Prosííím o kontrolu, děkuji

Nori86 · Příspěvekod **Nori86** » 01 kvě 2009 19:04

Ahojte, mam jisto jiste zavirovany pc, do windosu se nemohu prihlasit, vubec se k prihlasovani nedostanu. Spustila jsem nouzovy rezim. Kdyz jeste windows sel program Spy emergency 2009 nasel ctyri infekce, viz obr. Mela jsem Aviru a Ashampoo. Avira se 4dny nemohla aktualizovat.... pak to slo do haje.. opera prestala fungovat a vubec jsem nemohla spustit Total Comanner, ani new instalaci... Aviru jsem tehdy odstranila a nainstalovala Comodo antivir.. ktery provedl scan, nasel Malware a resetoval PC,... po te se vse uz zkazilo a nemohla jsem se do windows dostat ...

Logfile of HijackThis v1.99.1
Scan saved at 4:48:19, on 1.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Vladka\Plocha\www\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency 2009\SpyEmergency.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Vladka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O8 - Extra context menu item: &Stáhnout s FlashGetem - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Stáhnout vše s FlashGetem - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí BitSpiritu - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Rodičovský... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Rodičovský... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CFC1806-6A63-444E-969D-94FF221EBF82}: NameServer = 77.48.95.1,77.48.95.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CFC1806-6A63-444E-969D-94FF221EBF82}: NameServer = 77.48.95.1,77.48.95.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CFC1806-6A63-444E-969D-94FF221EBF82}: NameServer = 77.48.95.1,77.48.95.5
O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOCUME~1\Vladka\LOCALS~1\Temp\AVSETUP_49f96dd4\basic\avupgsvc.exe" /TEMPSTART:""C:\DOCUME~1\Vladka\LOCALS~1\Temp\AVSETUP_49f96dd4\basic\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - Unknown owner - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2009\SpyEmergencySrv.exe

Reklama

Příspěvekod **jaro3** » 01 kvě 2009 19:20

Tohle je ale síla...

Odinstaluj:
AskBar
Ask Toolbar
DAEMON Tools Toolbar
Trojan Remover

Tvoje "ochrana PC":
Ad-Aware
Ashampoo FireWall
COMODO SafeSurf
Spy Emergency 2009
F-Secure Internet Security\Anti-Virus
Spyware Doctor
COMODO Internet Security

Nech jen jeden antivir a antispyware a jeden firewall, tedy ponechal bych buď F-Secure Internet Security\Anti-Virus nebo Spy Emergency 2009- vše ostatní odinstaluj..

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Pak nový log z HJT.
Stáhni si( raději nový , ten starý odinstaluj taky) Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Nori86 · Příspěvekod **Nori86** » 02 kvě 2009 14:26

Do windosu se dostanu, ale nemůžu se připojit na internet, síťový kabel je připojen hlásí bublina...

Malwarebytes' Anti-Malware 1.36
Verze databáze: 1945
Windows 5.1.2600 Service Pack 2

2.5.2009 7:19:31
mbam-log-2009-05-02 (07-19-31).txt

Typ skenu: Úplný sken (C:\|D:\|)
Objektu skenováno: 201505
Uplynulý cas: 26 minute(s), 58 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 3
Infikované složky: 1
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
C:\WINDOWS\system32\vntiho06 (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Příspěvekod **jaro3** » 02 kvě 2009 15:29

Ten nový log z HJT. Odinstaluj vše kromě F-Secure. a pak sem vlož log.

