kontrola hodně zavirované PC Vyřešeno
Napsal: 15 úno 2012 20:29
ahoj,
potřeboval bych pomoc s PC známého, který má PC hodně zanešený... Měl tam cracknutý NOD a dokonce snad i MBAM, hodil jsem tam Avast a MBAM free, budou tam nejspíš i rooti podle toho co říkal Avast
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:16:58, on 15.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\qttask.exe
C:\Documents and Settings\All Users\u21703v62h.exe
C:\Documents and Settings\All Users\ylxkrwhfv3.exe
C:\Documents and Settings\All Users\79bjm5me7g.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\admin\lmsxqcbysw.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\admin\Plocha\HijackThis.exe
C:\Program Files\AVAST Software\Avast\defs\11112801\Sf.bin
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [u21703v62h] C:\Documents and Settings\All Users\u21703v62h.exe
O4 - HKLM\..\Run: [ylxkrwhfv3] C:\Documents and Settings\All Users\ylxkrwhfv3.exe
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [79bjm5me7g] C:\Documents and Settings\All Users\79bjm5me7g.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\WINDOWS\TEMP\E_SA69.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [u21703v62h] C:\Documents and Settings\admin\u21703v62h.exe
O4 - HKCU\..\Run: [{9E1A7D3B-5927-AD7F-C3AD-25A2D95706B0}] "C:\Documents and Settings\admin\Data aplikací\Ugelz\udney.exe"
O4 - HKCU\..\Run: [lmsxqcbysw] C:\Documents and Settings\admin\lmsxqcbysw.exe
O4 - HKCU\..\Run: [{8D2A6406-3B6B-2847-1F22-BBBD3C615D4D}] "C:\Documents and Settings\admin\Data aplikací\Woiqa\huir.exe"
O4 - HKCU\..\Run: [ylxkrwhfv3] C:\Documents and Settings\admin\ylxkrwhfv3.exe
O4 - HKCU\..\Run: [79bjm5me7g] C:\Documents and Settings\admin\79bjm5me7g.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: egwun.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: lehau.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: egwun.exe (User 'Default user')
O4 - .DEFAULT Startup: lehau.exe (User 'Default user')
O4 - .DEFAULT User Startup: egwun.exe (User 'Default user')
O4 - .DEFAULT User Startup: lehau.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: memegon - C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\memegon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AMService - Unknown owner - C:\WINDOWS\TEMP\dwce\setup.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: Vodafone Mobile Connect Service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
--
End of file - 10164 bytes
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Verze databáze: v2012.02.15.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
admin :: POKOJ [administrátor]
15.2.2012 20:18:25
mbam-log-2012-02-15 (20-24-45).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 182902
Uplynulý čas: 5 minut, 30 sekund
Nalezené procesy v paměti: 4
C:\Documents and Settings\All Users\u21703v62h.exe (Spyware.Agent) -> 668 -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\ylxkrwhfv3.exe (Malware.Packer) -> 676 -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\79bjm5me7g.exe (Trojan.VUPX.Gen) -> 692 -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\admin\lmsxqcbysw.exe (Backdoor.Bot) -> 900 -> Žádná instrukce nebyla provedena.
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|u21703v62h (Spyware.Agent) -> Data: C:\Documents and Settings\All Users\u21703v62h.exe -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ylxkrwhfv3 (Malware.Packer) -> Data: C:\Documents and Settings\All Users\ylxkrwhfv3.exe -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|79bjm5me7g (Trojan.VUPX.Gen) -> Data: C:\Documents and Settings\All Users\79bjm5me7g.exe -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|lmsxqcbysw (Backdoor.Bot) -> Data: C:\Documents and Settings\admin\lmsxqcbysw.exe -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|u21703v62h (Spyware.Agent) -> Data: C:\Documents and Settings\admin\u21703v62h.exe -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{9E1A7D3B-5927-AD7F-C3AD-25A2D95706B0} (Trojan.PWS) -> Data: "C:\Documents and Settings\admin\Data aplikací\Ugelz\udney.exe" -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{8D2A6406-3B6B-2847-1F22-BBBD3C615D4D} (Trojan.Agent.BGen2) -> Data: "C:\Documents and Settings\admin\Data aplikací\Woiqa\huir.exe" -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ylxkrwhfv3 (Malware.Packer) -> Data: C:\Documents and Settings\admin\ylxkrwhfv3.exe -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|79bjm5me7g (Trojan.VUPX.Gen) -> Data: C:\Documents and Settings\admin\79bjm5me7g.exe -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Data: C:\WINDOWS\system32\regedit.exe -> Žádná instrukce nebyla provedena.
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 11
C:\Documents and Settings\All Users\u21703v62h.exe (Spyware.Agent) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\ylxkrwhfv3.exe (Malware.Packer) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\79bjm5me7g.exe (Trojan.VUPX.Gen) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\admin\lmsxqcbysw.exe (Backdoor.Bot) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\admin\u21703v62h.exe (Spyware.Agent) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\admin\Data aplikací\Ugelz\udney.exe (Trojan.PWS) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\admin\Data aplikací\Woiqa\huir.exe (Trojan.Agent.BGen2) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\admin\ylxkrwhfv3.exe (Malware.Packer) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\admin\79bjm5me7g.exe (Trojan.VUPX.Gen) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Default User\Nabídka Start\Programy\Po spuštění\egwun.exe (Trojan.Agent.BGen2) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Default User\Nabídka Start\Programy\Po spuštění\lehau.exe (Rootkit.0Access) -> Žádná instrukce nebyla provedena.
