PC-HELP.CZ

mohl by to někdo zkouknou prosím
Lukas
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15:28, on 9.8.2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\ntvdm.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\windows\ld12.exe
G:\Spyware Terminator\SpywareTerminatorShield.exe
D:\WINDOWS\System32\ctfmon.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
D:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
D:\Program Files\ICQ6Toolbar\ICQ Service.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\System32\PnkBstrA.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Administrator\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F3 - REG:win.ini: load=awintabf.exe
O1 - Hosts: 78.46.129.168 en.wikipedia.org
O1 - Hosts: 78.46.129.168 ru.wikipedia.org
O1 - Hosts: 78.46.129.168 http://www.wikipedia.org
O1 - Hosts: 78.46.129.168 http://www.rxlist.com
O1 - Hosts: 78.46.129.168 rxlist.com
O1 - Hosts: 78.46.129.168 http://www.youtube.com
O1 - Hosts: 78.46.129.168 youtube.com
O1 - Hosts: 78.46.129.168 http://www.viagra.com
O1 - Hosts: 78.46.129.168 viagra.com
O1 - Hosts: 78.46.129.168 http://www.adultswim.com
O1 - Hosts: 78.46.129.168 adultswim.com
O1 - Hosts: 78.46.129.168 http://www.adultperiod.com
O1 - Hosts: 78.46.129.168 adultperiod.com
O1 - Hosts: 78.46.129.168 fishki.net
O1 - Hosts: 78.46.129.168 http://www.fishki.net
O1 - Hosts: 78.46.129.168 foto.mail.ru
O1 - Hosts: 78.46.129.168 go.mail.ru
O1 - Hosts: 78.46.129.168 my.mail.ru
O1 - Hosts: 78.46.129.168 vkontakte.ru
O1 - Hosts: 78.46.129.168 http://www.vkontakte.ru
O1 - Hosts: 78.46.129.168 http://www.vkontakte.com
O1 - Hosts: 78.46.129.168 vkontakte.com
O1 - Hosts: 78.46.129.168 news.mail.ru
O1 - Hosts: 78.46.129.168 http://www.livejournal.com
O1 - Hosts: 78.46.129.168 livejournal.com
O1 - Hosts: 78.46.129.168 http://www.gismeteo.ru
O1 - Hosts: 78.46.129.168 gismeteo.ru
O1 - Hosts: 78.46.129.168 mail.ru
O1 - Hosts: 78.46.129.168 love.mail.ru
O1 - Hosts: 78.46.129.168 dating.ru
O1 - Hosts: 78.46.129.168 http://www.videoklas.ru
O1 - Hosts: 78.46.129.168 http://www.24open.ru
O1 - Hosts: 78.46.129.168 http://www.dating.lt
O1 - Hosts: 78.46.129.168 dating.lt
O1 - Hosts: 78.46.129.168 protoplex.ru
O1 - Hosts: 78.46.129.168 samlab.ws
O1 - Hosts: 78.46.129.168 http://www.2baksa.net
O1 - Hosts: 78.46.129.168 2baksa.net
O1 - Hosts: 78.46.129.168 http://www.gismeteo.ua
O1 - Hosts: 78.46.129.168 gismeteo.ua
O1 - Hosts: 78.46.129.168 podrobnosti.ua
O1 - Hosts: 78.46.129.168 http://www.webgari.com
O1 - Hosts: 78.46.129.168 webgari.com
O1 - Hosts: 78.46.129.168 segodnya.ua
O1 - Hosts: 78.46.129.168 http://www.kmindex.ru
O1 - Hosts: 78.46.129.168 http://www.marketgid.com
O1 - Hosts: 78.46.129.168 alive.org.ua
O1 - Hosts: 78.46.129.168 upload.com.ua
O1 - Hosts: 78.46.129.168 icq.com
O1 - Hosts: 78.46.129.168 qip.com
O1 - Hosts: 78.46.129.168 qip.ru
O1 - Hosts: 78.46.129.168 microsoft.com
O1 - Hosts: 78.46.129.168 http://www.esetnod32.ru
O1 - Hosts: 78.46.129.168 http://www.kaspersky.ru
O1 - Hosts: 78.46.129.168 http://www.drweb.com
O1 - Hosts: 78.46.129.168 news.softodrom.ru
O1 - Hosts: 78.46.129.168 http://www.avsoft.ru
O1 - Hosts: 78.46.129.168 biblprog.org.ua
O1 - Hosts: 78.46.129.168 help-antivirus.ru
O1 - Hosts: 78.46.129.168 http://www.virustotal.com
