prosím kontrola logu + Vyřešeno

[petrjur]

prosím o kontrolu logu.
při zapnutí počítače se zobrazuje zpráva o nekompatibilním programu s vistabusiness. při kliknutí na online informace se zobrazí stánka na google
Error ID: 1000 at offset 00006eef
This error occurs most often when malware called UACd.sys on the computer causes an application to shut down unexpectedly. You'll need to remove this malware from your computer before using the application again.

Posílám log z Hijack, log je ze spuštěného počítače v nouzovém stavu, neb jinak spustit nejde. Nebo alepspoň nevím jak. Při přihlašovací obrazovce a zadání hesla se pochvíli zobrazi výše zmíněná zpráva o nekompatibilitě a počítač se znovu vrátí na úvodní obrazovku - přihlášení uživatele.
Tady je ten log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:00, on 16.5.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Users\Freedom\AppData\Roaming\Maxthon2\Maxthon.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
E:\Install\System stuff\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Ahsan_Manan_Khan_Bhutta * Internet Explorer *
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0 PRO\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKCU\..\Run: [NOD32 Control Center GUI] C:\Program Files\ESET\nod32kui.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Net Snippets - C:\PROGRA~1\NETSNI~1\Res\Clipper.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ikona RoboForm na liště úloh - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RF Nástrojová lišta - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Uložit formuláře - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Vyplnit formulář - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Uložit - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Uložit formuláře - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Lišta úloh - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra 'Tools' menuitem: Ikona RoboForm na liště úloh - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Nástrojová lišta - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home (file missing)
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\outpos~1\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\OUTPOS~1\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\Windows\system32\TAMSvr.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Update Service (gupdate1c99699749e600) (gupdate1c99699749e600) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Ochrana HDD TOSHIBA (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8106 bytes



děkuju

[Reklama]

[Damned]

Vistu moc neznám, tak pro začátek:

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pak uvidíme.

[petrjur]

program nejde spustit. Nevím proč. je možné, že je to tím nouzovým režimem?

[petrjur]

mám třeba zkusit vrátit stav počítače pomocí bodů obnovy zpět a zkusit spustit v normálním režimu? Myslím, že něco takového se mi včera podařilo. Po cca 3 spuštěních se ale problémy vrátily.

[Damned]

Zkus to, abysme se mohli nějak pohnout dál.

[petrjur]

tak obnova sice (dle hlášeníú neproběhla OK, ale počítač spuštěn v norm režimu. Nicméně program pořád nejde spustit (i jsem ho znovu stáhnul). Je nějaká alternativa? Třeba mwav

[Damned]

mwav můžeš skusit, pokud se ti povede ho spustit, dej sem z něho log, pokud v něm budou nějaký chyby.

[petrjur]

log je strašně dlouhý, zkopíroval jsem jen řádky s infekcí - pokud by to nestačilo, dám ho sem celý
(mimochidem nechal jsem pro začátek scanovat jen folder Windows)

16 V 2009 22:25:46 - ***** Scanning Registry and File system for Adware/Spyware *****
16 V 2009 22:25:47 - Loading Spyware Signatures from new External Database [Name: C:\Users\Freedom\AppData\Local\Temp\spydb.avs, Size: 898852]...
16 V 2009 22:25:47 - Indexed Spyware Databases Successfully Created...

