Prosím o kontrolu logu

[JardaK.]

Zdravím všechny PC odborníky,
až doposud jsem si myslel, že se v PC docela vyznám, ale opak je pravdou....
už jsem v koncích, žádný antivirový program nepomáhá na 100% a mám dost vážné tušení, že ten můj comp je plný "virů". A právě nejvíc mě trápí výše zmiňovaný Win32/Stration -neustálé vypínání PC mě už štve.
Prosím o radu a pomoc, nikdy jsem žádný Hijack nepoužíval a ani nevím,jak přesně funguje, ale příkládám zde svůj výpis. Prosím někoho schopného a ochotného, kdo by mi s tím dokázal poradit, co všechno mám udělat, abych se té havěti zbavil. Předem děkuji!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:04, on 4.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Z:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
Z:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
G:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - Z:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "Z:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Olda] C:\Documents and Settings\Olda\Olda.exe /i
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1454471165-436374069-1708537768-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1454471165-436374069-1708537768-1003\..\Run: [Olda] C:\Documents and Settings\Olda\Olda.exe /i (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Z:\PROGRA~1\FRONTP~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Z:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Z:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - Z:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - Z:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CS2\Services\Tcpip\..\{A2C2FCCB-6B08-49DD-975B-A5975C8C89FB}: NameServer = 10.100.100.1,217.112.162.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - Z:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7232 bytes

[Reklama]

[jaro3]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[JardaK.]

Malwarebytes' Anti-Malware 1.35
Verze databáze: 1940
Windows 5.1.2600 Service Pack 2

5.4.2009 12:46:33
mbam-log-2009-04-05 (12-46-25).txt

Typ skenu: Rychlý sken
Objektu skenováno: 70886
Uplynulý cas: 9 minute(s), 19 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 3
Infikované hodnoty registru: 0
Infikované položky dat registru: 2
Infikované složky: 0
Infikované soubory: 91

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fips32cup (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fips32cup (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\system32\drivers\fips32cup.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\wpv561238324794.cpx (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN2.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN3.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN6.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN9.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN10.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN11.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN12.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN13.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN14.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN15.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN16.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN17.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN18.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN19.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN1A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN1B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN1C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN1D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN1E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN1F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN20.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN21.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN22.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN23.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN24.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN25.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN26.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN27.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN28.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN29.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN2A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN2B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN2C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN2D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN2E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN2F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN30.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN31.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN32.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN33.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN34.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN35.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN36.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN38.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN39.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN3A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN3B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN3C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN3D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN3E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN3F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN40.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN41.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN42.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN43.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN44.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN45.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN46.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN47.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN48.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN49.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN4A.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN4B.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN4C.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN4D.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN4E.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN4F.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN50.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN52.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN53.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN54.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN55.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN56.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Olda\Local Settings\Temp\BN57.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN10.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN11.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN12.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\vcmgcd32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\systems.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\logo1_.exe (Worm.Viking) -> No action taken.


Tak a je to. Co teď s tím? Jen 94 šmejdů, to je snad na přeinstalování Windows nebo ne?

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log + nový log z HJT.

Stáhni si a spusť pod účtem administrátora Avenger
Tlačítkem OK potvrď, že vše, co děláš v tomto programu, děláš na vlastní riziko
Zvol možnost "Load script from internet URL"
Do řádku pod tím zkopíruj následující adresu:

Kód: Vybrat vše

http://ne-e.eu/stration/script.txt
 

Klikni na Execute ke spuštění programu, nakonec klikni na OK a Tvůj počítač se restartuje
Poté sem vlož nový log z HijackThis ke kontrole.

[JardaK.]

TAk jdu na to....
Chvíli to bude trvat, protože ten můj supr PC není žádný rychlík.

[JardaK.]

log z MbAM:

Malwarebytes' Anti-Malware 1.35
Verze databáze: 1940
Windows 5.1.2600 Service Pack 2

5.4.2009 16:15:47
mbam-log-2009-04-05 (16-15-47).txt

Typ skenu: Rychlý sken
Objektu skenováno: 70866
Uplynulý cas: 7 minute(s), 52 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 3
Infikované hodnoty registru: 0
Infikované položky dat registru: 2
Infikované složky: 0
Infikované soubory: 92