Nori86 · Příspěvekod **Nori86** » 02 kvě 2009 15:42

F-Secure v pc nemám, pamatuju se, že nešel odinstalovat, tak jsem to udělala pomocí delete. Jak s tím připojením na net? zde je log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:15, on 2.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Stáhnout s FlashGetem - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Stáhnout vše s FlashGetem - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí BitSpiritu - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CFC1806-6A63-444E-969D-94FF221EBF82}: NameServer = 77.48.95.1,77.48.95.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CFC1806-6A63-444E-969D-94FF221EBF82}: NameServer = 77.48.95.1,77.48.95.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CFC1806-6A63-444E-969D-94FF221EBF82}: NameServer = 77.48.95.1,77.48.95.5
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOCUME~1\Vladka\LOCALS~1\Temp\AVSETUP_49fb5741\basic\avupgsvc.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe (file missing)

--
End of file - 5386 bytes

Příspěvekod **jaro3** » 02 kvě 2009 18:30

Pak budeme muset všechny zbytky odstranit, i nákazy a poté opravit win+připojení..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Nori86 · Příspěvekod **Nori86** » 02 kvě 2009 20:15

Internet mi už jde... Poradíš mi vhodnou kombinaci antiviru a firewalu?
Jinak ti mooooooooc děkuji, sama bych to nikdy nezvládna, všechna čest.. :wink:

:worship:

ComboFix 09-05-01.1 - Vladka 02.05.2009 20:04.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1918.1579 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vladka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 080607-0] *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-04-02 do 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-05-02 11:18 . 2009-05-02 11:18 -------- d-----w C:\rsit
2009-05-02 06:19 . 2009-05-02 06:22 -------- d-----w c:\windows\system32\NtmsData
2009-05-01 05:04 . 2009-05-01 05:04 -------- d-----w c:\program files\CCleaner
2009-05-01 05:02 . 2009-05-01 05:02 -------- d-----w c:\program files\Trend Micro
2009-04-30 23:01 . 2009-05-01 04:08 -------- d-----w C:\327882R2FWJFW
2009-04-28 19:13 . 2009-05-01 04:18 -------- d-----w c:\program files\GoQ - NetRadio(2)
2009-04-23 10:07 . 2009-05-01 04:24 -------- d-----w c:\program files\rajce(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 16:11 . 2001-10-25 14:00 71900 ----a-w c:\windows\system32\perfc005.dat
2009-05-02 16:11 . 2001-10-25 14:00 396628 ----a-w c:\windows\system32\perfh005.dat
2009-05-02 07:41 . 2008-06-06 11:45 -------- d-----w c:\program files\uTorrent
2009-05-02 07:17 . 2008-12-11 11:01 -------- d-----w c:\program files\IDOS
2009-05-01 20:15 . 2008-10-16 07:55 642 ---h--r c:\windows\system32\ttri.dat
2009-05-01 20:15 . 2008-01-24 17:04 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-01 05:10 . 2008-01-25 23:22 -------- d-----w c:\program files\QIP
2009-05-01 04:43 . 2009-05-01 01:49 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 04:37 . 2008-02-27 08:48 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-01 04:27 . 2009-05-01 04:27 -------- d-----w c:\program files\City Interactive
2009-05-01 04:27 . 2009-05-01 04:27 -------- d-----w c:\program files\Wolfenstein - Enemy Territory
2009-05-01 04:22 . 2008-01-26 12:30 -------- d-----w c:\program files\Opera
2009-05-01 04:21 . 2009-05-01 04:20 -------- d-----w c:\program files\totalcmd
2009-05-01 04:20 . 2008-03-03 10:30 -------- d-----w c:\program files\QuickTime
2009-05-01 04:20 . 2009-05-01 04:18 -------- d-----w c:\program files\Spyware Terminator
2009-05-01 04:20 . 2009-05-01 04:20 -------- d-----w c:\program files\GoQ - NetRadio
2009-05-01 04:20 . 2009-05-01 04:18 -------- d-----w c:\program files\WinClamAVShield
2009-05-01 04:01 . 2009-05-01 01:53 -------- d-----w c:\program files\Spyware Doctor
2009-05-01 04:01 . 2009-05-01 01:53 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-01 01:50 . 2009-05-01 01:50 -------- d-----w c:\program files\InCode Solutions
2009-04-06 13:32 . 2009-05-01 04:43 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-05-01 04:43 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-28 15:31 . 2008-04-05 20:38 -------- d-----w c:\program files\Java
2009-03-24 12:25 . 2008-12-30 21:07 -------- d-----w c:\program files\ICQ6.5
2009-03-21 09:07 . 2008-02-16 18:53 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-21 09:06 . 2009-03-21 09:06 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-21 09:06 . 2009-03-21 09:05 107832 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-21 09:05 . 2009-03-21 09:05 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-21 09:05 . 2009-03-21 09:05 2250024 ----a-w c:\windows\system32\pbsvc.exe
2009-03-09 04:19 . 2008-12-26 14:10 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-07 13:16 . 2009-03-07 13:16 -------- d-----w c:\program files\Microsoft Games
.

