Falešný antivirus Windows Protection Suit, jak se ho zbavím? Vyřešeno

[jaro3]

Odinstaluj:
BearShare
ToggleEN


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\bthservsdp.dat
c:\users\djamil\AppData\Local\d3d9caps.dat
c:\program files\ToggleEN\tbTogg.dll

Folder::
c:\program files\ToggleEN

DirLook::
c:\programdata\c2e0354

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"=- 
[-HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2009-07-02 08:18 2215960 ----a-w- c:\program files\ToggleEN\tbTogg.dll
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w- c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"=- 
[-HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"=- 
[-HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000

Firefox::
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll

RegLockDel::
[HKEY_USERS\S-1-5-21-564174030-1608012731-526579667-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7819AE20-286C-E6D1-E71F-EADDDA1AC6D4}*]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Odjíždím , bude pokračovat Damned.

[Reklama]

[djamil22]

vše mi je jasné, jen problém s tím poznám. blokem , (Start -> Spustit... a napiš do okna Notepad a dej Ok. ????

[Damned]

Nefunguje nebo nejde spustit?

ntp.jpg (12.82 KiB) Zobrazeno 234 x

[djamil22]

nejde spustit .

[Damned]

Napíše alespoň nějaké chybové hlášení? Přiložil jsem ten skript v archívu. Extrahuj ho na Ploše.

Pak uchop myší extrahovaný skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[djamil22]

ComboFix 09-09-08.05 - djamil 09.09.2009 12:50.4.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3000.1870 [GMT 2:00]
Spuštěný z: c:\users\djamil\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\djamil\Desktop\CFScript.txt.txt
AV: Ashampoo AntiVirus *On-access scanning enabled* (Updated) {87430BA8-187A-42D6-A8FE-8E00DF291089}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\program files\ToggleEN\tbTogg.dll"
"c:\users\djamil\AppData\Local\d3d9caps.dat"
"c:\windows\bthservsdp.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
c:\users\djamil\AppData\Local\d3d9caps.dat
c:\windows\bthservsdp.dat
c:\windows\system32\Drivers\atotd.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ljhrw


((((((((((((((((((((((((( Soubory vytvořené od 2009-08-09 do 2009-09-09 )))))))))))))))))))))))))))))))
.