O1 - Hosts: 78.46.129.168 virustotal.com
O1 - Hosts: 78.46.129.168 http://www.securitylab.ru
O1 - Hosts: 78.46.129.168 stopvirus.com.ua
O1 - Hosts: 78.46.129.168 http://www.free-av.com
O1 - Hosts: 78.46.129.168 http://www.avast.com
O1 - Hosts: 78.46.129.168 rapidshare.com
O1 - Hosts: 78.46.129.168 http://www.rapidshare.com
O1 - Hosts: 78.46.129.168 ukr.net
O1 - Hosts: 78.46.129.168 bigmir.net
O1 - Hosts: 78.46.129.168 meta.ua
O1 - Hosts: 78.46.129.168 korrespondent.net
O1 - Hosts: 78.46.129.168 pravda.com.ua
O1 - Hosts: 78.46.129.168 i.ua
O1 - Hosts: 78.46.129.168 online.ua
O1 - Hosts: 78.46.129.168 oboz.ua
O1 - Hosts: 78.46.129.168 http://www.ukr.net
O1 - Hosts: 78.46.129.168 http://www.bigmir.net
O1 - Hosts: 78.46.129.168 http://www.meta.ua
O1 - Hosts: 78.46.129.168 http://www.korrespondent.net
O1 - Hosts: 78.46.129.168 http://www.pravda.com.ua
O1 - Hosts: 78.46.129.168 http://www.i.ua
O1 - Hosts: 78.46.129.168 http://www.online.ua
O1 - Hosts: 78.46.129.168 http://www.oboz.ua
O1 - Hosts: 78.46.129.168 gogo.ru
O1 - Hosts: 78.46.129.168 http://www.gogo.ru
O1 - Hosts: 78.46.129.168 http://www.yandex.ru
O1 - Hosts: 78.46.129.168 yandex.ru
O1 - Hosts: 78.46.129.168 yahoo.com
O1 - Hosts: 78.46.129.168 http://www.yahoo.com
O1 - Hosts: 78.46.129.168 bing.com
O1 - Hosts: 78.46.129.168 http://www.bing.com
O1 - Hosts: 78.46.129.168 aport.com
O1 - Hosts: 78.46.129.168 http://www.aport.com
O1 - Hosts: 78.46.129.168 bing.ru
O1 - Hosts: 78.46.129.168 http://www.bing.ru
O1 - Hosts: 78.46.129.168 aport.ru
O1 - Hosts: 78.46.129.168 http://www.aport.ru
O1 - Hosts: 78.46.129.168 21150.com
O1 - Hosts: 78.46.129.168 3576.net
O1 - Hosts: 78.46.129.168 38389438.com
O1 - Hosts: 78.46.129.168 466453.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe
O4 - HKLM\..\Run: [SpywareTerminator] "G:\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "D:\WINDOWS\TEMP\E_SB1.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Media Card Companion Monitor.lnk = D:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4131526296
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://66.117.37.13/cza2218.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://66.117.37.13/cza2218.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DF8107D-203D-4EB8-AF0A-047DAB41444D}: NameServer = 85.255.114.37,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5D152D9-7AD0-4E6F-BCB8-79D8DF1D3759}: NameServer = 85.255.114.37,85.255.112.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.37 85.255.112.13
O17 - HKLM\System\CS1\Services\Tcpip\..\{8DF8107D-203D-4EB8-AF0A-047DAB41444D}: NameServer = 85.255.114.37,85.255.112.13
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.37 85.255.112.13
O17 - HKLM\System\CS2\Services\Tcpip\..\{8DF8107D-203D-4EB8-AF0A-047DAB41444D}: NameServer = 85.255.114.37,85.255.112.13
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.37 85.255.112.13
O17 - HKLM\System\CS3\Services\Tcpip\..\{8DF8107D-203D-4EB8-AF0A-047DAB41444D}: NameServer = 85.255.114.37,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.37 85.255.112.13
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ICQ Service - Unknown owner - D:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - D:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\System32\PnkBstrA.exe