------- Sigcheck -------

[7] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 21:14 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-05-02_16.19.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-02 18:02 . 2009-05-02 18:02 16384 c:\windows\temp\Perflib_Perfdata_7b4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sremcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GoQ - NetRadio\\GoQ.exe"=
"c:\\Program Files\\GoQ - NetRadio\\NetRadio.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Seznam\\Postak\\Postak.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Documents and Settings\\Vladka\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R3 cglptnt;cglptnt;c:\program files\totalcmd\cglptnt.sys [2007-09-05 7888]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\DRIVERS\gMouPS2.sys [2006-07-12 17408]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-06-07 141312]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]

.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Connection Wizard,ShellNext = iexplore
IE: &Stáhnout s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout vše s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout pomocí BitSpiritu - c:\program files\BitSpirit\bsurl.htm
IE: ÓĂ±ČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {0CFC1806-6A63-444E-969D-94FF221EBF82} = 77.48.95.1,77.48.95.5
FF - ProfilePath - c:\documents and settings\Vladka\Data aplikací\Mozilla\Firefox\Profiles\opfuo5jp.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 20:06
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-05-02 20:06
ComboFix-quarantined-files.txt 2009-05-02 18:06
ComboFix2.txt 2009-05-02 16:21

Před spuštěním: Volných bajtů: 18 172 121 088
Po spuštění: Volných bajtů: 18 167 754 752

138

Příspěvekod **jaro3** » 02 kvě 2009 21:12

Tak to dočistíme od "smetí"...

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\327882R2FWJFW
c:\windows\system32\drivers\sp_rsdrv2.sys

Folder::
c:\program files\Spyware Terminátor
c:\program files\WinClamAVShield
c:\program files\Spyware Doctor

Driver::
sp_rsdrv2

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

sc config sp_rsdrv2 start= disabled
sc stop sp_rsdrv2 
sc delete sp_rsdrv2

ulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.Otevře se Dosovské okno a zavře. Restartuj comp.

Pak si nainstaluj Aviru Free: (kostenfreies-zadarmo)
http://free-av.de/

A Spybot:
http://www.stahuj.centrum.cz/internet_a ... d-destroy/

Pokud brouzdáš na problematických stránkách , doporučuji ještě Firewall free: Kerio, Zone Alarm, Outpost atd.
Poté sem vlož ještě nový log z HJT , dočistíme...zítra...

Nori86 · Příspěvekod **Nori86** » 02 kvě 2009 22:00

Než dojdeš k logu, pls mohl bys napsat příkazy k odstranění: (u těchto programů a her nelze dát uninstal.. a klávesou delete to zrovna asi ideální není...
C:/program files/QIP
C:/program files/Mozilla Firefox
C:/program files/Wolfenstein - Enemy Territory
C:/program files/GoQ - NetRadio
C:/program files/GoQ - NetRadio(2)
C:/program files/City Interactive

Pak tady je log:

ComboFix 09-05-02.4 - Vladka 02.05.2009 21:26.7 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1918.1530 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vladka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Vladka\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090502-0] *On-access scanning disabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
FW: PC Tools Firewall Plus *disabled*

