Prosim o kontrolu logu Vyřešeno

[Lukassek]

Tak stahuju ten program,zatim mám log z mbam


Malwarebytes' Anti-Malware 1.31
Verze databáze: 1464
Windows 5.1.2600 Service Pack 3

7.12.2008 20:20:17
mbam-log-2008-12-07 (20-20-14).txt

Typ skenu: Rychlý sken
Objektu skenováno: 57591
Uplynulý cas: 2 minute(s), 20 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 11
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ddc0b29-b126-4349-88a7-a078a7b81fac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5169d9ae-8c97-40b7-8166-433158bc6a55}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5169d9ae-8c97-40b7-8166-433158bc6a55}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ddc0b29-b126-4349-88a7-a078a7b81fac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5169d9ae-8c97-40b7-8166-433158bc6a55}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5169d9ae-8c97-40b7-8166-433158bc6a55}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2ddc0b29-b126-4349-88a7-a078a7b81fac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5169d9ae-8c97-40b7-8166-433158bc6a55}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5169d9ae-8c97-40b7-8166-433158bc6a55}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[Reklama]

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

a pak ještě ten DR.Web CureIt, zítra....

[Lukassek]

Dr.web mi našel asi 6 virů,včetně combofixu.Bohužel sem neuložil výsledky.
MbaM mi pokaždé najde 12 infikovaných objektů a k ukončení si žádá restart ale po restartu najde znovu ty samá viz log.


Malwarebytes' Anti-Malware 1.31
Verze databáze: 1464
Windows 5.1.2600 Service Pack 3

8.12.2008 14:38:15
mbam-log-2008-12-08 (14-38-09).txt

Typ skenu: Úplný sken (C:\|D:\|)
Objektu skenováno: 194653
Uplynulý cas: 41 minute(s), 23 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 12
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ddc0b29-b126-4349-88a7-a078a7b81fac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5169d9ae-8c97-40b7-8166-433158bc6a55}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5169d9ae-8c97-40b7-8166-433158bc6a55}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ddc0b29-b126-4349-88a7-a078a7b81fac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5169d9ae-8c97-40b7-8166-433158bc6a55}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5169d9ae-8c97-40b7-8166-433158bc6a55}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2ddc0b29-b126-4349-88a7-a078a7b81fac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5169d9ae-8c97-40b7-8166-433158bc6a55}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5169d9ae-8c97-40b7-8166-433158bc6a55}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[jaro3]

Zkus použít toto: Kaspersky on line scaner:
http://www.kaspersky.com/kos/eng/partne ... 2442062687
ken trvá dlouho, na závěr máš log , který sem můžeš zkopírovat a nákazy se dají manuálně smazat.

EDIT:
Stahni si Avanger
do něj podle navodu:
zadej prikaz z kodu:

Kód: Vybrat vše

Registry keys to delete:
HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys

po restartu novy log z avengeru, zopakuj si MbAM. Kdyby se to po vymazání znovu objevilo ,tak použij Kaspersky on line scener.

[Lukassek]

You need to install Java version 1.5 or later to run Kaspersky Online Scanner 7.0.

[jaro3]

Aktualizuj javu:
Java SE Runtime Environment 6u11
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u11-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.

[Lukassek]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "msqpdxserv.sys" found!
ImagePath: \systemroot\system32\drivers\msqpdxmqxtofxh.sys
Start Type: 1 (System)

Rootkit scan completed.

Registry key "HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.






Malwarebytes' Anti-Malware 1.31
Verze databáze: 1464
Windows 5.1.2600 Service Pack 3

8.12.2008 15:42:01
mbam-log-2008-12-08 (15-41-58).txt

Typ skenu: Rychlý sken
Objektu skenováno: 57876
Uplynulý cas: 3 minute(s), 49 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 9
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ddc0b29-b126-4349-88a7-a078a7b81fac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5169d9ae-8c97-40b7-8166-433158bc6a55}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ddc0b29-b126-4349-88a7-a078a7b81fac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5169d9ae-8c97-40b7-8166-433158bc6a55}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2ddc0b29-b126-4349-88a7-a078a7b81fac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5169d9ae-8c97-40b7-8166-433158bc6a55}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log + nový log z HJT.
Jinak ten Kaspersky..

[Lukassek]

Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program.

You must be online to update the Kaspersky Online Scanner 7 database.With the latest database update, you can find new viruses and others threats.Please go online to use Kaspersky Online Scanner 7.[ERROR: Failed to resolve source DNS name]

[Lukassek]

Tak po restartu už de změnit DNS a zůstává stejné


Malwarebytes' Anti-Malware 1.31
Verze databáze: 1464
Windows 5.1.2600 Service Pack 3

8.12.2008 16:16:38
mbam-log-2008-12-08 (16-16-38).txt

Typ skenu: Rychlý sken
Objektu skenováno: 58347
Uplynulý cas: 3 minute(s), 50 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 9
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2ddc0b29-b126-4349-88a7-a078a7b81fac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5169d9ae-8c97-40b7-8166-433158bc6a55}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2ddc0b29-b126-4349-88a7-a078a7b81fac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5169d9ae-8c97-40b7-8166-433158bc6a55}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2ddc0b29-b126-4349-88a7-a078a7b81fac}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5169d9ae-8c97-40b7-8166-433158bc6a55}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.123;85.255.112.89 -> Quarantined and deleted successfully.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:03, on 8.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09540AE3-9E0C-492D-89F3-9DF2CD4354B9}: NameServer = 81.19.33.2,81.19.34.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{5169D9AE-8C97-40B7-8166-433158BC6A55}: NameServer = 81.19.33.2,81.19.34.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{09540AE3-9E0C-492D-89F3-9DF2CD4354B9}: NameServer = 81.19.33.2,81.19.34.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{09540AE3-9E0C-492D-89F3-9DF2CD4354B9}: NameServer = 81.19.33.2,81.19.34.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{09540AE3-9E0C-492D-89F3-9DF2CD4354B9}: NameServer = 81.19.33.2,81.19.34.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8331 bytes

[jaro3]

No , toto už se mi líbí...
Ještě script v Avengeru:

Kód: Vybrat vše

Drivers to delete:
msqpdxmqxtofxh

Vlož sem jen script z Avengeru, připíšu fix v HJT.


Edit: fix netřeba..
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Aktualizuj javu:
Java SE Runtime Environment 6u11
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u11-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.

[Lukassek]

Tuesday, December 9, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 08, 2008 10:35:01
Records in database: 1443726


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics
Files scanned 144764
Threat name 2
Infected objects 2
Suspicious objects 0
Duration of the scan 02:28:52

File name Threat name Threats count
D:\Documents and Settings\Lukáš\Lukáš - dokumenty\Lukášek\Softy\Internet\archpr.zip Infected: not-a-virus:PSWTool.Win32.AdvancedPR.c 1

D:\Program Files\MW\MalwareWiped 5.6\MalwareWiped 5.6.exe Infected: not-a-virus:FraudTool.Win32.MalwareWipe.s 1

The selected area was scanned.





Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\msqpdxmqxtofxh" not found!
Deletion of driver "msqpdxmqxtofxh" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.