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\system32\drivers\fips32cup.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv561238324794.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Delete on reboot.
C:\Documents and Settings\Olda\Local Settings\Temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN11.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN13.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN14.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN17.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN18.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN19.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN1A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN1B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN1C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN1D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN1E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN1F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN20.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN21.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN22.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN23.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN24.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN25.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN26.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN27.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN28.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN29.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN2A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN2B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN2C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN2D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN2E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN2F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN30.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN31.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN32.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN33.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN34.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN35.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN36.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN38.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN39.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN3A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN3B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN3C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN3D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN3E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN3F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN40.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN41.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN42.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN43.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN44.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN45.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN46.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN47.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN48.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN49.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN4A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN4B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN4C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN4D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN4E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN4F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN50.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN52.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN53.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN54.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN55.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN56.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Olda\Local Settings\Temp\BN57.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN11.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcmgcd32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\systems.txt (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\logo1_.exe (Worm.Viking) -> Delete on reboot.


Při mazání mi to vyhodilo hlášku, že čtyři infikované cesty budou smazány až po restartování systému, tak jsem Windows restartoval a nechal to projet znovu.
Log:
Malwarebytes' Anti-Malware 1.35
Verze databáze: 1940
Windows 5.1.2600 Service Pack 2

5.4.2009 16:33:27
mbam-log-2009-04-05 (16-33-27).txt

Typ skenu: Rychlý sken
Objektu skenováno: 70817
Uplynulý cas: 7 minute(s), 53 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[JardaK.]

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:43:00, on 5.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Z:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
Z:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
G:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - Z:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "Z:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Z:\PROGRA~1\FRONTP~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Z:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Z:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - Z:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - Z:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CS2\Services\Tcpip\..\{A2C2FCCB-6B08-49DD-975B-A5975C8C89FB}: NameServer = 10.100.100.1,217.112.162.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - Z:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6981 bytes

[jaro3]

Odinstaloval bych SpywareTerminator ( nebo u něj aspoň vypni rez. štít).Máš tam ještě Spybot.

Vypni rez.štít u ST ( pokud jsi ho neodinstaloval) + deaktivuj Spybot.( pořiď si po odvirování nějaký free antivir-Avira, Avast, AVG..)
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[JardaK.]

Nový log po aplikaci Avengera:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:44, on 5.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Z:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
Z:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
G:\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - Z:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "Z:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://Z:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Z:\PROGRA~1\FRONTP~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Z:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Z:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - Z:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - Z:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CS2\Services\Tcpip\..\{A2C2FCCB-6B08-49DD-975B-A5975C8C89FB}: NameServer = 10.100.100.1,217.112.162.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - Z:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7014 bytes

[JardaK.]

Jé, sry, já jsem si nevšim, že si mi už odpověděl.
Jasně, všechno odinstaluju a použiji ten ...fix.

[JardaK.]

ComboFix 09-04-04.01 - Olda 2009-04-05 17:11:17.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.319.116 [GMT 2:00]
Spuštěný z: c:\documents and settings\Olda\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Olda\Local Settings\Temporary Internet Files\firmware.inf
c:\documents and settings\Olda\Local Settings\Temporary Internet Files\ip3picfile.temp
c:\documents and settings\Olda\Local Settings\Temporary Internet Files\ip3Wmapic.temp
c:\documents and settings\Olda\Local Settings\Temporary Internet Files\NEWSBOYS - Drum solo (Houston we are go 2008).wmv
c:\recycled\Recycled
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-03-05 do 2009-04-05 )))))))))))))))))))))))))))))))
.

