Zombie pc? nejde facebook-kontrola hijack

pikaso.andreas · Příspěvekod **pikaso.andreas** » 04 lis 2009 07:12

Ahoj,
včera jsem si prohlížel Facebook (FB) a zničeho nic se mi odhlásil. Při pokusu se znovu přihlásit na FB mi napsal:

Účet zablokován

Váš účet byl deaktivován. Pokud máte nějaké dotazy podívejte se prosím na stránku častých dotazů zde.

Někde na internetu jsem našel, že je to z důvodu zavirovaného pc a že spamuji.. Teď mi nejde o FB, ale spíš o ty viry.

Prosím o kontrolu.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:46, on 4.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\PowerDVD9\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Ondra\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Ondra\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\launch4j-tmp\frd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_8730
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_8730
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_8730
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\PowerDVD9\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\PowerDVD9\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Canon LBP5000 Status Window.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAC4LAK.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1ca1091a0e80399) (gupdate1ca1091a0e80399) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9522 bytes

Děkuji za kontrolu a případné rady..

Reklama

Příspěvekod **jaro3** » 04 lis 2009 14:44

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [SunJavaUpdateSched] &quot;C:\Program Files\Java\jre6\bin\jusched.exe&quot;
O13 - Gopher Prefix:

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Doufám , že máš vypnutou rez.ochranu u Spybotu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

pikaso.andreas · Příspěvekod **pikaso.andreas** » 04 lis 2009 18:04

Díkůdík,
zajisté, spybot mám jen na kontrolu, jinak je vypnutý. PC mi hlídá Eset smart 4. Tak, provedl jsem vše co jsi poradil. Log z HJ a MBAM.

mLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:11, on 4.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\PowerDVD9\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Ondra\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Ondra\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_8730
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_8730
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_8730
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\PowerDVD9\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\PowerDVD9\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Canon LBP5000 Status Window.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAC4LAK.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1ca1091a0e80399) (gupdate1ca1091a0e80399) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9125 bytes

Malwarebytes' Anti-Malware 1.41
Verze databáze: 3072
Windows 6.0.6002 Service Pack 2

4.11.2009 18:04:13
mbam-log-2009-11-04 (18-04-13).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 92539
Uplynulý čas: 4 minute(s), 36 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Příspěvekod **jaro3** » 04 lis 2009 18:11

Předpokládám , že používáš FF.

Stáhni si GooredFix

a ulož si ho na plochu.Poklepej na něj .
Objeví se hláška ,dej YES
Otevře se log , zkopíruj sem celý jeho obsah ( jinak ho najdeš na své ploše pod názvem Goored.txt).

Vypni rez. ochrany + firewall u ESET Smart Security

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

pikaso.andreas · Příspěvekod **pikaso.andreas** » 04 lis 2009 18:43

Ano, mám FF.

GooredFix by jpshortstuff (24.09.09.1)
Log created at 18:41 on 04/11/2009 (Ondra)
Firefox version 3.5.4 (cs)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
search@searchsettings.com [17:03 01/05/2009]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [17:33 10/04/2009]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [06:01 17/04/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [16:33 17/04/2009]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [21:24 04/08/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [13:29 12/04/2009]
"bkmrksync@nokia.com"="C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\" [07:09 29/05/2009]

-=E.O.F=-

ComboFix 09-11-03.03 - Ondra 04.11.2009 18:29.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3066.1161 [GMT 1:00]
Spuštěný z: c:\users\Ondra\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\users\Ondra\Documents\cc_20091005_192250.reg
c:\users\Ondra\Documents\cc_20091101_010748.reg
c:\windows\Suyin.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-04 do 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-11-01 00:13 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 00:13 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-30 20:39 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-30 20:39 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-30 20:39 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-30 20:39 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-30 20:39 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-30 20:39 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-30 20:39 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-30 20:39 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-30 20:39 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-28 12:18 . 2009-10-28 12:18 -------- d-----w- c:\program files\Foxit Software
2009-10-28 12:09 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 12:09 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-14 16:38 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 16:28 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 16:26 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 16:26 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 15:33 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 15:07 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-10 21:44 . 2009-10-10 21:44 -------- d-----w- c:\program files\Sony Ericsson
2009-10-07 18:50 . 2009-10-07 18:50 -------- d-----w- c:\program files\QS
2009-10-06 19:04 . 2009-10-06 19:04 -------- d-----w- c:\program files\FormatFactory