16 V 2009 22:25:57 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{9BD3A001-42A2-491E-AACA-9512F6CF4CDB})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{D2129738-6A78-4BCB-915A-412982CAA23D})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{0A95BE2D-1543-46BE-AD6D-18653034BF87})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{0B8EDB8D-4575-4942-9C34-55591E415909})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{278EAD7A-2A45-4D4E-ACB4-A1A4AD9BB54B})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{2B539D9C-127A-4F10-855F-EF31C83D2007})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{2D91877A-468C-4802-8CD7-21F6BF776790})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{3120A5E4-552D-4EDF-8C48-70C5D5FF22D2})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{31CE2164-4D5C-4508-BCA7-B10E11D08E6B})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{359A062F-CDA8-4A9C-9B28-588446D35098})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{35EFAD55-134A-47BF-912A-44A9D9FD556F})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{38F95B22-32BF-4378-B3EC-47B2C09DE1F5})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{3D177BA8-BF8C-45E2-8CA2-20ACA6269A68})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{3E1392BB-3B66-4A39-BBD0-259FC2BDC979})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{45128C11-A7E5-46D2-A164-3D1273E92C44})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{459A91BC-193F-4A70-959C-BFF69D781142})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{464D3E06-7D5B-416F-A6EE-0FFB1A5E931B})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{47146231-B550-4B13-B9E7-4257F740F39D})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{497B84D4-FB2F-4AB0-A280-8AACFB4B355F})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{5C61669E-F0CE-4126-B365-316588E6228F})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{60E5F55E-236F-422D-A5F9-560F1778CCD4})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{62B6A513-3764-42CD-8410-9B81E8DFF135})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{66718B8E-A382-4FE2-AA7A-926F9D8C4621})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{6A5D680A-8F9F-4752-A056-2C0273F60B4E})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{6CCD925E-E833-4BE3-A62E-D3C8838C5D6D})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{6CDD1F89-FC3B-401C-B1F1-932C48F45EB5})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{78412EB9-E06B-4484-BC85-0B1594F6E23A})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{7EE495F3-345B-4CC1-AAB7-A255ED85EED2})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{82B58FCB-73F3-46DC-A52D-74D3FE359702})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{86797248-1A4E-41D0-A0C3-2175A36B3D0E})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{919DF860-D321-4D02-AC3D-1C25EFAE551A})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{AA6CCB5D-0F97-4A37-A077-8B49FB5BC60D})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{BC39A57D-DF2C-45B4-BFFD-7D55E911C1B2})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{C18D120C-B7AB-4499-8BDC-0CD2BD0861FD})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{C1DFD382-E253-434D-B22D-2E47233B6147})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{C52D8C84-C5DD-457B-993B-04E997B330E5})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{CACB61E0-AEEA-404D-88E1-7F3BCA8B8726})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{CCA2E620-B807-451F-BAFD-2057AF9025FE})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{CD5B9523-6EAF-4D63-8FE8-C081C51D1673})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{D45B0772-5801-4E61-9CBA-84120557A4D7})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{D7E6FB7C-A22F-4A9D-A89D-653D1AA37324})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{D80AC53D-E102-4A55-A265-529A626515E5})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{DBCAD616-BFD4-4C72-8D87-C5926921D378})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{E16F1874-C5B1-4400-A9F0-08E7FD4D3F8C})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{E3EC74BB-5522-462D-A00F-2728C53FCA04})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{EBB4EBA9-D546-4C85-A05A-167BF875FB83})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{F71D2854-2609-4A63-B4BF-BF2BA61A61CF})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{F7919641-3978-4668-8388-7310329C800E})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{F961CE9D-AE2B-4CFB-887C-3A055FF685C9})! Action taken: No Action Taken.
16 V 2009 22:25:57 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\interface\{FFBBDECE-4363-4B4D-B35E-39EFF228C723})! Action taken: No Action Taken.
16 V 2009 22:25:59 - Offending file found: C:\Users\Freedom\AppData\Local\Temp\d.exe
16 V 2009 22:25:59 - System found infected with MidAddle Spyware/Adware (d.exe)! Action taken: No Action Taken.

16 V 2009 22:26:04 - Offending file found: C:\Users\Freedom\AppData\Local\Temp\d.exe
16 V 2009 22:26:04 - System found infected with MidAddle Spyware/Adware (d.exe)! Action taken: No Action Taken.

16 V 2009 22:26:28 - Offending file found: C:\Users\Freedom\Favorites\Amazon.url
16 V 2009 22:26:28 - System found infected with ezula Spyware/Adware (Amazon.url)! Action taken: No Action Taken.

16 V 2009 22:26:38 - Offending Registry Entry found: HKCU\Software\MimarSinan
16 V 2009 22:26:38 - System found infected with CyberSitter Spyware/Adware (HKCU\Software\MimarSinan)! Action taken: No Action Taken.

16 V 2009 22:26:38 - Offending Registry Entry found: HKLM\SOFTWARE\MimarSinan
16 V 2009 22:26:38 - System found infected with CyberSitter Spyware/Adware (HKLM\SOFTWARE\MimarSinan)! Action taken: No Action Taken.


16 V 2009 22:26:42 - Scanning MountPoints2 RegKey...
16 V 2009 22:26:42 - Invalid Command Found in {bb757226-279a-11de-808c-0090f52c3c5b}\shell\Autoplay\DropTarget\AutoRun\command: D:\DRIVE\file.exe
16 V 2009 22:26:42 - Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb757226-279a-11de-808c-0090f52c3c5b} !!!
16 V 2009 22:26:42 - Invalid Command Found in {bf1188f7-d8ee-11dd-a2cd-0090f52c3c5b}\shell\Autoplay\DropTarget\AutoRun\command: D:\StartPortableApps.exe
16 V 2009 22:26:42 - Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf1188f7-d8ee-11dd-a2cd-0090f52c3c5b} !!!
16 V 2009 22:26:42 - Scanning ModuleUsage RegKey...
16 V 2009 22:26:42 - Scanning ExternalApp RegKey...
16 V 2009 22:26:42 - Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "". Action Taken: No Action Taken.

[Damned]

Budeš si muset počkat na memphista nebo jaro3, visty až tak dobře neznám, abych bezchybně poradil. Zkus ještě ten mbam-setup.exe přejmenovat třeba na sport.exe a zkus ho nainstalovat.

[petrjur]

tak po prejmenovani se instalace povedla, nicméně spustit nejde. Neočekávaná chyba. Mimochodem jak mam na sebe memphista nebo jaro3 upozornit? nebo si toho všimnou?

děkuju

[petrjur]

dalši zkušenost. přejmenoval jsem i nainstalovaný exe soubor a jde spustit.
Tady je log.

Malwarebytes' Anti-Malware 1.36
Verze databáze: 1945
Windows 6.0.6001 Service Pack 1

16.5.2009 23:08:46
mbam-log-2009-05-16 (23-08-15).txt

Typ skenu: Rychlý sken
Objektu skenováno: 70028
Uplynulý cas: 2 minute(s), 39 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\Windows\system32\uacinit.dll (Trojan.Agent) -> No action taken.

[Damned]

Spusť znova přejmenovaný soubor:

Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Až sem dáš znovu log, tak jaro3 nebo memphistovi pošli SZ (Soukromou zprávu z uživatelského panelu) se žádostí o pomoc.