2009-09-09 10:54 . 2009-09-09 10:56 -------- d-----w- c:\users\djamil\AppData\Local\temp
2009-09-09 10:54 . 2009-09-09 10:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-09 10:54 . 2009-09-09 10:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-09 05:42 . 2009-09-09 05:42 -------- d-----w- c:\users\djamil\AppData\Roaming\Malwarebytes
2009-09-09 05:42 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-09 05:42 . 2009-09-09 05:42 -------- d-----w- c:\programdata\Malwarebytes
2009-09-09 05:42 . 2009-09-09 05:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-09 05:42 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 16:43 . 2009-09-08 16:43 -------- d-----w- c:\program files\Trend Micro
2009-09-08 13:16 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-08 13:16 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-08 13:16 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-08 13:16 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-08 13:16 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-08 13:16 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-08 13:16 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-09-08 12:40 . 2009-09-08 17:19 -------- d-sh--w- c:\programdata\c2e0354
2009-09-02 20:01 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 20:01 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 08:15 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-13 02:57 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-13 02:57 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-13 02:57 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-13 02:57 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-13 02:57 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-13 02:57 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-13 02:57 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-13 02:57 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-11 23:29 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 23:29 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 23:29 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 23:29 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 23:29 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 23:29 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 23:29 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 23:29 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 10:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-09 09:30 . 2008-10-26 12:26 -------- d-----w- c:\program files\BearShare Applications
2009-09-08 15:31 . 2009-01-17 21:00 -------- d-----w- c:\program files\Nokia
2009-09-07 17:16 . 2008-10-31 12:55 -------- d-----w- c:\users\djamil\AppData\Roaming\gtk-2.0
2009-09-06 01:10 . 2008-11-01 13:28 -------- d-----w- c:\users\djamil\AppData\Roaming\dvdcss
2009-08-29 06:23 . 2009-07-29 08:09 -------- d-----w- c:\program files\Java
2009-08-14 17:07 . 2009-09-09 05:38 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 05:38 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 05:38 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-09 05:38 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 05:38 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 05:38 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 05:38 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 05:38 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 05:38 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 05:38 10240 ----a-w- c:\windows\system32\finger.exe
2009-07-30 17:15 . 2009-02-12 15:48 -------- d-----w- c:\program files\Common Files\Real
2009-07-30 17:14 . 2009-07-30 17:14 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-30 17:13 . 2008-12-09 17:38 -------- d-----w- c:\program files\Google
2009-07-29 08:10 . 2009-04-29 06:49 -------- d-----w- c:\program files\Winamp
2009-07-29 08:02 . 2008-05-08 22:38 -------- d-----w- c:\program files\Acer GameZone
2009-07-26 22:27 . 2008-10-25 16:24 -------- d-----w- c:\users\djamil\AppData\Roaming\Skype
2009-07-26 22:26 . 2008-10-25 16:28 -------- d-----w- c:\users\djamil\AppData\Roaming\skypePM
2009-07-25 03:23 . 2008-10-26 20:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 06:54 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 06:54 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 06:54 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 06:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-11 19:32 . 2009-09-09 05:38 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:32 . 2009-09-09 05:38 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:32 . 2009-09-09 05:38 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:29 . 2009-09-09 05:38 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-06-15 15:24 . 2009-07-15 19:46 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:24 . 2009-08-13 02:57 270848 ----a-w- c:\windows\system32\schannel.dll
2009-06-15 15:20 . 2009-07-15 19:46 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 19:46 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 19:46 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-10-19 00:56 . 2008-10-19 00:55 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\c2e0354 ----

2009-09-08 17:19 . 2009-09-08 17:19 4286 ----a-w- c:\programdata\c2e0354\WINPS.ico
2009-09-08 17:19 . 2008-10-18 09:28 743 ----a-w- c:\programdata\c2e0354\BackUp\Bluetooth.lnk
2009-09-08 17:19 . 2009-09-08 17:19 11374 ----a-w- c:\programdata\c2e0354\WINSPSys\vd952342.bd
2009-09-08 12:40 . 2009-08-16 08:17 710136 ----a-w- c:\programdata\c2e0354\mozcrt19.dll
2009-09-08 12:40 . 2009-08-16 08:17 443384 ----a-w- c:\programdata\c2e0354\sqlite3.dll
2009-09-08 12:40 . 2009-09-08 12:40 2113024 ----a-w- c:\programdata\c2e0354\WIc2e0.exe