--
End of file - 11826 bytes

CTRL+ALT+DEL a v procesech vypni ld12.exe.
Odinstaluj si ICQ6 Toolbar a Javu.
*****************************************************************************************************************************************
Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F3 - REG:win.ini: load=awintabf.exe
O1 - Hosts: 78.46.129.168 en.wikipedia.org
O1 - Hosts: 78.46.129.168 ru.wikipedia.org
O1 - Hosts: 78.46.129.168 http://www.wikipedia.org
O1 - Hosts: 78.46.129.168 http://www.rxlist.com
O1 - Hosts: 78.46.129.168 rxlist.com
O1 - Hosts: 78.46.129.168 http://www.youtube.com
O1 - Hosts: 78.46.129.168 youtube.com
O1 - Hosts: 78.46.129.168 http://www.viagra.com
O1 - Hosts: 78.46.129.168 viagra.com
O1 - Hosts: 78.46.129.168 http://www.adultswim.com
O1 - Hosts: 78.46.129.168 adultswim.com
O1 - Hosts: 78.46.129.168 http://www.adultperiod.com
O1 - Hosts: 78.46.129.168 adultperiod.com
O1 - Hosts: 78.46.129.168 fishki.net
O1 - Hosts: 78.46.129.168 http://www.fishki.net
O1 - Hosts: 78.46.129.168 foto.mail.ru
O1 - Hosts: 78.46.129.168 go.mail.ru
O1 - Hosts: 78.46.129.168 my.mail.ru
O1 - Hosts: 78.46.129.168 vkontakte.ru
O1 - Hosts: 78.46.129.168 http://www.vkontakte.ru
O1 - Hosts: 78.46.129.168 http://www.vkontakte.com
O1 - Hosts: 78.46.129.168 vkontakte.com
O1 - Hosts: 78.46.129.168 news.mail.ru
O1 - Hosts: 78.46.129.168 http://www.livejournal.com
O1 - Hosts: 78.46.129.168 livejournal.com
O1 - Hosts: 78.46.129.168 http://www.gismeteo.ru
O1 - Hosts: 78.46.129.168 gismeteo.ru
O1 - Hosts: 78.46.129.168 mail.ru
O1 - Hosts: 78.46.129.168 love.mail.ru
O1 - Hosts: 78.46.129.168 dating.ru
O1 - Hosts: 78.46.129.168 http://www.videoklas.ru
O1 - Hosts: 78.46.129.168 http://www.24open.ru
O1 - Hosts: 78.46.129.168 http://www.dating.lt
O1 - Hosts: 78.46.129.168 dating.lt
O1 - Hosts: 78.46.129.168 protoplex.ru
O1 - Hosts: 78.46.129.168 samlab.ws
O1 - Hosts: 78.46.129.168 http://www.2baksa.net
O1 - Hosts: 78.46.129.168 2baksa.net
O1 - Hosts: 78.46.129.168 http://www.gismeteo.ua
O1 - Hosts: 78.46.129.168 gismeteo.ua
O1 - Hosts: 78.46.129.168 podrobnosti.ua
O1 - Hosts: 78.46.129.168 http://www.webgari.com
O1 - Hosts: 78.46.129.168 webgari.com
O1 - Hosts: 78.46.129.168 segodnya.ua
O1 - Hosts: 78.46.129.168 http://www.kmindex.ru
O1 - Hosts: 78.46.129.168 http://www.marketgid.com
O1 - Hosts: 78.46.129.168 alive.org.ua
O1 - Hosts: 78.46.129.168 upload.com.ua
O1 - Hosts: 78.46.129.168 icq.com
O1 - Hosts: 78.46.129.168 qip.com
O1 - Hosts: 78.46.129.168 qip.ru
O1 - Hosts: 78.46.129.168 microsoft.com
O1 - Hosts: 78.46.129.168 http://www.esetnod32.ru
O1 - Hosts: 78.46.129.168 http://www.kaspersky.ru
O1 - Hosts: 78.46.129.168 http://www.drweb.com
O1 - Hosts: 78.46.129.168 news.softodrom.ru
O1 - Hosts: 78.46.129.168 http://www.avsoft.ru
O1 - Hosts: 78.46.129.168 biblprog.org.ua
O1 - Hosts: 78.46.129.168 help-antivirus.ru
O1 - Hosts: 78.46.129.168 http://www.virustotal.com
O1 - Hosts: 78.46.129.168 virustotal.com
