Prosím o kontrolu logu (zřejmě napadený PC) Vyřešeno

[Ždib]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:02:38, on 7.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbu12\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZNxmk570YYCZ
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8696B00C-AEAF-49A2-8784-EE6F194B2F6C}: NameServer = 77.236.192.130
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7847 bytes

[Reklama]

[Damned]

Odinstaluj si ICQ Toolbar a ICQ6 Toolbar.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbu12\toolbaru.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZNxmk570YYCZ
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Ždib]

Prosím o strpení, ten PC (krumpl) je strašně pomalý. Teď to ještě ke všemu vypadá na reset. Přesejpačky u skenu Malwarebytes. Má procesor 1Ghz a 512 RAM. Není to moje, jinak bych to už vyhodil z okna. Se s tím peru druhej den

[Damned]

Času dost,

[Ždib]

Tak už se to konečně dotáhlo do konce

Malwarebytes' Anti-Malware 1.42
Verze databáze: 3310
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

7.12.2009 19:04:37
mbam-log-2009-12-07 (19-04-22).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 196031
Uplynulý čas: 15 minute(s), 20 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 12
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 8

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Program Files\page.html (Malware.Trace) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Security Troubleshooting.url (Rogue.Link) -> No action taken.
C:\WINDOWS\system32:svchost.exe (Rootkit.ADS) -> No action taken.
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temp\3.dllb (Trojan.Agent) -> No action taken.
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temp\4.dllb (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Temp\3.dllb (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Temp\4.dllb (Trojan.Agent) -> No action taken.
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Temp\6.dllb (Trojan.Agent) -> No action taken.

[Damned]

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Ždib]

Malwarebytes' Anti-Malware 1.42
Verze databáze: 3311
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

7.12.2009 20:16:14
mbam-log-2009-12-07 (20-16-14).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 196445
Uplynulý čas: 20 minute(s), 55 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 12
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 8

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Program Files\page.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32:svchost.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temp\3.dllb (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temp\4.dllb (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Temp\3.dllb (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Temp\4.dllb (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Temp\6.dllb (Trojan.Agent) -> Quarantined and deleted successfully.


-------------------------------------------------------

ComboFix 09-12-06.A3 - Honza 07.12.2009 20:43.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.512.187 [GMT 1:00]
Spuštěný z: c:\documents and settings\Honza\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ATI Technologies\ATI.ACE\atIAcmxx.dll
c:\program files\folder.js
c:\recycler\S-1-5-21-221326095-336338275-1450935986-1005
c:\recycler\S-1-5-21-221326095-336338275-1450935986-1006
c:\recycler\S-1-5-21-3114446345-2797900723-3583212530-1003
c:\recycler\S-1-5-21-343818398-746137067-725345543-1004
c:\recycler\S-1-5-21-343818398-746137067-725345543-1005
c:\recycler\S-1-5-21-725345543-220523388-839522115-1004
c:\windows\0.exe
c:\windows\regedit.com
c:\windows\system32\0.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\SCLabel.ocx
c:\windows\system32\taskmgr.com