FILE ::
C:\327882R2FWJFW
c:\windows\system32\drivers\sp_rsdrv2.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Spyware Doctor
c:\program files\Spyware Doctor\alert.wav
c:\program files\Spyware Doctor\avdb\vdb.xml
c:\program files\Spyware Doctor\bpo-sdhelp.chm
c:\program files\Spyware Doctor\csi-sdhelp.chm
c:\program files\Spyware Doctor\csi-sdhelp_pr.chm
c:\program files\Spyware Doctor\ctr-sdhelp.chm
c:\program files\Spyware Doctor\cze-sdhelp.chm
c:\program files\Spyware Doctor\Czech.lng
c:\program files\Spyware Doctor\dan-sdhelp.chm
c:\program files\Spyware Doctor\Danish.lng
c:\program files\Spyware Doctor\deu-sdhelp.chm
c:\program files\Spyware Doctor\Deutsch.lng
c:\program files\Spyware Doctor\Dutch.lng
c:\program files\Spyware Doctor\eng-sdhelp.chm
c:\program files\Spyware Doctor\English.lng
c:\program files\Spyware Doctor\EnglishBritish.lng
c:\program files\Spyware Doctor\esp-sdhelp.chm
c:\program files\Spyware Doctor\euk-sdhelp.chm
c:\program files\Spyware Doctor\FileStorage.sdp
c:\program files\Spyware Doctor\fin-sdhelp.chm
c:\program files\Spyware Doctor\Finnish.lng
c:\program files\Spyware Doctor\fre-sdhelp.chm
c:\program files\Spyware Doctor\French.lng
c:\program files\Spyware Doctor\gre-sdhelp.chm
c:\program files\Spyware Doctor\Greek.lng
c:\program files\Spyware Doctor\history\syslog.dad
c:\program files\Spyware Doctor\history\syslog.das
c:\program files\Spyware Doctor\history\userlog.dad
c:\program files\Spyware Doctor\history\userlog.das
c:\program files\Spyware Doctor\homepage.url
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Czech.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Danish.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Deutsch.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Dutch.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_English.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_EnglishBritish.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Finnish.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_French.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Greek.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_ChineseSimp.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_ChineseTrad.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Italian.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Japanese.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Korean.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Norwegian.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Polski.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Portuguese.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_PortugueseBrazilian.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Russian.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Spanish.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Swedish.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Thai.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SD_Turkish.html
c:\program files\Spyware Doctor\html\SiteBlockResp_SDR_ChineseSimp.html
c:\program files\Spyware Doctor\ChineseSimp.lng
c:\program files\Spyware Doctor\ChineseTrad.lng
c:\program files\Spyware Doctor\IDBLib.sdp
c:\program files\Spyware Doctor\Immunizer.sdp