O1 - Hosts: 78.46.129.168 http://www.securitylab.ru
O1 - Hosts: 78.46.129.168 stopvirus.com.ua
O1 - Hosts: 78.46.129.168 http://www.free-av.com
O1 - Hosts: 78.46.129.168 http://www.avast.com
O1 - Hosts: 78.46.129.168 rapidshare.com
O1 - Hosts: 78.46.129.168 http://www.rapidshare.com
O1 - Hosts: 78.46.129.168 ukr.net
O1 - Hosts: 78.46.129.168 bigmir.net
O1 - Hosts: 78.46.129.168 meta.ua
O1 - Hosts: 78.46.129.168 korrespondent.net
O1 - Hosts: 78.46.129.168 pravda.com.ua
O1 - Hosts: 78.46.129.168 i.ua
O1 - Hosts: 78.46.129.168 online.ua
O1 - Hosts: 78.46.129.168 oboz.ua
O1 - Hosts: 78.46.129.168 http://www.ukr.net
O1 - Hosts: 78.46.129.168 http://www.bigmir.net
O1 - Hosts: 78.46.129.168 http://www.meta.ua
O1 - Hosts: 78.46.129.168 http://www.korrespondent.net
O1 - Hosts: 78.46.129.168 http://www.pravda.com.ua
O1 - Hosts: 78.46.129.168 http://www.i.ua
O1 - Hosts: 78.46.129.168 http://www.online.ua
O1 - Hosts: 78.46.129.168 http://www.oboz.ua
O1 - Hosts: 78.46.129.168 gogo.ru
O1 - Hosts: 78.46.129.168 http://www.gogo.ru
O1 - Hosts: 78.46.129.168 http://www.yandex.ru
O1 - Hosts: 78.46.129.168 yandex.ru
O1 - Hosts: 78.46.129.168 yahoo.com
O1 - Hosts: 78.46.129.168 http://www.yahoo.com
O1 - Hosts: 78.46.129.168 bing.com
O1 - Hosts: 78.46.129.168 http://www.bing.com
O1 - Hosts: 78.46.129.168 aport.com
O1 - Hosts: 78.46.129.168 http://www.aport.com
O1 - Hosts: 78.46.129.168 bing.ru
O1 - Hosts: 78.46.129.168 http://www.bing.ru
O1 - Hosts: 78.46.129.168 aport.ru
O1 - Hosts: 78.46.129.168 http://www.aport.ru
O1 - Hosts: 78.46.129.168 21150.com
O1 - Hosts: 78.46.129.168 3576.net
O1 - Hosts: 78.46.129.168 38389438.com
O1 - Hosts: 78.46.129.168 466453.com
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe (file missing)
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://66.117.37.13/cza2218.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://66.117.37.13/cza2218.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DF8107D-203D-4EB8-AF0A-047DAB41444D}: NameServer = 85.255.114.37,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5D152D9-7AD0-4E6F-BCB8-79D8DF1D3759}: NameServer = 85.255.114.37,85.255.112.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.37 85.255.112.13
O17 - HKLM\System\CS1\Services\Tcpip\..\{8DF8107D-203D-4EB8-AF0A-047DAB41444D}: NameServer = 85.255.114.37,85.255.112.13
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.37 85.255.112.13
O17 - HKLM\System\CS2\Services\Tcpip\..\{8DF8107D-203D-4EB8-AF0A-047DAB41444D}: NameServer = 85.255.114.37,85.255.112.13
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.37 85.255.112.13
O17 - HKLM\System\CS3\Services\Tcpip\..\{8DF8107D-203D-4EB8-AF0A-047DAB41444D}: NameServer = 85.255.114.37,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.37 85.255.112.13
O23 - Service: ICQ Service - Unknown owner - D:\Program Files\ICQ6Toolbar\ICQ Service.exe
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

díky za pomoc odpoledne na to vlítnu a zkusím to
Lukas

Jdi a dej vědět.

