Stránka 1 z 1

zlob trojan-zadost o pomoc

Napsal: 04 pro 2010 00:36
od sarinka2002
prosim pomozte, uz jsem vyzkousel vsechno ( spybot, terminator, atd...)

Logfile of HijackThis v1.99.1
Scan saved at 00:35:44, on 4.12.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
E:\hijack this !!!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = CO TAK ČUMÍŠ ?????????
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.OCX
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nhd.exe] "C:\Documents and Settings\Administrator\Data aplikací\nhd.exe"
O4 - HKLM\..\Run: [qxtb.exe] "C:\Documents and Settings\Administrator\Data aplikací\qxtb.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "E:\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uninstall_CToolbar] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\CUninst.exe" "/remove"
O4 - HKCU\..\RunOnce: [eApNa04300] C:\Documents and Settings\All Users\Data aplikací\eApNa04300\eApNa04300.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.80.66.25/activex/AxisCamControl.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O16 - DPF: {FD7C00A9-E676-11D6-A08E-00E09878F0CF} (Nsload Control) - https://vconnect.visteon.com/vpns/scripts/nsload.ocx
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - %fystemRoot%\system32\svchost.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing)

Re: zlob trojan-zadost o pomoc

Napsal: 04 pro 2010 08:51
od memphisto
Vítej na fóru PC-HELP.CZ

A ty se divíš, když nemáš žádný antivir? :smile:

Odinstaluj:
Spybot
Spyware Terminátor
ICQ Toolbar
Trojan Scaner
SpyHunter

v logu fixni:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = CO TAK ČUMÍŠ ?????????
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nhd.exe] "C:\Documents and Settings\Administrator\Data aplikací\nhd.exe"
O4 - HKLM\..\Run: [qxtb.exe] "C:\Documents and Settings\Administrator\Data aplikací\qxtb.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.80.66.25/activex/AxisCamControl.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O16 - DPF: {FD7C00A9-E676-11D6-A08E-00E09878F0CF} (Nsload Control) - https://vconnect.visteon.com/vpns/scripts/nsload.ocx

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Re: zlob trojan-zadost o pomoc

Napsal: 04 pro 2010 11:55
od sarinka2002
pouzil jsem antispyware a snad se to povedlo. mam ho nyni nainstalovany. Pouzivam CCleaner. Mam si i presto preventivne stahnout a nainstalovat nektery z nize uvedenych programu? posilam log po projeti anistpywarem pro kontrolu



Logfile of HijackThis v1.99.1
Scan saved at 11:54:55, on 4.12.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Administrator\Data aplikací\rpi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\hijack this !!!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = CO TAK ČUMÍŠ ?????????
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\MSDXM.OCX
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nhd.exe] "C:\Documents and Settings\Administrator\Data aplikací\nhd.exe"
O4 - HKLM\..\Run: [qxtb.exe] "C:\Documents and Settings\Administrator\Data aplikací\qxtb.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "E:\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.80.66.25/activex/AxisCamControl.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O16 - DPF: {FD7C00A9-E676-11D6-A08E-00E09878F0CF} (Nsload Control) - https://vconnect.visteon.com/vpns/scripts/nsload.ocx
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - %fystemRoot%\system32\svchost.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing)

Re: zlob trojan-zadost o pomoc

Napsal: 04 pro 2010 13:58
od memphisto
Já jsem chtěl ten log z Malwarebytes, co na tebe vyskočil po čištění. Najdeš jej v záložce protokoly a ten poslední s datem, kdy jsi skenovala ty, otevři, stiskni CTRL+A a CTRL+C a vlož jeho obsah sem. Jinak HJT používej nejnovější verzi. Odkaz mám v podpise. Starší verze obsahují chyby

Re: zlob trojan-zadost o pomoc

Napsal: 04 pro 2010 17:52
od sarinka2002
tady to je.....




Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 5243

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

4.12.2010 17:51:32
mbam-log-2010-12-04 (17-51-25).txt

Typ kontroly: Rychlý test
Testované objekty: 143815
Uplynulý čas: 7 minut, 21 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 20
Infikované hodnoty v registru: 2
Infikované datové položky v registru: 2
Infikované složky: 0
Infikované soubory: 6

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\Typelib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{98635087-3F5D-418F-990C-B1EFE0797A3B} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38A7C9DA-8DB7-4D0F-A7B1-C4B1A305BDDB} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A6573479-9075-4A65-98A6-19FD29CF7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.BrowserOverlayEmbed (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RkHit (Rogue.SpywareCease) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nhd.exe (Trojan.DownloaderM.Gen) -> Value: nhd.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qxtb.exe (Trojan.DownloaderM.Gen) -> Value: qxtb.exe -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\administrator\data aplikací\nhd.exe (Trojan.DownloaderM.Gen) -> No action taken.
c:\documents and settings\administrator\data aplikací\qxtb.exe (Trojan.DownloaderM.Gen) -> No action taken.
c:\documents and settings\administrator\data aplikací\goxgl2xgi.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\administrator\data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
c:\WINDOWS\pilsner urquell.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\Tasks\fbagent.job (Malware.Trace) -> No action taken.

Re: zlob trojan-zadost o pomoc

Napsal: 04 pro 2010 19:02
od memphisto
- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Re: zlob trojan-zadost o pomoc

Napsal: 04 pro 2010 20:35
od sarinka2002
zde

ComboFix 10-12-03.01 - Administrator 04.12.2010 20:11:11.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.479.104 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
FW: Outpost Firewall Pro *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
* Rezidentní štít AV je zapnutý


FILE ::
"c:\documents and settings\Administrator\Data aplikací\exfnm.exe"
"c:\documents and settings\Administrator\Data aplikací\gOXGL2XGi.exe"
"c:\documents and settings\Administrator\Data aplikací\KabB7wf4.exe"
"c:\documents and settings\Administrator\Data aplikací\nhd.exe"
"c:\documents and settings\Administrator\Data aplikací\qxtb.exe"
"c:\documents and settings\All Users\Data aplikací\eApNa04300"
"c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP"
"c:\windows\isRS-000.tmp"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1214440339-725345543-500.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1214440339-725345543-500.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\windows\isRS-000.tmp
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-1214440339-725345543-500.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-1214440339-725345543-500.job
c:\windows\TEMP\6.tmp
c:\windows\TEMP\7.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-04 do 2010-12-04 )))))))))))))))))))))))))))))))
.

2010-12-04 17:38 . 2010-12-04 17:38 -------- d-----w- c:\program files\VirusTotalUploader2
2010-12-04 16:35 . 2010-12-04 16:35 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2010-12-04 16:34 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-04 16:34 . 2010-12-04 16:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-04 16:34 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-04 16:34 . 2010-12-04 16:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-04 13:59 . 2010-12-04 13:59 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2010-12-04 07:53 . 2010-12-04 07:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-12-04 07:53 . 2010-12-04 07:53 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\SUPERAntiSpyware.com
2010-12-04 07:53 . 2010-12-04 07:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-03 22:41 . 2010-12-03 22:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2010-12-03 22:30 . 2010-12-03 22:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-12-03 22:12 . 2010-12-03 22:12 -------- d-----w- c:\program files\Enigma Software Group
2010-12-03 22:11 . 2010-12-04 07:47 -------- d-----w- c:\windows\3636C9237AD64DE3978A09609AEE8ECF.TMP
2010-12-03 22:11 . 2010-12-03 22:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-12-03 20:53 . 2010-12-03 22:47 -------- d-----w- c:\program files\Crawler
2010-12-03 20:11 . 2010-12-03 20:11 138240 ----a-w- c:\documents and settings\Administrator\Data aplikací\KabB7wf4.exe
2010-12-03 20:10 . 2010-12-03 20:10 65536 ----a-w- c:\documents and settings\Administrator\Data aplikací\qxtb.exe
2010-12-03 20:09 . 2010-12-03 20:09 456192 ----a-w- c:\documents and settings\Administrator\Data aplikací\gOXGL2XGi.exe
2010-12-03 20:09 . 2010-12-03 20:09 65536 ----a-w- c:\documents and settings\Administrator\Data aplikací\nhd.exe
2010-12-03 20:09 . 2010-12-04 08:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\eApNa04300
2010-12-03 20:09 . 2010-12-03 20:09 174592 ----a-w- c:\documents and settings\Administrator\Data aplikací\exfnm.exe
2010-11-28 22:20 . 2010-11-28 22:20 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\BitComet