c:\program files\Spyware Doctor\ita-sdhelp.chm
c:\program files\Spyware Doctor\Italian.lng
c:\program files\Spyware Doctor\jap-sdhelp.chm
c:\program files\Spyware Doctor\Japanese.lng
c:\program files\Spyware Doctor\KDSInterface.txt
c:\program files\Spyware Doctor\klg.dat
c:\program files\Spyware Doctor\kor-sdhelp.chm
c:\program files\Spyware Doctor\Korean.lng
c:\program files\Spyware Doctor\Languages.xml
c:\program files\Spyware Doctor\Localizer.sdp
c:\program files\Spyware Doctor\LuLng\Czech.lng
c:\program files\Spyware Doctor\LuLng\Danish.lng
c:\program files\Spyware Doctor\LuLng\Deutsch.lng
c:\program files\Spyware Doctor\LuLng\Dutch.lng
c:\program files\Spyware Doctor\LuLng\English.lng
c:\program files\Spyware Doctor\LuLng\EnglishBritish.lng
c:\program files\Spyware Doctor\LuLng\Finnish.lng
c:\program files\Spyware Doctor\LuLng\French.lng
c:\program files\Spyware Doctor\LuLng\Greek.lng
c:\program files\Spyware Doctor\LuLng\ChineseSimp.lng
c:\program files\Spyware Doctor\LuLng\ChineseTrad.lng
c:\program files\Spyware Doctor\LuLng\Italian.lng
c:\program files\Spyware Doctor\LuLng\Japanese.lng
c:\program files\Spyware Doctor\LuLng\Korean.lng
c:\program files\Spyware Doctor\LuLng\Norwegian.lng
c:\program files\Spyware Doctor\LuLng\Polski.lng
c:\program files\Spyware Doctor\LuLng\Portuguese.lng
c:\program files\Spyware Doctor\LuLng\PortugueseBrazilian.lng
c:\program files\Spyware Doctor\LuLng\Russian.lng
c:\program files\Spyware Doctor\LuLng\Spanish.lng
c:\program files\Spyware Doctor\LuLng\Swedish.lng
c:\program files\Spyware Doctor\LuLng\Thai.lng
c:\program files\Spyware Doctor\LuLng\Turkish.lng
c:\program files\Spyware Doctor\ned-sdhelp.chm
c:\program files\Spyware Doctor\NetworkLayer\blacklistlsp.txt
c:\program files\Spyware Doctor\NetworkLayer\blacklistlsp.txt.sig
c:\program files\Spyware Doctor\NfyMan.sdp
c:\program files\Spyware Doctor\nor-sdhelp.chm
c:\program files\Spyware Doctor\Norwegian.lng
c:\program files\Spyware Doctor\PCToolsComponents.bpl
c:\program files\Spyware Doctor\plugins\Behavior.sdp
c:\program files\Spyware Doctor\plugins\Browsers.SDP
c:\program files\Spyware Doctor\plugins\cookie.sdp
c:\program files\Spyware Doctor\plugins\email.sdp
c:\program files\Spyware Doctor\plugins\grAV.sdp
c:\program files\Spyware Doctor\plugins\grfiles.SDP
c:\program files\Spyware Doctor\plugins\grImmunizer.SDP
c:\program files\Spyware Doctor\plugins\grregistry.SDP
c:\program files\Spyware Doctor\plugins\KLGuard.SDP
c:\program files\Spyware Doctor\plugins\Network.SDP
c:\program files\Spyware Doctor\plugins\Process.SDP
c:\program files\Spyware Doctor\plugins\ScriptEngine.SDP
c:\program files\Spyware Doctor\plugins\SDNET.SDP
c:\program files\Spyware Doctor\plugins\Site.sdp
c:\program files\Spyware Doctor\plugins\StartUp.SDP
c:\program files\Spyware Doctor\pol-sdhelp.chm
c:\program files\Spyware Doctor\Polski.lng
c:\program files\Spyware Doctor\por-sdhelp.chm
c:\program files\Spyware Doctor\Portuguese.lng
c:\program files\Spyware Doctor\PortugueseBrazilian.lng
c:\program files\Spyware Doctor\quarantine.sdp
c:\program files\Spyware Doctor\RebootManager.sdp
c:\program files\Spyware Doctor\rtl100.bpl
c:\program files\Spyware Doctor\rus-sdhelp.chm
c:\program files\Spyware Doctor\Russian.lng