tak tady je ten log z malware
javu a icq toolbar jsem snad odinstaloval ale to ld12.exe v procesech??nevím nenašel jsem :blush:

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2590
Windows 5.1.2600 Service Pack 1

10.8.2009 17:09:28
mbam-log-2009-08-10 (17-09-20).txt

Typ skenu: Rychlý sken
Objektu skenováno: 83418
Uplynulý cas: 5 minute(s), 56 second(s)

Infikované procesy pameti: 1
Infikované pametové moduly: 0
Infikované klíce registru: 8
Infikované hodnoty registru: 2
Infikované položky dat registru: 13
Infikované složky: 1
Infikované soubory: 15

Infikované procesy pameti:
C:\WINDOWS\ld12.exe (Worm.Koobface) -> No action taken.

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.TDSS) -> No action taken.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Worm.Koobface) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> No action taken.

Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e5d152d9-7ad0-4e6f-bcb8-79d8df1d3759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.37,85.255.112.13 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e5d152d9-7ad0-4e6f-bcb8-79d8df1d3759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.37,85.255.112.13 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e5d152d9-7ad0-4e6f-bcb8-79d8df1d3759}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.37,85.255.112.13 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{e5d152d9-7ad0-4e6f-bcb8-79d8df1d3759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.37,85.255.112.13 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e5d152d9-7ad0-4e6f-bcb8-79d8df1d3759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.37,85.255.112.13 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{e5d152d9-7ad0-4e6f-bcb8-79d8df1d3759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.37,85.255.112.13 -> No action taken.

Infikované složky:
D:\Program Files\NetProject (Trojan.Zlob) -> No action taken.

Infikované soubory:
C:\WINDOWS\ld12.exe (Worm.Koobface) -> No action taken.
D:\WINDOWS\system32\drivers\etc\hosts.exe (Trojan.KillAV) -> No action taken.
D:\Documents and Settings\Administrator\Local Settings\Temp\a.exe (Trojan.Downloader) -> No action taken.
D:\WINDOWS\install.exe (Trojan.TDSS) -> No action taken.
D:\WINDOWS\file.exe (Trojan.TDSS) -> No action taken.
D:\WINDOWS\loadernew.exe (Trojan.TDSS) -> No action taken.
D:\Documents and Settings\All Users\Plocha\Online Security Guide.url (Rogue.Link) -> No action taken.
D:\Documents and Settings\All Users\Nabídka Start\Online Security Guide.url (Rogue.Link) -> No action taken.
D:\Documents and Settings\All Users\Nabídka Start\Security Troubleshooting.url (Rogue.Link) -> No action taken.
D:\WINDOWS\system32\AVR09.exe (Adware.AdvancedVirusRemover) -> No action taken.
D:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> No action taken.
D:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> No action taken.
D:\WINDOWS\system32\winhelper.dll (Trojan.FakeAlert) -> No action taken.
D:\Documents and Settings\Administrator\Local Settings\Temp\zs0.exe (Trojan.Zlob) -> No action taken.
D:\WINDOWS\prxid93ps.dat (Malware.Trace) -> No action taken.

jinak to připojení se trochu rozchodilo-půlka ip adres v konfiguraci připojení chyběla takže to fakalo a nefakalo,když jsem je doplnil tak se připojim kamkoliv
Lukas

Je tam Trojan DNS.Changer (Tojan.TDSServ), takže ti to půjde než se vzpamatuje.
Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

tady je log z malware po odstranění

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2590
Windows 5.1.2600 Service Pack 1

10.8.2009 18:26:38
mbam-log-2009-08-10 (18-26-38).txt

Typ skenu: Rychlý sken
Objektu skenováno: 83421
Uplynulý cas: 5 minute(s), 47 second(s)

Infikované procesy pameti: 1
Infikované pametové moduly: 0
Infikované klíce registru: 8
Infikované hodnoty registru: 2
Infikované položky dat registru: 13
Infikované složky: 1
Infikované soubory: 15

Infikované procesy pameti:
C:\WINDOWS\ld12.exe (Worm.Koobface) -> Unloaded process successfully.