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 17:00 . 2009-04-10 19:12 -------- d-----w- c:\program files\QIP Infium
2009-11-03 16:46 . 2009-01-30 11:14 598832 ----a-w- c:\windows\system32\perfh005.dat
2009-11-03 16:46 . 2009-01-30 11:14 114992 ----a-w- c:\windows\system32\perfc005.dat
2009-11-03 05:03 . 2009-04-10 21:16 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-02 17:58 . 2009-04-11 15:29 -------- d-----w- c:\users\Ondra\AppData\Roaming\uTorrent
2009-11-02 17:49 . 2009-05-09 09:49 -------- d-----w- c:\users\Ondra\AppData\Roaming\MyPhoneExplorer
2009-11-01 00:20 . 2009-05-05 18:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-01 00:13 . 2009-06-23 16:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 08:50 . 2009-04-19 22:15 -------- d-----w- c:\program files\GomPlayer
2009-10-21 17:21 . 2009-05-29 07:10 -------- d-----w- c:\users\Ondra\AppData\Roaming\PC Suite
2009-10-19 17:55 . 2009-09-28 09:11 -------- d-----w- c:\program files\Atari
2009-10-19 17:55 . 2009-01-30 03:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-18 12:01 . 2009-09-28 09:38 -------- d-----w- c:\users\Ondra\AppData\Roaming\Atari
2009-10-14 20:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-14 19:48 . 2009-01-30 03:40 -------- d-----w- c:\program files\Microsoft Works
2009-10-04 21:42 . 2009-05-05 18:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-01 08:29 . 2009-10-02 18:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 16:51 . 2009-05-31 07:02 -------- d-----w- c:\program files\Electronic Arts
2009-09-30 16:46 . 2009-09-30 16:46 10134 ----a-r- c:\users\Ondra\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-09-30 16:46 . 2009-09-30 16:46 -------- d-----w- c:\program files\Microsoft WSE
2009-09-28 09:13 . 2009-09-28 09:13 -------- d-----w- c:\users\Ondra\AppData\Roaming\Leadertech
2009-09-28 07:59 . 2009-08-01 21:58 -------- d-----w- c:\program files\Motordiag Komfort Manager Lite 1.20
2009-09-28 07:29 . 2009-04-28 04:37 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-27 19:44 . 2009-04-11 15:29 -------- d-----w- c:\program files\uTorrent
2009-09-27 19:13 . 2009-04-19 20:47 -------- d-----w- c:\program files\Winamp
2009-09-18 22:06 . 2009-09-18 22:03 -------- d-----w- c:\program files\ATI
2009-09-18 22:03 . 2009-09-18 22:03 -------- d-----w- c:\program files\ATI Technologies
2009-09-14 17:14 . 2009-01-30 03:18 -------- d-----w- c:\program files\Windows Live
2009-09-14 17:11 . 2009-09-14 17:11 -------- d-----w- c:\program files\Microsoft
2009-09-14 17:10 . 2009-09-14 17:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-11 11:08 . 2009-07-02 19:11 680 ----a-w- c:\users\Ondra\AppData\Local\d3d9caps.dat
2009-09-10 16:22 . 2009-09-10 16:22 -------- d-----w- c:\program files\Valve
2009-08-29 00:27 . 2009-09-02 16:50 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 16:50 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-14 18:10 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 18:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-14 18:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-14 18:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:27 . 2009-09-09 17:22 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 17:22 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 17:22 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 17:22 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 17:22 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 17:22 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 17:22 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 17:22 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 17:22 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 17:22 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 17:22 105984 ----a-w- c:\windows\system32\netiohlp.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 15:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-29 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-17 858632]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 417792]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"RemoteControl9"="c:\program files\PowerDVD9\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files\PowerDVD9\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-09-19 6294048]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-23 727592]
Canon LBP5000 Status Window.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAC4LAK.EXE [2009-6-8 50848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):45,ce,4e,a0,5b,fa,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4016117494-3182526739-4166363913-1000]
"EnableNotificationsRef"=dword:00000002