2009-04-05 16:49 . 2009-04-05 16:49 21,690 --a------ C:\avexport.bat
2009-04-05 16:49 . 2009-04-05 16:49 702 --a------ C:\1.reg
2009-04-05 12:34 . 2009-04-05 12:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-05 12:34 . 2009-04-05 12:34 <DIR> d-------- c:\documents and settings\Olda\Data aplikací\Malwarebytes
2009-04-05 12:34 . 2009-04-05 12:34 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-04-05 12:34 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-05 12:34 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-03 22:28 . 2009-04-03 22:28 <DIR> d-------- c:\program files\ESET
2009-03-11 11:31 . 2009-03-11 11:31 <DIR> d-------- c:\program files\OLYMPUS
2009-03-11 11:29 . 2009-03-11 11:29 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-08 15:19 . 2009-03-08 15:19 <DIR> d-------- c:\documents and settings\LocalService\Plocha
2009-03-08 14:47 . 2009-03-08 14:47 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-08 14:47 . 2009-03-08 14:46 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-07 10:49 . 2007-10-04 09:13 66,048 --a------ c:\windows\ieResetIcons.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 15:00 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-04-01 18:12 --------- d-----w c:\documents and settings\Olda\Data aplikací\Skype
2009-04-01 14:02 --------- d-----w c:\documents and settings\Olda\Data aplikací\skypePM
2009-03-30 20:39 --------- d-----w c:\documents and settings\Olda\Data aplikací\uTorrent
2009-03-20 15:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-11 09:42 --------- d-----w c:\documents and settings\All Users\Data aplikací\Apple Computer
2009-03-08 10:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-07 08:47 --------- d-----w c:\program files\EACOM
2009-02-20 14:33 --------- d-----w c:\program files\Czech Soccer Manager 2002 FE
2009-02-10 16:01 --------- d-----w c:\program files\eMule
2009-02-09 14:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-12-19 20:55 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 20:55 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 20:55 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 20:55 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 20:55 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-12-10 14:55 952 --sha-w c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-07-26 180269]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "c:\progra~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Synchronizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 22:46 624248 z:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
--a------ 2008-05-26 20:13 57344 c:\program files\MarkAny\ContentSafer\MaAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-10-11 18:25 1961984 c:\program files\Nero\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2007-09-04 15:52 54576 c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-11-30 02:04 32768 c:\program files\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
--a------ 2007-02-23 17:32 126976 z:\program files\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-07-26 12:45 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"z:\\PÁJOŠ\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\Olda\\Plocha\\bulanci.exe"=
"z:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-08 64160]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2001-10-25 69120]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-11-23 16512]
S3 ati2mpaa;ati2mpaa;c:\windows\system32\drivers\ati2mpaa.sys [2007-07-25 281856]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 NtApm;Ovladač rozhraní služby NT Apm/Legacy;c:\windows\system32\drivers\NtApm.sys [2007-07-25 9472]
S3 Serenade;Serenade USB DFU Device;c:\windows\system32\drivers\Serenadedfu.sys [2006-11-09 14336]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\Drivers\usbVM305.sys --> c:\windows\system32\Drivers\usbVM305.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a243386-4110-11dc-8c6e-00e04ce9ea3a}]
\Shell\AutoRun\command - tmf3w3g0.com
\Shell\explore\Command - tmf3w3g0.com
\Shell\open\Command - tmf3w3g0.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78ccbfd4-74b7-11dc-8cdf-00e04ce9ea3a}]
\Shell\AutoRun\command - tmf3w3g0.com
\Shell\explore\Command - tmf3w3g0.com
\Shell\open\Command - tmf3w3g0.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9b17831-6432-11dc-8cb8-00e04ce9ea3a}]
\Shell\AutoRun\command - tmf3w3g0.com
\Shell\explore\Command - tmf3w3g0.com
\Shell\open\Command - tmf3w3g0.com
.
Obsah adresáře 'Naplánované úlohy'