((((((((((((((((((((((((((((( SnapShot_2009-09-09_10.24.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-09-09 10:35 62840 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-09 10:35 88228 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-09-09 10:15 88228 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-18 09:20 . 2009-09-09 10:35 14440 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-564174030-1608012731-526579667-1000_UserData.bin
- 2008-10-18 09:20 . 2009-09-09 10:15 14440 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-564174030-1608012731-526579667-1000_UserData.bin
- 2008-10-18 15:12 . 2009-09-09 10:17 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-18 15:12 . 2009-09-09 10:56 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-18 15:12 . 2009-09-09 10:17 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-18 15:12 . 2009-09-09 10:56 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-18 15:12 . 2009-09-09 10:17 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-18 15:12 . 2009-09-09 10:56 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:22 . 2009-09-09 10:32 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-09-09 10:19 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\djamil\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-23 133104]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-30 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-06-13 6183456]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-21 1826816]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E13D4941-1EE3-4B0A-80B7-AE952A3039C4}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{F6B2BA44-EA95-4103-9CEC-8C037D332D77}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{8789DDB0-F16C-4C17-805D-EB98D48E44FD}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{7B461A37-7E83-437D-A99A-B898F4242E4E}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{DE5BD141-5792-4ED1-89CE-9BAE9C011FF4}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{B53B0084-251A-4C2D-9549-DBA71B25AA98}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{723FC29F-7D2E-422F-8CFE-704096C7A15D}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{12E6C1D3-BC64-48A8-88E6-A7046A3AA93E}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{C415F27B-FAC7-4662-95C8-CC316CF02F2A}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{498E671D-EC86-4D78-B8A0-1B2A525157C5}"= c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{93EE289D-7885-4217-A766-912CAF79200F}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{E6B8A750-66F9-4AE1-AB66-486AC28CCAE4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{521619A5-9677-4903-A0B9-AE8795473553}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{AE13E249-6286-4F24-B072-024A750EBE2E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{EEDE6222-DF2B-400F-A274-039650BE6AAB}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{738FE575-B226-45F0-93CF-52310982DEEA}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{FB65822D-A2A4-47DD-9FD8-E00888122751}"= UDP:c:\program files\KCeasy\KCeasy.exe:KCeasy
"{440C3E65-DC8A-4D39-9675-2318EF3F6B87}"= TCP:c:\program files\KCeasy\KCeasy.exe:KCeasy
"TCP Query User{C915198E-25D7-4BD5-8A33-F45030194EFD}c:\\users\\djamil\\documents\\god\\god.exe"= Disabled:UDP:c:\users\djamil\documents\god\god.exe:god.exe
"UDP Query User{4238BA1E-3AD2-4593-9BCA-D51DDCC56D8A}c:\\users\\djamil\\documents\\god\\god.exe"= Disabled:TCP:c:\users\djamil\documents\god\god.exe:god.exe
"TCP Query User{82037487-90EE-4105-A0A3-8A0862098D06}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{4A804A86-7649-435C-A8C6-C59D41A0CE27}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{ACF8A118-3E48-4966-96ED-020EE2ACBBF9}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{BF6F33BA-AA69-4B7A-9D06-0D5AF6479032}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{DBB8A0FC-8FC4-4233-8BD3-F2F70D346083}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{F1CC8A17-2C12-425A-8045-1BF26D55FC78}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{B4BFA88C-8A4D-4B15-B7FB-1111CCFE58FF}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{37FC65B0-0914-466D-AA38-CE597B86BDF7}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{3C28D5EF-3A61-4661-B92C-1F69C34CA67B}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{7DDF7F5B-2115-42B3-A24A-DA30D929F4F2}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{1AA3AC0B-67EC-42BB-A045-165F0E4950F0}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{F9467C03-B44F-4512-8B92-1CB0F3D05BF4}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [8.9.2009 15:16 114768]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [9.5.2008 0:56 61424]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [8.9.2009 15:16 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [8.9.2009 15:16 53328]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3.3.2008 13:11 16384]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [9.5.2008 0:57 81504]
R2 dvdmmg;dvdmmg;c:\windows\System32\drivers\dvdmmg.sys [6.9.2007 12:15 5504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [9.5.2008 0:54 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [6.4.2008 22:42 50424]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [9.5.2008 0:57 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4.4.2008 3:03 131072]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\ASPI32.SYS [4.2.2009 16:27 84832]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21.1.2008 4:23 179712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-564174030-1608012731-526579667-1000Core.job
- c:\users\djamil\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-23 08:26]

2009-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-564174030-1608012731-526579667-1000UA.job
- c:\users\djamil\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-23 08:26]

