07-17 20:03
ComboFix-quarantined-files.txt 2009-07-17 18:03
ComboFix2.txt 2009-07-17 16:41

Před spuštěním: Volných bajtů: 25 276 882 944
Po spuštění: Volných bajtů: 25 268 060 160

164 --- E O F --- 2009-07-15 17:27

_________________________________________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:07, on 17.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Adobe_ID0EZEHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98c58fafcdd7a) (gupdate1c98c58fafcdd7a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6406 bytes

Damned · Příspěvekod **Damned** » 17 črc 2009 20:36

Fajn, tak to dočistíme.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090712.001\IDSxpx86.sys
c:\windows\system32\drivers\NAV\1005000.086\SYMEFA.SYS

Folder::
c:\program files\Common Files\Symantec Shared
c:\program files\Norton AntiVirus
c:\program files\NortonInstaller

Driver::
IDSxpx86;IDSxpx86
IDSxpx86
SymEFA;Symantec Extended File Attributes
SymEFA

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

Prosím o kontrolu logu, vyskakování oken Vyřešeno

Prosím o kontrolu logu, vyskakování oken Vyřešeno

Re: Prosím o kontrolu logu, vyskakování oken

Re: Prosím o kontrolu logu, vyskakování oken

Re: Prosím o kontrolu logu, vyskakování oken

Re: Prosím o kontrolu logu, vyskakování oken

Re: Prosím o kontrolu logu, vyskakování oken

Re: Prosím o kontrolu logu, vyskakování oken

Re: Prosím o kontrolu logu, vyskakování oken

Re: Prosím o kontrolu logu, vyskakování oken

Re: Prosím o kontrolu logu, vyskakování oken

Re: Prosím o kontrolu logu, vyskakování oken

Re: Prosím o kontrolu logu, vyskakování oken

Kdo je online