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Worm.Koobface) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e5d152d9-7ad0-4e6f-bcb8-79d8df1d3759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.37,85.255.112.13 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e5d152d9-7ad0-4e6f-bcb8-79d8df1d3759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.37,85.255.112.13 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e5d152d9-7ad0-4e6f-bcb8-79d8df1d3759}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.37,85.255.112.13 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{e5d152d9-7ad0-4e6f-bcb8-79d8df1d3759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.37,85.255.112.13 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e5d152d9-7ad0-4e6f-bcb8-79d8df1d3759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.37,85.255.112.13 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{e5d152d9-7ad0-4e6f-bcb8-79d8df1d3759}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.37,85.255.112.13 -> Quarantined and deleted successfully.

Infikované složky:

Log z MbAM není celý. Doplň a ještě log z ComboFixu.

ComboFix 09-08-09.04 - Administrator 10.08.2009 18:36.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.420.1029.18.255.109 [GMT 2:00]
Spuštěný z: d:\documents and settings\Administrator\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\16cbed.msi
c:\windows\Installer\1ade9e.msi
c:\windows\Installer\293199.msi
c:\windows\Installer\ec9e7.msi

Nakažená kopie d:\windows\system32\qmgr.dll byla nalezena a vyléčena.
Obnovena kopie z - d:\windows\system32\dllcache\qmgr.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-10 do 2009-08-10 )))))))))))))))))))))))))))))))
.

2014-06-19 12:02 . 2008-02-17 05:25 -------- d-----w- d:\program files\ESET
2012-10-29 12:12 . 2012-10-29 12:12 -------- d-----w- d:\program files\OLYMPUS
2012-10-29 12:10 . 1999-11-10 10:05 86016 -c--a-w- d:\windows\unvise32qt.exe
2012-10-29 12:10 . 2012-10-29 12:12 -------- d-----w- d:\windows\system32\QuickTime
2012-10-29 12:10 . 2012-10-29 12:10 -------- d-----w- d:\program files\QuickTime
2012-10-29 12:09 . 2012-10-29 12:09 300048 ----a-w- d:\windows\system32\drivers\amon.sys
2012-10-29 12:09 . 2012-10-29 12:09 245760 ----a-w- d:\windows\system32\imon.dll
2012-10-29 12:09 . 2012-10-29 12:09 114688 -c--a-w- d:\windows\system32\nms32.dll
2009-08-10 14:59 . 2009-08-03 11:36 38160 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 14:58 . 2009-08-10 14:59 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-08-10 14:58 . 2009-08-03 11:36 18456 ----a-w- d:\windows\system32\drivers\mbam.sys
2009-08-09 20:14 . 2009-08-09 20:14 -------- d--h--w- d:\windows\system32\GroupPolicy
2009-08-08 12:58 . 2009-08-09 19:48 -------- d-----w- d:\program files\WinClamAVShield
2009-07-28 15:43 . 2009-07-28 15:43 -------- d-----w- d:\program files\TeaTimer (Spybot - Search & Destroy)
2009-07-28 15:43 . 2009-07-28 15:43 -------- d-----w- d:\program files\SDHelper (Spybot - Search & Destroy)
2009-07-20 18:19 . 2009-07-21 16:18 -------- d-----w- d:\program files\Call of Duty United Offensive Single Player Demo