2009-09-09 c:\windows\Tasks\User_Feed_Synchronization-{E607F023-7219-4C06-9241-BB88907A6444}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://en.us.acer.yahoo.com
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\djamil\AppData\Roaming\Mozilla\Firefox\Profiles\b5d5rms5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =777240&p=
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\users\djamil\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 12:56
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-564174030-1608012731-526579667-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7819AE20-286C-E6D1-E71F-EADDDA1AC6D4}*]
"haacebckgengecfo"=hex:6a,61,66,6f,6c,69,64,61,69,61,6c,6a,62,64,70,6b,6c,6f,
70,63,00,00
"iakcgiemcnmjebncfb"=hex:69,61,6c,6a,69,6d,6c,6a,64,68,6f,70,63,6b,6e,6d,6a,6b,
00,75
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2060)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\program files\Cyberlink\PowerDirector\PDM1Splter.ax
c:\program files\Cyberlink\PowerDirector\PDM2Splter.ax
c:\program files\NewTech Infosystems\NTI Media Maker 8\Media Maker\mcspmpeg.ax
c:\program files\NewTech Infosystems\NTI Media Maker 8\Media Maker\mcmpegin.dll
c:\program files\Cucusoft\avi-vcd-dvd\Filter\RealMedia.dll
c:\program files\VistaCodecPack\filters\mmamrdmx.ax
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLWMFDemux.ax
c:\program files\Common Files\Ulead Systems\MPEG\uldsmpeg.ax
c:\program files\Common Files\Ulead Systems\MPEG\mcmpgdec.dll
c:\program files\AV Video Morpher\AVMpegParser.dll
c:\program files\Common Files\Ulead Systems\MPEG\ulspmpeg.ax
c:\program files\Common Files\Ulead Systems\MPEG\mpegin.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Internet Explorer\ielowutil.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2009-09-09 13:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-09-09 11:02
ComboFix2.txt 2009-09-09 10:27
ComboFix3.txt 2009-09-09 09:25
ComboFix4.txt 2009-09-09 07:13





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43:14, on 8.9.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Users\djamil\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\ProgramData\c2e0354\WIc2e0.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2077543
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\djamil\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Windows Protection Suite] "C:\ProgramData\c2e0354\WIc2e0.exe" /s /d
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11378 bytes


netuším co ti mám popsat ..ale tak po tom co jsem přetáhl script do combofix.exe tak se začlo zpracovávat , combofix mi automaticky restartoval počítač.. a tak tedy nezaregistroval jsem žádný rozdíl v pc mezí tím co jsem dělal předtím dle předchozích pokynů.

[Damned]

Vždy ten dotaz směřuje k problému, s jakým si sem přišel.

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

c:\programdata\c2e0354\WIc2e0.exe
c:\programdata\c2e0354\mozcrt19.dll
c:\programdata\c2e0354\WINSPSys\vd952342.bd
c:\windows\PLFSetI.exe
*****************************************************************************************************************************************
V hlavičce logu je:

Použité ovládací přepínače :: c:\users\djamil\Desktop\CFScript.txt.txt

Soubor, který ukládáš musí být CFScript.txt , tedy jen jedno "txt".
*****************************************************************************************************************************************
Máš tam zbylé ovladače po avastu. Pokud ho máš nainstalovaný, odinstaluj ho - podle ComboFixu používáš Ashampoo Antivir. Pokud si ho odinstalovával, použij ještě utilitu: http://www.avast.com/cze/avast-uninstall-utility.html (včetně návodu).

[djamil22]

takže přechozí kroky mám provést znova bez dvojitého .txt???
avast jsem odinstaloval ,stáhl jsem awscleaner na ten antivir ashampoo ,ale nelze odinstalovat ..
jinak toho windows protection suite jsme se zbavili ale v malwarebytes antimalvare skenování mi stále nalézá 3infikované soubory .

[Damned]

Ten aws_cleaner je na úplné odinstalování avastu.

Teď proveď tu kontrolu těch souborů na tom Virustotalu a vlož mi sem odkazy, ať můžeme pokračovat.

[djamil22]

kam mám vložit ten červený WIc2e0.exe na virustotal???

[djamil22]

ten windows protection suite se mi objevil znova jen bez zvukových doprovodů a jen jako okno a mám ho na hlavním panelu jako žlutou ikonku

[djamil22]

ne,je opět zpátky :(((