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 14:58 . 2010-09-10 14:58 1409 ----a-w- c:\windows\QTFont.for
2007-06-16 11:02 . 2007-06-16 11:01 1944449 -c--a-w- c:\program files\pajssetup.exe
2007-01-07 12:57 . 2007-01-07 12:56 6064640 -c--a-w- c:\program files\icq5_1_setup.exe
2006-12-14 20:56 . 2006-12-14 20:55 711881 -c--a-w- c:\program files\PowerISO26.exe
2006-12-14 18:42 . 2006-12-14 18:42 693840 -c--a-w- c:\program files\wmv9VCMsetup.exe
2006-12-01 20:56 . 2006-12-01 20:56 11937728 -c--a-w- c:\program files\Avastsetupcze.exe
2006-12-01 15:27 . 2006-08-14 20:24 5037072 -c--a-w- c:\program files\spybotsd14.exe
2006-12-01 15:03 . 2006-11-30 16:15 10050902 -c--a-w- c:\program files\Codecs6030_allin1.exe
2006-12-01 14:54 . 2006-12-01 14:54 315624 -c--a-w- c:\program files\dxwebsetup.exe
2006-11-27 15:30 . 2006-11-27 15:28 12841064 -c--a-w- c:\program files\SkypeSetup.exe
2009-08-28 21:42 . 2009-08-28 21:42 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-08-28 21:42 . 2009-08-28 21:42 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-22 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OFFICEKB"="c:\program files\Labtec\Keyboard\V5.1\kbdap32a.exe" [2006-03-24 387584]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-01-26 327680]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"SCDEmuApp.exe"="c:\program files\PowerISO\SCDEmuApp.exe" [2005-10-16 167936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-20 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2005-03-08 01:33 53248 ----a-w- c:\windows\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TUWinStylerThemeSvc"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"e:\\skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"e:\\skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23861:TCP"= 23861:TCP:BitComet 23861 TCP
"23861:UDP"= 23861:UDP:BitComet 23861 UDP
"14340:TCP"= 14340:TCP:BitComet 14340 TCP
"14340:UDP"= 14340:UDP:BitComet 14340 UDP

R0 PLFF;USB Flash Disk Driver;c:\windows\system32\drivers\plff.sys [9.6.2006 14:36 7424]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.12.2006 23:28 639224]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [20.12.2006 8:50 58464]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 19:41 67656]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [28.3.2006 21:19 6852]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 7:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 7:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 7:11 12928]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [6.7.2007 15:37 9510]
R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [31.12.2006 20:28 391743]
S1 d5f235d7;d5f235d7;c:\windows\system32\drivers\d5f235d7.sys [7.6.2009 22:37 0]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [23.4.2006 10:28 76373]
S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [23.4.2006 10:28 32631]
S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [23.4.2006 10:28 10005]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [13.12.2006 10:00 19072]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ENTDRV51
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride =
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/Juni ... Client.cab
DPF: {FD7C00A9-E676-11D6-A08E-00E09878F0CF} - hxxps://vconnect.visteon.com/vpns/scripts/nsload.ocx
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4s7n22bu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\DivX for LG 900 Arena\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\DivX for LG 900 Arena\DivX Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4s7n22bu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 20:22
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\EntApi.dll

- - - - - - - > 'explorer.exe'(4000)
c:\windows\system32\EntApi.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\mcshield.exe
c:\program files\Network Associates\VirusScan\vstskmgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-12-04 20:29:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-04 19:29
ComboFix2.txt 2010-12-04 17:25

Před spuštěním: Volných bajtů: 16 809 537 536
Po spuštění: Volných bajtů: 16 824 692 736

- - End Of File - - 608755BBE2977C26E5C3DAE2F3F38EFD

Re: zlob trojan-zadost o pomoc

Napsal: 05 pro 2010 00:29
od memphisto
Víš co, dodělej si tu kontrolu na viry.cz a tady to uzavři. Nemá smysl mi sem dávat Combofix po skriptu, co ti vytvořili jinde :evil: Je blbost, abych ti radil, když současná podoba CF logu bude opět jiná :?

Re: zlob trojan-zadost o pomoc

Napsal: 05 pro 2010 09:17
od sarinka2002
hele omlouvam se. ja to zkousela i tam, protoze tady nebyla reakce. jsem vazne v haji. :oops: :huh:

Re: zlob trojan-zadost o pomoc  Vyřešeno

Napsal: 05 pro 2010 10:35
od memphisto
Tak samozřejmě nebyla reakce, když to napíšeš o půl jedné ráno. Taky jsem jen člověk a nejsem tady 24 hodin. Dořeš to tedy na těch virech. Bude to v pořádku. Tady to uzamknu. Pokud bys k tomu něco měla, tak napiš SZ.