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 16:44 . 2005-01-30 12:33 46016 ----a-w- d:\windows\system32\perfc005.dat
2009-08-10 16:44 . 2005-01-30 12:33 309716 ----a-w- d:\windows\system32\perfh005.dat
2009-07-19 16:43 . 2006-10-18 16:53 -------- d-----w- d:\program files\HLSW
2009-07-03 14:33 . 2007-01-16 19:41 -------- d-----w- d:\program files\Common Files\Adobe
2007-06-16 10:00 . 2007-06-16 09:56 5825656 ----a-w- d:\program files\gtk+-2.10.11-setup.exe
2005-01-30 13:31 . 2005-01-30 13:31 56 --sh--r- d:\windows\system32\28430AAD7D.sys
2005-01-30 13:31 . 2005-01-30 13:31 1682 --sha-w- d:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="d:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 344064]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2012-10-29 847872]
"DAEMON Tools"="d:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"SpywareTerminator"="g:\spyware terminator\SpywareTerminatorShield.exe" [2009-08-08 1654272]
"SoundMan"="SOUNDMAN.EXE" - d:\windows\SOUNDMAN.EXE [2004-12-22 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2002-09-23 13312]

d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - d:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Media Card Companion Monitor.lnk - d:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2005-10-21 98304]
Microsoft Office.lnk - d:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

R1 fwdrv;Firewall Driver;d:\windows\system32\drivers\fwdrv.sys [2.11.2004 10:00 262144]
R1 sp_rsdrv2;Spyware Terminator Driver 2;d:\documents and settings\All Users\Data aplikací\Spyware Terminator\sp_rsdrv2.sys [8.8.2009 14:57 131712]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ALG
*NewlyCreated* - IPNAT
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: &Google Search - d:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &ICQ Toolbar Search - d:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Translate English Word - d:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - d:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - d:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - d:\program files\google\GoogleToolbar1.dll/cmtrans.html
LSP: imon.dll
TCP: {8DF8107D-203D-4EB8-AF0A-047DAB41444D} = 213.250.192.1,213.250.194.1
DPF: DirectAnimation Java Classes - file://d:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
FF - ProfilePath - d:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\zpj7n3ye.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 18:43
Windows 5.1.2600 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(796)
d:\windows\system32\ODBC32.dll
d:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(856)
d:\windows\system32\MSVCRT40.dll
d:\windows\system32\MSVCIRT.dll
d:\windows\system32\imon.dll
d:\program files\Eset\pr_imon.dll
d:\windows\System32\dssenh.dll

- - - - - - - > 'explorer.exe'(3112)
d:\windows\System32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\system32\ati2evxx.exe
d:\windows\system32\ati2evxx.exe
d:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
d:\program files\ESET\nod32krn.exe
d:\windows\system32\PnkBstrA.exe
d:\windows\system32\wdfmgr.exe
d:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
d:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
.
**************************************************************************
.
Celkový čas: 2009-08-10 18:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-10 16:47

Před spuštěním: Volných bajtů: 17 357 316 096
Po spuštění: Volných bajtů: 18 397 040 640

winxpsp1_cs_pro_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
C:\="Microsoft Windows"

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
137

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2590
Windows 5.1.2600 Service Pack 1

10.8.2009 18:56:18
mbam-log-2009-08-10 (18-56-18).txt

Typ skenu: Rychlý sken
Objektu skenováno: 79161
Uplynulý cas: 3 minute(s), 49 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
d:\windows\system32\28430AAD7D.sys
d:\windows\system32\KGyGaAvL.sys
C:\Windows\system32\wdmaud.sys
C:\resycled\bootmatrix.com

Folder::
C:\resycled

Driver::
TDSSserv
msqpdxserv
gaopdxserv
gxvxcserv
seneka
seneca
ndisprot
UACd
MSIVXserv
28430AAD7D
KGyGaAvL
wdmaud

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

PC-HELP.CZ

georgecowley: prosím o kontrolu logu

georgecowley: prosím o kontrolu logu

Re: georgecowley: prosím o kontrolu logu

Re: georgecowley: prosím o kontrolu logu

Re: georgecowley: prosím o kontrolu logu

Re: georgecowley: prosím o kontrolu logu

Re: georgecowley: prosím o kontrolu logu

Re: georgecowley: prosím o kontrolu logu

Re: georgecowley: prosím o kontrolu logu

Re: georgecowley: prosím o kontrolu logu

Re: georgecowley: prosím o kontrolu logu

Re: georgecowley: prosím o kontrolu logu

Re: georgecowley: prosím o kontrolu logu