(konec)
díky za pomoc
potřeboval bych pomoc s PC známého, který má PC hodně zanešený... Měl tam cracknutý NOD a dokonce snad i MBAM, hodil jsem tam Avast a MBAM free, budou tam nejspíš i rooti podle toho co říkal Avast
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:16:58, on 15.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS\system32\qttask.exe
C:\Documents and Settings\All Users\u21703v62h.exe
C:\Documents and Settings\All Users\ylxkrwhfv3.exe
C:\Documents and Settings\All Users\79bjm5me7g.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\admin\lmsxqcbysw.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\admin\Plocha\HijackThis.exe
C:\Program Files\AVAST Software\Avast\defs\11112801\Sf.bin
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [u21703v62h] C:\Documents and Settings\All Users\u21703v62h.exe
O4 - HKLM\..\Run: [ylxkrwhfv3] C:\Documents and Settings\All Users\ylxkrwhfv3.exe
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [79bjm5me7g] C:\Documents and Settings\All Users\79bjm5me7g.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\WINDOWS\TEMP\E_SA69.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [u21703v62h] C:\Documents and Settings\admin\u21703v62h.exe
O4 - HKCU\..\Run: [{9E1A7D3B-5927-AD7F-C3AD-25A2D95706B0}] "C:\Documents and Settings\admin\Data aplikací\Ugelz\udney.exe"
O4 - HKCU\..\Run: [lmsxqcbysw] C:\Documents and Settings\admin\lmsxqcbysw.exe
O4 - HKCU\..\Run: [{8D2A6406-3B6B-2847-1F22-BBBD3C615D4D}] "C:\Documents and Settings\admin\Data aplikací\Woiqa\huir.exe"
O4 - HKCU\..\Run: [ylxkrwhfv3] C:\Documents and Settings\admin\ylxkrwhfv3.exe
O4 - HKCU\..\Run: [79bjm5me7g] C:\Documents and Settings\admin\79bjm5me7g.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: egwun.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: lehau.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: egwun.exe (User 'Default user')
O4 - .DEFAULT Startup: lehau.exe (User 'Default user')
O4 - .DEFAULT User Startup: egwun.exe (User 'Default user')
O4 - .DEFAULT User Startup: lehau.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: memegon - C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\memegon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AMService - Unknown owner - C:\WINDOWS\TEMP\dwce\setup.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: Vodafone Mobile Connect Service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
--
End of file - 10164 bytes
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Verze databáze: v2012.02.15.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
admin :: POKOJ [administrátor]
15.2.2012 20:18:25
mbam-log-2012-02-15 (20-24-45).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 182902
Uplynulý čas: 5 minut, 30 sekund
Nalezené procesy v paměti: 4
C:\Documents and Settings\All Users\u21703v62h.exe (Spyware.Agent) -> 668 -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\ylxkrwhfv3.exe (Malware.Packer) -> 676 -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\79bjm5me7g.exe (Trojan.VUPX.Gen) -> 692 -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\admin\lmsxqcbysw.exe (Backdoor.Bot) -> 900 -> Žádná instrukce nebyla provedena.
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|u21703v62h (Spyware.Agent) -> Data: C:\Documents and Settings\All Users\u21703v62h.exe -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ylxkrwhfv3 (Malware.Packer) -> Data: C:\Documents and Settings\All Users\ylxkrwhfv3.exe -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|79bjm5me7g (Trojan.VUPX.Gen) -> Data: C:\Documents and Settings\All Users\79bjm5me7g.exe -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|lmsxqcbysw (Backdoor.Bot) -> Data: C:\Documents and Settings\admin\lmsxqcbysw.exe -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|u21703v62h (Spyware.Agent) -> Data: C:\Documents and Settings\admin\u21703v62h.exe -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{9E1A7D3B-5927-AD7F-C3AD-25A2D95706B0} (Trojan.PWS) -> Data: "C:\Documents and Settings\admin\Data aplikací\Ugelz\udney.exe" -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{8D2A6406-3B6B-2847-1F22-BBBD3C615D4D} (Trojan.Agent.BGen2) -> Data: "C:\Documents and Settings\admin\Data aplikací\Woiqa\huir.exe" -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ylxkrwhfv3 (Malware.Packer) -> Data: C:\Documents and Settings\admin\ylxkrwhfv3.exe -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|79bjm5me7g (Trojan.VUPX.Gen) -> Data: C:\Documents and Settings\admin\79bjm5me7g.exe -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Data: C:\WINDOWS\system32\regedit.exe -> Žádná instrukce nebyla provedena.
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 11
C:\Documents and Settings\All Users\u21703v62h.exe (Spyware.Agent) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\ylxkrwhfv3.exe (Malware.Packer) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\79bjm5me7g.exe (Trojan.VUPX.Gen) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\admin\lmsxqcbysw.exe (Backdoor.Bot) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\admin\u21703v62h.exe (Spyware.Agent) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\admin\Data aplikací\Ugelz\udney.exe (Trojan.PWS) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\admin\Data aplikací\Woiqa\huir.exe (Trojan.Agent.BGen2) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\admin\ylxkrwhfv3.exe (Malware.Packer) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\admin\79bjm5me7g.exe (Trojan.VUPX.Gen) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Default User\Nabídka Start\Programy\Po spuštění\egwun.exe (Trojan.Agent.BGen2) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\Default User\Nabídka Start\Programy\Po spuštění\lehau.exe (Rootkit.0Access) -> Žádná instrukce nebyla provedena.
(konec)
díky za pomoc