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R1 VD_FileDisk;VD_FileDisk;c:\windows\System32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/12 23:17];c:\program files\PowerDVD9\PowerDVD9\000.fcl [7.5.2009 20:05 87536]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [16.3.2009 21:27 172032]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 14:47 731840]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [14.5.2009 14:49 38240]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [30.1.2009 4:49 24576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [5.5.2009 19:26 1153368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [26.6.2008 1:39 212992]
R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\System32\drivers\hidshim.sys [8.10.2008 9:43 5632]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 6:40 3668480]
R3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\System32\drivers\nuvotonhidgeneric.sys [8.10.2008 9:43 22528]
S2 gupdate1ca1091a0e80399;Služba Google Update (gupdate1ca1091a0e80399);c:\program files\Google\Update\GoogleUpdate.exe [29.7.2009 22:14 133104]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10.4.2009 15:27 24064]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2009-11-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-10 21:13]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 21:14]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 21:14]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4016117494-3182526739-4166363913-1000Core.job
- c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-29 19:30]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4016117494-3182526739-4166363913-1000UA.job
- c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-29 19:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_8730
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_8730
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\7a9vku18.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Ondra\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-eRecoveryService - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 18:37
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85F201F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x85f201f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\PowerDVD9\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-11-04 18:40
ComboFix-quarantined-files.txt 2009-11-04 17:40

Před spuštěním: Volných bajtů: 40 430 440 448
Po spuštění: Volných bajtů: 40 351 227 904

Příspěvekod **jaro3** » 04 lis 2009 19:13

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\bthservsdp.dat
c:\users\Ondra\AppData\Local\d3d9caps.dat

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Stáhni si MBR Rootkit Detektor
- ulož si ho přímo na disk C a spusť ho
- za chvíli se ti vytvoří jeho log (mbr.log) vlož sem celý jeho obsah.

pikaso.andreas · Příspěvekod **pikaso.andreas** » 04 lis 2009 19:38

ComboFix 09-11-03.03 - Ondra 04.11.2009 19:19.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3066.1193 [GMT 1:00]
Spuštěný z: c:\users\Ondra\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ondra\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Ondra\AppData\Local\d3d9caps.dat"
"c:\windows\bthservsdp.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Ondra\AppData\Local\d3d9caps.dat
c:\windows\bthservsdp.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-04 do 2009-11-04 )))))))))))))))))))))))))))))))
.

2009-11-04 18:25 . 2009-11-04 18:31 -------- d-----w- c:\users\Ondra\AppData\Local\temp
2009-11-04 18:25 . 2009-11-04 18:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-04 18:25 . 2009-11-04 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-01 00:13 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 00:13 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-30 20:39 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-30 20:39 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-30 20:39 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-30 20:39 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-30 20:39 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-30 20:39 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-30 20:39 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-30 20:39 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-30 20:39 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-28 12:18 . 2009-10-28 12:18 -------- d-----w- c:\program files\Foxit Software
2009-10-28 12:09 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 12:09 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-14 16:38 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 16:28 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 16:26 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 16:26 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 15:33 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 15:07 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-10 21:44 . 2009-10-10 21:44 -------- d-----w- c:\program files\Sony Ericsson
2009-10-07 18:50 . 2009-10-07 18:50 -------- d-----w- c:\program files\QS
2009-10-06 19:04 . 2009-10-06 19:04 -------- d-----w- c:\program files\FormatFactory