c:\program files\Spyware Doctor\scaneng.sdp
c:\program files\Spyware Doctor\sdextra.sdp
c:\program files\Spyware Doctor\SDInfo.sdp
c:\program files\Spyware Doctor\sdnet\MANIFEST.1
c:\program files\Spyware Doctor\SDNetPlugin.txt
c:\program files\Spyware Doctor\sdSTasks.def
c:\program files\Spyware Doctor\Settings.sdp
c:\program files\Spyware Doctor\SOFactory.sdp
c:\program files\Spyware Doctor\Spanish.lng
c:\program files\Spyware Doctor\stasks.sdp
c:\program files\Spyware Doctor\SUErrorLog.txt
c:\program files\Spyware Doctor\swe-sdhelp.chm
c:\program files\Spyware Doctor\Swedish.lng
c:\program files\Spyware Doctor\SystemMonitor.sdp
c:\program files\Spyware Doctor\tha-sdhelp.chm
c:\program files\Spyware Doctor\Thai.lng
c:\program files\Spyware Doctor\TransactionResults\Transaction1.xml
c:\program files\Spyware Doctor\TransactionResults\Transaction2.xml
c:\program files\Spyware Doctor\TransactionResults\Transaction3.xml
c:\program files\Spyware Doctor\TransactionResults\Transaction4.xml
c:\program files\Spyware Doctor\TransactionResults\Transaction5.xml
c:\program files\Spyware Doctor\tur-sdhelp.chm
c:\program files\Spyware Doctor\Turkish.lng
c:\program files\Spyware Doctor\ugLng\Czech.lng
c:\program files\Spyware Doctor\ugLng\Danish.lng
c:\program files\Spyware Doctor\ugLng\Deutsch.lng
c:\program files\Spyware Doctor\ugLng\Dutch.lng
c:\program files\Spyware Doctor\ugLng\English.lng
c:\program files\Spyware Doctor\ugLng\EnglishBritish.lng
c:\program files\Spyware Doctor\ugLng\Finnish.lng
c:\program files\Spyware Doctor\ugLng\French.lng
c:\program files\Spyware Doctor\ugLng\Greek.lng
c:\program files\Spyware Doctor\ugLng\ChineseSimp.lng
c:\program files\Spyware Doctor\ugLng\ChineseTrad.lng
c:\program files\Spyware Doctor\ugLng\Italian.lng
c:\program files\Spyware Doctor\ugLng\Japanese.lng
c:\program files\Spyware Doctor\ugLng\Korean.lng
c:\program files\Spyware Doctor\ugLng\Norwegian.lng
c:\program files\Spyware Doctor\ugLng\Polski.lng
c:\program files\Spyware Doctor\ugLng\Portuguese.lng
c:\program files\Spyware Doctor\ugLng\PortugueseBrazilian.lng
c:\program files\Spyware Doctor\ugLng\Russian.lng
c:\program files\Spyware Doctor\ugLng\Spanish.lng
c:\program files\Spyware Doctor\ugLng\Swedish.lng
c:\program files\Spyware Doctor\ugLng\Thai.lng
c:\program files\Spyware Doctor\ugLng\Turkish.lng
c:\program files\Spyware Doctor\ugLng\Ukrainian.lng
c:\program files\Spyware Doctor\unins000.dat
c:\program files\Spyware Doctor\unins000.msg
c:\program files\Spyware Doctor\vcl100.bpl
c:\program files\Spyware Doctor\whitelist.sdp
c:\program files\WinClamAVShield
c:\program files\WinClamAVShield\clamav.dll
c:\program files\WinClamAVShield\ClamAVServer.dll
c:\program files\WinClamAVShield\libclamav.dll
c:\program files\WinClamAVShield\libclamunrar.dll
c:\program files\WinClamAVShield\libclamunrar_iface.dll
c:\program files\WinClamAVShield\Microsoft.VC80.CRT.manifest
c:\program files\WinClamAVShield\msvcm80.dll
c:\program files\WinClamAVShield\msvcp80.dll
c:\program files\WinClamAVShield\msvcr80.dll
c:\program files\WinClamAVShield\Sp_clamsrv.exe
c:\windows\system32\drivers\sp_rsdrv2.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SP_RSDRV2
-------\Service_sp_rsdrv2