2009-04-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-OEXPRESS - (no file)
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-AVG8_TRAY - z:\progra~1\AVG8\avgtray.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-BigDog305 - c:\windows\VM305_STI.EXE
MSConfigStartUp-Free Uploader Oe Integration - c:\program files\Free Download Manager\FUM\fumoei.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-QuickTime Update Completion 0 - c:\windows\system32\QuickTime\QuickTimeUpdateHelper.exe
MSConfigStartUp-QuickTime Update Completion 1 - c:\windows\system32\QuickTime\QuickTimeUpdateHelper.exe
MSConfigStartUp-QuickTime Update Completion 2 - c:\windows\system32\QuickTime\QuickTimeUpdateHelper.exe
MSConfigStartUp-SpybotSD TeaTimer - z:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SpywareTerminator - z:\program files\Spyware Terminator\SpywareTerminatorShield.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - z:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - z:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - z:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - z:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - z:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - z:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - z:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - z:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\Olda\Data aplikací\Mozilla\Firefox\Profiles\q2r6znme.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http:/seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 17:15:28
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,fd,f9,43,57,cd,
3b,75,c7,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,8e,ef,32,9f,1f,
3e,8d,bb,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,63,d6,f6,55,7b,
89,6d,79,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,70,60,6f,a7,9d,
e1,c4,4c,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,ab,91,5d,45,8d,
b3,5e,ae,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e7,c3,93,49,1d,
d9,56,12,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,d9,b6,2f,5f,41,
c9,de,50,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,5d,15,9b,d8,bf,
fe,f3,12,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,2a,89,07,8a,f2,
ad,b7,e8,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,e4,a9,44,c1,42,
b0,e8,6e,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,01,44,94,d8,d0,
95,5f,54,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,42,ba,f7,78,4e,
00,ad,34,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE03.00.00.01MSWINDOWS"="668EB15CB52590E5083FF3E4D1BC5FA7E7A3DA0B08F8754C05EF41DB4B3C80B202786FB7E0F5E6A6117451969F828C876E0FCD19A3E9A54BE9C49EF42DE427490419429FFDB5B0529212F85CCAD39DA3820C5588C1E0161F9C57D5C495F0365A63AB99692AA646F8FD689BC9BE970058ADA001C6B488E112DD0278B860F21E3F3C80289EE9DD881E65DA2CA44688A1771BE5A6F83361AA5F1332DBF1C84ECF414D7A627CA4C559B983E1E06812B5F7459E0ADB7754BE953C47EB984374BC40A0789082F4259A1F38328BB4433680787AAB4C7FCA97C8494C28C30CB667CA6910FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CA9C6AECB7A5D1407C038D530D6EB34523A8A8D4F6AE9F380BB10503D0F9C3606570F6058F38C5BD9AFAA2FCF011396AFCEE65081684437EE6951929CB338D343BF6B369769227A7602ECA572BD3C001F51D547CF56FB4B9AC44D59D49C1EC55A87D2E3DD1EFC4B0380BDB2870239B6D1108F697E8A34F06455129BA528559DB810CA000A1826CF9584B6AE291DB84EAB79626D84BD5F6D1BC2C18E839836F2BBD86863AC44FB8E3B8782B2A5C4BC5F84A4AECF0D8D448987DB92B317946B5EB78BD72D0BEF301273AAE29F808F9C842B4868D077FB0011E112CE49BD26F7FC71F0583E9FD048E933B2A9176FFB82DDE0449BF4D8EC025558FCD3D4073CAFF026F93CBE97FC1DA8E10642015C696E8D5816648377AA0EAA0E541520B82ABAE004386C96D36F5D635B31A689671C31BDBCE5F2884F623BE918F798B8C8A397F42E6264F5E9098BB670E4681EE13C73192A7A0E560FA6776F80E7F8EE66C4955ABB54B14E240C7C3FE474A97252562E4EB2C18EFD1BEA009CC64CE258710DD944370D775500A059A0EF56267EF35BB292D94CE0DA8B0AE9D5DAEC1B4D7D5CDD6821AE6F852F512283BEA827FCB4A0211D99CE08862A409C83A338F5EBD37BED7F6900629C960E268FF0AA0E6CB75CF1A8DE229761F7305311FAC05E157193AAC77A6CB19DCF2A8C741ABFCF10D3AB6FF48943B911A75F2072AF3C53ED85B288022E03CECDA7DD4FE4C170F3F0910FB8C77053ABFCA1B4E3980484E560754CD0F453F642B7A1C2BB98E56616D7326B40655C173FD08001D7FEAB17BC97D936206AAC9DA5A9F1597248F4F568542689CB9B8978D87D14F308A0531612067FAAE7AEF0F2AAB50206EA33548FADBA1514773A2982F0B6E0A2537E17C7B4E166486C93CC969232EF8D6E1EDA4B3EA0D89D3215DFE796741D07EE9D0A9586A1C21245EFDDC9B5B80D1E1BCB546607627F98BD82487BE9F3347EE007328E7E85FCECE01D37F47F285EC4620B01BF879FCDDE32DD6D38A134464A85468962260D33A401F7E0"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\*PNP0F03\1_0_21_0_31_0\LogConf]
@DACL=(02 0000)
"BootConfig"=hex(8):01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,01,00,00,
00,02,00,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(632)
c:\windows\system32\imon.dll
.
Celkový čas: 2009-04-05 17:20:44
ComboFix-quarantined-files.txt 2009-04-05 15:20:00

Před spuštěním: 818 896 896
Po spuštění: 1,070,145,536

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

262 --- E O F --- 2009-03-21 11:43:11

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\avexport.bat
C:\1.reg
c:\windows\system32\KGyGaAvL.sys

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a243386-4110-11dc-8c6e-00e04ce9ea3a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78ccbfd4-74b7-11dc-8cdf-00e04ce9ea3a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9b17831-6432-11dc-8cb8-00e04ce9ea3a}]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\drivers\Serenadedfu.sys
Vlož sem pak odkaz výsledku.