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 17:00 . 2009-04-10 19:12 -------- d-----w- c:\program files\QIP Infium
2009-11-03 16:46 . 2009-01-30 11:14 598832 ----a-w- c:\windows\system32\perfh005.dat
2009-11-03 16:46 . 2009-01-30 11:14 114992 ----a-w- c:\windows\system32\perfc005.dat
2009-11-02 17:58 . 2009-04-11 15:29 -------- d-----w- c:\users\Ondra\AppData\Roaming\uTorrent
2009-11-02 17:49 . 2009-05-09 09:49 -------- d-----w- c:\users\Ondra\AppData\Roaming\MyPhoneExplorer
2009-11-01 00:20 . 2009-05-05 18:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-01 00:13 . 2009-06-23 16:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-25 08:50 . 2009-04-19 22:15 -------- d-----w- c:\program files\GomPlayer
2009-10-21 17:21 . 2009-05-29 07:10 -------- d-----w- c:\users\Ondra\AppData\Roaming\PC Suite
2009-10-19 17:55 . 2009-09-28 09:11 -------- d-----w- c:\program files\Atari
2009-10-19 17:55 . 2009-01-30 03:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-18 12:01 . 2009-09-28 09:38 -------- d-----w- c:\users\Ondra\AppData\Roaming\Atari
2009-10-14 20:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-14 19:48 . 2009-01-30 03:40 -------- d-----w- c:\program files\Microsoft Works
2009-10-04 21:42 . 2009-05-05 18:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-01 08:29 . 2009-10-02 18:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 16:51 . 2009-05-31 07:02 -------- d-----w- c:\program files\Electronic Arts
2009-09-30 16:46 . 2009-09-30 16:46 10134 ----a-r- c:\users\Ondra\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-09-30 16:46 . 2009-09-30 16:46 -------- d-----w- c:\program files\Microsoft WSE
2009-09-28 09:13 . 2009-09-28 09:13 -------- d-----w- c:\users\Ondra\AppData\Roaming\Leadertech
2009-09-28 07:59 . 2009-08-01 21:58 -------- d-----w- c:\program files\Motordiag Komfort Manager Lite 1.20
2009-09-28 07:29 . 2009-04-28 04:37 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-27 19:44 . 2009-04-11 15:29 -------- d-----w- c:\program files\uTorrent
2009-09-27 19:13 . 2009-04-19 20:47 -------- d-----w- c:\program files\Winamp
2009-09-18 22:06 . 2009-09-18 22:03 -------- d-----w- c:\program files\ATI
2009-09-18 22:03 . 2009-09-18 22:03 -------- d-----w- c:\program files\ATI Technologies
2009-09-14 17:14 . 2009-01-30 03:18 -------- d-----w- c:\program files\Windows Live
2009-09-14 17:11 . 2009-09-14 17:11 -------- d-----w- c:\program files\Microsoft
2009-09-14 17:10 . 2009-09-14 17:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-10 16:22 . 2009-09-10 16:22 -------- d-----w- c:\program files\Valve
2009-08-29 00:27 . 2009-09-02 16:50 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 16:50 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-14 18:10 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 18:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-14 18:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-14 18:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 16:27 . 2009-09-09 17:22 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 17:22 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 17:22 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 17:22 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 17:22 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 17:22 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 17:22 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 17:22 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 17:22 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 17:22 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 17:22 105984 ----a-w- c:\windows\system32\netiohlp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-04_17.37.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-10 21:18 . 2009-11-03 16:39 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-10 21:18 . 2009-11-04 18:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-10 21:18 . 2009-11-03 16:39 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-10 21:18 . 2009-11-04 18:28 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-10 21:18 . 2009-11-04 18:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-10 21:18 . 2009-11-03 16:39 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-03 16:39 . 2009-11-03 16:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-04 18:27 . 2009-11-04 18:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-03 16:39 . 2009-11-03 16:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-04 18:27 . 2009-11-04 18:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-17 18:41 . 2009-11-03 16:39 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-17 18:41 . 2009-11-04 18:28 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2006-11-02 10:22 . 2009-11-04 18:25 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-11-04 16:54 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-11-04 17:25 . 2009-11-04 17:25 6402048 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2009-11-04 17:25 . 2009-11-04 18:17 6402048 c:\windows\ERDNT\Hiv-backup\schema.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 15:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-29 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-17 858632]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 417792]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"RemoteControl9"="c:\program files\PowerDVD9\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files\PowerDVD9\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-09-19 6294048]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-23 727592]
Canon LBP5000 Status Window.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAC4LAK.EXE [2009-6-8 50848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):45,ce,4e,a0,5b,fa,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4016117494-3182526739-4166363913-1000]
"EnableNotificationsRef"=dword:00000002

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R1 VD_FileDisk;VD_FileDisk;c:\windows\System32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/12 23:17];c:\program files\PowerDVD9\PowerDVD9\000.fcl [7.5.2009 20:05 87536]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [16.3.2009 21:27 172032]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 14:47 731840]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [14.5.2009 14:49 38240]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [30.1.2009 4:49 24576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [5.5.2009 19:26 1153368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [26.6.2008 1:39 212992]
R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\System32\drivers\hidshim.sys [8.10.2008 9:43 5632]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 6:40 3668480]
R3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\System32\drivers\nuvotonhidgeneric.sys [8.10.2008 9:43 22528]
S2 gupdate1ca1091a0e80399;Služba Google Update (gupdate1ca1091a0e80399);c:\program files\Google\Update\GoogleUpdate.exe [29.7.2009 22:14 133104]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10.4.2009 15:27 24064]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2009-11-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-10 21:13]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 21:14]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 21:14]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4016117494-3182526739-4166363913-1000Core.job
- c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-29 19:30]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4016117494-3182526739-4166363913-1000UA.job
- c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-29 19:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_8730
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_8730
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\7a9vku18.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Ondra\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 19:32
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\windows\TEMP\TMP00000042903E384C7EE91339 524288 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85F221F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x85f221f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\PowerDVD9\PowerDVD9\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2272)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\CNAC4RPK.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\ehome\ehmsas.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\users\Ondra\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2009-11-04 19:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-11-04 18:35
ComboFix2.txt 2009-11-04 17:40