((((((((((((((((((((((((( Soubory vytvořené od 2009-04-02 do 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-05-02 18:39 . 2009-02-23 08:11 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-02 18:39 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-02 18:39 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-02 18:39 . 2008-09-22 10:29 97408 ----a-w c:\windows\system32\drivers\pctfw.sys
2009-05-02 18:39 . 2009-01-21 08:38 95640 ----a-w c:\windows\system32\drivers\pctplfw.sys
2009-05-02 18:39 . 2009-05-02 19:12 -------- d-----w c:\program files\PC Tools Firewall Plus
2009-05-02 18:38 . 2009-05-02 18:38 -------- d-----w c:\program files\Google
2009-05-02 18:32 . 2003-03-18 19:20 1060864 ----a-w c:\windows\system32\MFC71.dll
2009-05-02 18:32 . 2009-05-02 18:32 -------- d-----w c:\program files\Alwil Software
2009-05-02 17:59 . 2009-05-02 17:59 -------- d-----w C:\_OTMoveIt
2009-05-02 11:18 . 2009-05-02 11:18 -------- d-----w C:\rsit
2009-05-02 06:19 . 2009-05-02 06:22 -------- d-----w c:\windows\system32\NtmsData
2009-05-01 05:04 . 2009-05-01 05:04 -------- d-----w c:\program files\CCleaner
2009-05-01 05:02 . 2009-05-01 05:02 -------- d-----w c:\program files\Trend Micro
2009-05-01 04:43 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 04:43 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 04:27 . 2009-05-01 04:27 -------- d-----w c:\program files\City Interactive
2009-05-01 04:27 . 2009-05-01 04:27 -------- d-----w c:\program files\Wolfenstein - Enemy Territory
2009-05-01 04:20 . 2009-05-01 04:20 -------- d-----w c:\program files\GoQ - NetRadio
2009-05-01 04:20 . 2009-05-01 04:21 -------- d-----w c:\program files\totalcmd
2009-05-01 04:18 . 2009-05-02 18:26 -------- d-----w c:\program files\Spyware Terminator
2009-05-01 01:53 . 2009-05-02 18:39 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-01 01:50 . 2009-05-01 01:50 -------- d-----w c:\program files\InCode Solutions
2009-05-01 01:49 . 2009-05-01 04:43 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 23:01 . 2009-05-01 04:08 -------- d-----w C:\327882R2FWJFW
2009-04-28 19:13 . 2009-05-01 04:18 -------- d-----w c:\program files\GoQ - NetRadio(2)
2009-04-23 10:07 . 2009-05-01 04:24 -------- d-----w c:\program files\rajce(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 19:28 . 2008-01-24 16:19 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-02 18:35 . 2009-01-27 16:08 -------- d-----w c:\program files\Crawler
2009-05-02 16:53 . 2009-04-29 10:55 924 ----a-w c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1425521274-839522115-1003.job
2009-05-02 16:11 . 2001-10-25 14:00 71900 ----a-w c:\windows\system32\perfc005.dat
2009-05-02 16:11 . 2001-10-25 14:00 396628 ----a-w c:\windows\system32\perfh005.dat
2009-05-02 07:41 . 2008-06-06 11:45 -------- d-----w c:\program files\uTorrent
2009-05-02 07:17 . 2008-12-11 11:01 -------- d-----w c:\program files\IDOS
2009-05-01 20:15 . 2008-10-16 07:55 642 ---h--r c:\windows\system32\ttri.dat
2009-05-01 20:15 . 2008-01-24 17:04 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-01 05:10 . 2008-01-25 23:22 -------- d-----w c:\program files\QIP
2009-05-01 04:37 . 2008-02-27 08:48 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-01 04:22 . 2008-01-26 12:30 -------- d-----w c:\program files\Opera
2009-05-01 04:20 . 2008-03-03 10:30 -------- d-----w c:\program files\QuickTime
2009-03-28 15:31 . 2008-04-05 20:38 -------- d-----w c:\program files\Java
2009-03-24 12:25 . 2008-12-30 21:07 -------- d-----w c:\program files\ICQ6.5
2009-03-21 09:07 . 2008-02-16 18:53 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-21 09:06 . 2009-03-21 09:06 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-21 09:06 . 2009-03-21 09:05 107832 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-21 09:05 . 2009-03-21 09:05 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-21 09:05 . 2009-03-21 09:05 2250024 ----a-w c:\windows\system32\pbsvc.exe
2009-03-09 04:19 . 2008-12-26 14:10 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-07 13:16 . 2009-03-07 13:16 -------- d-----w c:\program files\Microsoft Games
.

