Prosím o kontrolu logu - malware Vyřešeno

[jaro3]

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}:1.0.24
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.2.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2011.04.08 18:37:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dev\AppData\Roaming\Mozilla\Extensions
[2011.04.08 18:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dev\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.08 18:37:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dev\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012.02.11 21:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions
[2012.01.11 22:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\DEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MNLUIBUC.DEFAULT\EXTENSIONS\{9D1F059C-CADA-4111-9696-41A62D64E3BA}.XPI
() (No name found) -- C:\USERS\DEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MNLUIBUC.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
O1 HOSTS File: ([2012.02.22 13:51:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-70991073-294915204-578872715-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {7B43048F-DA7A-458F-AF35-D825BDBB6816} http://83.69.34.233/codebase/NetVideoOCX.cab (NetVideoOCX Control)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
[2012.02.17 10:50:26 | 000,631,526 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2012.02.17 10:50:26 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.17 10:50:26 | 000,122,148 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2012.02.17 10:50:26 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
c:\windows\Tasks\*.job
C:\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\ComboFix
C:\Users\dev\AppData\Roaming\unins000.exe
C:\Users\dev\AppData\Roaming\unins000.dat
C:\Users\dev\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Windows\winin.ini
C:\ProgramData\DDB9ED223A.sys
C:\Windows\ssndii.exe
C:\Windows\ativpsrm.bin

:Reg
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]


Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

Aktualizuj javu:
Java SE Runtime Environment 7

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-7-windows-i586-p.exe nebo
jre-7-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.

Doporučuji aktualizovat Avast5 na Avast6.

[Reklama]

[devilekk]

Omlouvám se, k počítači jsem se z dovolené dostal až nyní.
Java aktualizována, log z OTL:


All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Prefs.js: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 removed from extensions.enabledItems
Prefs.js: {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}:1.0.24 removed from extensions.enabledItems
Prefs.js: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.2.1 removed from extensions.enabledItems
Prefs.js: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8 removed from extensions.enabledItems
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Extensions folder moved successfully.
Folder C:\Users\dev\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}\ not found.
Folder C:\Users\dev\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\ not found.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}\defaults\preferences folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}\defaults folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}\components folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}\chrome folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B} folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\GarminGPSControl.plugin\Contents\Resources\English.lproj folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\GarminGPSControl.plugin\Contents\Resources folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\GarminGPSControl.plugin\Contents\MacOS folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\GarminGPSControl.plugin\Contents folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\GarminGPSControl.plugin folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\staged folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\piclens@cooliris.com\typelib folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\piclens@cooliris.com\plugins folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\piclens@cooliris.com\META-INF folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\piclens@cooliris.com\libs\9.0 folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\piclens@cooliris.com\libs\8.0 folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\piclens@cooliris.com\libs\7.0 folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\piclens@cooliris.com\libs\6.0 folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\piclens@cooliris.com\libs\5.0 folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\piclens@cooliris.com\libs\2.0 folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\piclens@cooliris.com\libs\10.0 folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\piclens@cooliris.com\libs folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\piclens@cooliris.com\components folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\piclens@cooliris.com\chrome\content\images folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\piclens@cooliris.com\chrome\content folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\piclens@cooliris.com\chrome folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions\piclens@cooliris.com folder moved successfully.
C:\Users\dev\AppData\Roaming\Mozilla\Firefox\Profiles\mnluibuc.default\extensions folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions folder moved successfully.
127.0.0.1 localhost removed from HOSTS file successfully
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-70991073-294915204-578872715-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {7B43048F-DA7A-458F-AF35-D825BDBB6816}
C:\Windows\Downloaded Program Files\NetVideoOCX.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7B43048F-DA7A-458F-AF35-D825BDBB6816}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B43048F-DA7A-458F-AF35-D825BDBB6816}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7B43048F-DA7A-458F-AF35-D825BDBB6816}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B43048F-DA7A-458F-AF35-D825BDBB6816}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
C:\Windows\SysNative\perfh005.dat moved successfully.
C:\Windows\SysNative\perfh009.dat moved successfully.
C:\Windows\SysNative\perfc005.dat moved successfully.
C:\Windows\SysNative\perfc009.dat moved successfully.
ADS C:\ProgramData\Temp:CDFF58FE deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-70991073-294915204-578872715-1001Core.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-70991073-294915204-578872715-1001UA.job moved successfully.
c:\windows\Tasks\SyncBack dev.job moved successfully.
File\Folder C:\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
File\Folder C:\Windows\SysNative\drivers\*.tmp not found.
File\Folder C:\Windows\SysWow64\drivers\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
File\Folder C:\Windows\SysWow64\*.tmp not found.
File\Folder C:\Windows\SysNative\*.tmp not found.
C:\ComboFix folder moved successfully.
C:\Users\dev\AppData\Roaming\unins000.exe moved successfully.
C:\Users\dev\AppData\Roaming\unins000.dat moved successfully.
C:\Users\dev\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Windows\winin.ini moved successfully.
C:\ProgramData\DDB9ED223A.sys moved successfully.
C:\Windows\ssndii.exe moved successfully.
C:\Windows\ativpsrm.bin moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: dev
->Temp folder emptied: 22189775 bytes
->Temporary Internet Files folder emptied: 4495061 bytes
->Java cache emptied: 2860200 bytes
->FireFox cache emptied: 50591711 bytes
->Google Chrome cache emptied: 7262572 bytes
->Flash cache emptied: 821 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10694 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85315 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 83,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: dev
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.33.2 log created on 03042012_002737

Files\Folders moved on Reboot...
C:\Users\dev\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[jaro3]

Spusť OTL a klikni na Vyčisti.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

[devilekk]

Děkuji mnohokrát za pomoc vám oběma!