Před spuštěním: Volných bajtů: 38 870 925 312
Po spuštění: Volných bajtů: 38 628 421 632

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:33, on 4.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\PowerDVD9\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Ondra\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_8730
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_8730
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\PowerDVD9\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\PowerDVD9\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Canon LBP5000 Status Window.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAC4LAK.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate1ca1091a0e80399) (gupdate1ca1091a0e80399) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8371 bytes

Příspěvekod **jaro3** » 04 lis 2009 20:03

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si program OTM (by OldTimer)
http://www.edisk.cz/stahni/07995/OTMove ... .39KB.html
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Pak napiš , jak je to s FB.

pikaso.andreas · Příspěvekod **pikaso.andreas** » 04 lis 2009 20:17

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
File delete failed. C:\Users\Ondra\AppData\Local\Temp\RtkBtMnt.exe scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 11042009_201327

Files moved on Reboot...
C:\Users\Ondra\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
File C:\Users\Ondra\AppData\Local\Mozilla\Firefox\Profiles\7a9vku18.default\Cache\_CACHE_001_ not found!
File C:\Users\Ondra\AppData\Local\Mozilla\Firefox\Profiles\7a9vku18.default\Cache\_CACHE_002_ not found!
File C:\Users\Ondra\AppData\Local\Mozilla\Firefox\Profiles\7a9vku18.default\Cache\_CACHE_003_ not found!
File C:\Users\Ondra\AppData\Local\Mozilla\Firefox\Profiles\7a9vku18.default\Cache\_CACHE_MAP_ not found!
File C:\Users\Ondra\AppData\Local\Mozilla\Firefox\Profiles\7a9vku18.default\urlclassifier3.sqlite not found!
File C:\Users\Ondra\AppData\Local\Mozilla\Firefox\Profiles\7a9vku18.default\XUL.mfl not found!

Registry entries deleted on Reboot...

FB stále nejede :-(

Asi tam budu muset napsat, snad sesmolím něco v AJ :-)

Příspěvekod **jaro3** » 04 lis 2009 20:21

Nic tam nevidím..

Stáhni si :Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit, smazat, přesunout nebo přejmenovat

Pak tam zkus napsat.

Poté jedině použít nějaký on-line scanner, i když myslím , že to viry nebude.

pikaso.andreas · Příspěvekod **pikaso.andreas** » 04 lis 2009 20:23

Děkuji ti za pomoc a kontrolu. Budu zkoušet dál. A byla teda v pc nějaká nákaza???

Příspěvekod **jaro3** » 04 lis 2009 20:26

To vidíš ve výmazech Combofixu:
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\users\Ondra\Documents\cc_20091005_192250.reg --toto je omyl , je to záloha registru CCleaneru
c:\users\Ondra\Documents\cc_20091101_010748.reg -- toto to samé.
c:\windows\Suyin.reg

+ ten můj script.

Zombie pc? nejde facebook-kontrola hijack

Zombie pc? nejde facebook-kontrola hijack

Re: Zombie pc? nejde facebook-kontrola hijack

Re: Zombie pc? nejde facebook-kontrola hijack

Re: Zombie pc? nejde facebook-kontrola hijack

Re: Zombie pc? nejde facebook-kontrola hijack

Re: Zombie pc? nejde facebook-kontrola hijack

Re: Zombie pc? nejde facebook-kontrola hijack

Re: Zombie pc? nejde facebook-kontrola hijack

Re: Zombie pc? nejde facebook-kontrola hijack

Re: Zombie pc? nejde facebook-kontrola hijack

Re: Zombie pc? nejde facebook-kontrola hijack

Re: Zombie pc? nejde facebook-kontrola hijack

Kdo je online