------- Sigcheck -------

[7] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 21:14 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-05-02_16.19.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-02 19:11 . 2009-05-02 19:11 16384 c:\windows\temp\Perflib_Perfdata_b0.dat
+ 2009-05-02 19:29 . 2009-05-02 19:29 16384 c:\windows\temp\Perflib_Perfdata_7f8.dat
+ 2009-05-02 19:29 . 2009-05-02 19:29 16384 c:\windows\temp\Perflib_Perfdata_33c.dat
+ 2009-05-02 18:33 . 2009-02-05 20:06 51376 c:\windows\system32\drivers\aswTdi.sys
+ 2009-05-02 18:33 . 2009-02-05 20:06 23152 c:\windows\system32\drivers\aswRdr.sys
+ 2009-05-02 18:33 . 2009-02-05 20:08 94032 c:\windows\system32\drivers\aswmon2.sys
+ 2009-05-02 18:33 . 2009-02-05 20:08 93296 c:\windows\system32\drivers\aswmon.sys
+ 2009-05-02 18:33 . 2009-02-05 20:07 20560 c:\windows\system32\drivers\aswFsBlk.sys
+ 2009-05-02 18:33 . 2009-02-05 20:05 26944 c:\windows\system32\drivers\aavmker4.sys
+ 2009-05-02 18:33 . 2009-02-05 20:04 97480 c:\windows\system32\AvastSS.scr
- 2008-01-24 00:03 . 2009-03-09 05:59 118952 c:\windows\system32\FNTCACHE.DAT
+ 2008-01-24 00:03 . 2009-05-02 19:11 118952 c:\windows\system32\FNTCACHE.DAT
+ 2009-05-02 18:33 . 2009-02-05 20:07 114768 c:\windows\system32\drivers\aswSP.sys
+ 2009-05-02 18:32 . 2009-02-05 20:11 1256296 c:\windows\system32\aswBoot.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-08-21 1783808]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sremcon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GoQ - NetRadio\\GoQ.exe"=
"c:\\Program Files\\GoQ - NetRadio\\NetRadio.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Seznam\\Postak\\Postak.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Documents and Settings\\Vladka\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R3 cglptnt;cglptnt;c:\program files\totalcmd\cglptnt.sys [2007-09-05 7888]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\DRIVERS\gMouPS2.sys [2006-07-12 17408]
S1 aswSP;avast! Self Protection; [x]
S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2008-12-11 159600]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2008-12-18 73840]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-01-21 95640]
S3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-03 69120]

.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Connection Wizard,ShellNext = iexplore
IE: &Stáhnout s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout vše s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout pomocí BitSpiritu - c:\program files\BitSpirit\bsurl.htm
IE: ÓĂ±ČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {0CFC1806-6A63-444E-969D-94FF221EBF82} = 77.48.95.1,77.48.95.5
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Vladka\Data aplikací\Mozilla\Firefox\Profiles\opfuo5jp.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 21:30
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2009-05-02 21:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-05-02 19:31
ComboFix2.txt 2009-05-02 18:07
ComboFix3.txt 2009-05-02 16:21

Před spuštěním: Volných bajtů: 17 893 482 496
Po spuštění: Volných bajtů: 17 940 086 784

383

Příspěvekod **jaro3** » 02 kvě 2009 22:17

Dost dobře nechápu, chceš se zbavit:
C:/program files/QIP
C:/program files/Mozilla Firefox
C:/program files/Wolfenstein - Enemy Territory
C:/program files/GoQ - NetRadio
C:/program files/GoQ - NetRadio(2)
C:/program files/City Interactive
??
Co přes přidat/odebrat programy to nejde?

Nori86 · Příspěvekod **Nori86** » 02 kvě 2009 22:30

Ne přes Přidat/Odebrat to nelze. Většinou je to že, neexistuje instal.log, unins000.dat nebo se nic neděje... :lookround:

Příspěvekod **jaro3** » 02 kvě 2009 22:52

No to radost...
Spusť HJT
Klikni na config tlačítko.
klikni na Misc Tools
Klikni na open Uninstall manager
Ty , které chceš odstranit tak klikni na delete this entry
Budeme pokračovat zítra..

Prosííím o kontrolu, děkuji

Prosííím o kontrolu, děkuji

Re: Prosííím o kontrolu, děkuji

Re: Prosííím o kontrolu, děkuji

Re: Prosííím o kontrolu, děkuji

Re: Prosííím o kontrolu, děkuji

Re: Prosííím o kontrolu, děkuji

Re: Prosííím o kontrolu, děkuji

Re: Prosííím o kontrolu, děkuji

Re: Prosííím o kontrolu, děkuji

Re: Prosííím o kontrolu, děkuji

Re: Prosííím o kontrolu, děkuji

Re: Prosííím o kontrolu, děkuji

Kdo je online