c:\windows\system32\drivers\asyncmac.sys chyběl.
Obnovena kopie z - c:\windows\system32\dllcache\asyncmac.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-07 do 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-07 19:58 . 2004-08-18 12:00 14336 -c--a-w- c:\windows\system32\dllcache\asyncmac.sys
2009-12-07 19:58 . 2004-08-18 12:00 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2009-12-07 17:24 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-07 17:24 . 2009-12-07 17:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 17:24 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-07 17:06 . 2009-12-07 17:06 -------- d---a-w- c:\windows\rundll16.exe
2009-12-07 17:06 . 2009-12-07 17:06 -------- d---a-w- c:\windows\logo1_.exe
2009-12-07 14:40 . 2009-12-07 14:40 -------- d-----w- c:\program files\Disk Cleaner
2009-12-07 08:41 . 2009-12-07 08:41 -------- d-----w- C:\14d5f156ccd5725f3cfca2765a
2009-12-06 21:47 . 2009-12-06 21:47 -------- d---a-w- c:\windows\VDLL.DLL
2009-12-06 21:47 . 2009-12-06 21:47 -------- d---a-w- c:\windows\system32\runouce.exe
2009-12-06 21:47 . 2009-12-06 21:47 -------- d---a-w- c:\windows\RUNDL132.EXE
2009-12-06 21:47 . 2009-12-06 21:47 -------- d---a-w- c:\windows\logo_1.exe
2009-12-06 21:38 . 2009-12-06 21:38 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-12-06 21:38 . 2009-12-06 21:38 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-12-06 21:38 . 2009-12-06 21:38 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-12-06 21:38 . 2004-08-18 12:00 137216 ----a-w- c:\windows\system32\T.COM
2009-12-06 21:37 . 2004-08-18 12:00 147968 ----a-w- c:\windows\R.COM
2009-12-06 21:37 . 2009-12-06 21:37 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-12-06 21:29 . 2009-12-06 21:29 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 17:12 . 2006-05-27 15:57 -------- d-----w- c:\program files\ICQPlus
2009-12-07 14:40 . 2005-10-16 15:25 -------- d-----w- c:\program files\Winamp
2009-12-07 08:57 . 2009-12-06 20:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-06 20:58 . 2008-04-24 18:55 -------- d-----w- c:\program files\BitComet
2009-10-25 10:24 . 2004-08-18 12:00 61958 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 10:24 . 2004-08-18 12:00 379294 ----a-w- c:\windows\system32\perfh005.dat
2009-10-19 18:33 . 2009-10-19 18:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-19 18:33 . 2009-10-19 18:33 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-19 18:33 . 2009-10-19 18:33 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-19 18:33 . 2009-10-19 18:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-19 18:31 . 2009-10-19 18:31 -------- d-----w- c:\program files\AVG
2009-10-18 13:36 . 2006-01-31 18:43 -------- d-----w- c:\program files\Call of Duty
2009-09-25 05:58 . 2004-08-18 12:00 663040 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:58 . 2004-08-18 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:35 . 2004-08-18 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2007-01-25 20:05 . 2007-01-25 20:05 36864 ----a-w- c:\program files\AutoTester.exe
2007-01-25 20:05 . 2007-01-25 20:05 204800 ----a-w- c:\program files\TesterControls.dll
2007-01-25 20:05 . 2007-01-25 20:05 28672 ----a-w- c:\program files\SupervisorApp.dll
2007-01-25 20:05 . 2007-01-25 20:05 36864 ----a-w- c:\program files\TestEngine.dll
2007-01-25 20:05 . 2007-01-25 20:05 16384 ----a-w- c:\program files\RemoteInterface.dll
2007-01-25 20:05 . 2007-01-25 20:05 24576 ----a-w- c:\program files\CodeIdentity.dll
2007-01-25 20:05 . 2007-01-25 20:05 24576 ----a-w- c:\program files\PyHtmlCtlLib.dll
2007-01-25 19:55 . 2007-01-25 19:55 463424 ----a-w- c:\program files\otazky_set.dat
2007-01-24 07:49 . 2007-01-24 07:49 8007680 ----a-w- c:\program files\Microsoft.mshtml.dll
2007-01-23 14:10 . 2007-01-23 14:10 40960 ----a-w- c:\program files\PthDataTools.dll
2006-11-07 20:03 . 2006-11-07 20:03 49152 ----a-w- c:\program files\AxInterop.SHDocVw.dll
2006-11-07 20:03 . 2006-11-07 20:03 122880 ----a-w- c:\program files\Interop.SHDocVw.dll
2006-08-02 22:26 . 2006-08-02 22:26 2192 ----a-w- c:\program files\AutoTester.exe.config
2005-03-31 21:17 . 2005-10-10 19:03 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2002-06-24 07:24 . 2002-06-24 07:24 766 ----a-w- c:\program files\App.ico
2002-05-07 15:12 . 2002-05-07 15:12 11264 ----a-w- c:\program files\PyCtlHelpers1.dll
2008-09-20 11:43 . 2007-10-07 10:11 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-10-21 17:25 . 2005-12-05 17:10 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-10-21 17:25 . 2005-12-05 17:10 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-10-21 17:25 . 2007-04-04 09:53 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-10-21 17:25 . 2007-04-04 09:53 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-10-21 17:25 . 2005-12-05 17:10 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-11-06 3096576]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-19 458752]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-06-10 1397760]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-07 2029336]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-19 18:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16642:TCP"= 16642:TCP:BitComet 16642 TCP
"16642:UDP"= 16642:UDP:BitComet 16642 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [19.10.2009 19:33 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [19.10.2009 19:33 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [19.10.2009 19:31 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [19.10.2009 19:31 297752]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7.10.2007 11:11 29744]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: {8696B00C-AEAF-49A2-8784-EE6F194B2F6C} = 77.236.192.130
FF - ProfilePath - c:\documents and settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\140vy586.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\documents and settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\140vy586.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUNINST.EXE -fc:\program files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu -cc:\program files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll
AddRemove-Easy-WebPrint - c:\windows\IsUn0405.exe -fc:\program files\Canon\Easy-WebPrint\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 21:04
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3448)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LVComsX.exe
.
**************************************************************************
.
Celkový čas: 2009-12-07 21:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-07 20:11

Před spuštěním: Volných bajtů: 33 007 652 864
Po spuštění: Volných bajtů: 35 072 344 064

- - End Of File - - 95769A31399224BA3FA9E937522BC3AC

[Ždib]

nevím čím to je, ale najedu explorer a chci něco napsat do vyhledávače, nebo do adresného řádku a nic. Nic nenapíšu a zasekne se myš, musím restartovat. Pořád dokola. Teplota je OK 40°C . Toto píšu z jiného compu

[Damned]

Asi je to tím AVG a tím jeho toolbarem. Já osobně bych si nedal AVG ani jako samolepku na záchod.

1) stáhni si FixIEDef

2) Ukonči všechny aplikace a spusť FixIEDef

3) potvrdit licenční ujednání tlačítkem [Accept]

4) zahájit scan tlačítkem [Scan] (během scanu budou ukončeny všechny instance Internet Eploreru a Windows Exploreru (zmizí ikony na ploše, taskbar, atd), takže doporučuju veškerou práci uložit a před spuštěním scanu aplikace ukončit)

5) po dokončení scanu ukončit FixIEDef tlačítkem [Exit]

6) pokud se po dokončení nespustí windows explorer, zmáčknout CTRL+SHIFT+ESC a spustit windows explorer (plochu) pomocí menu Soubor > nová úloha > explorer

7) zkopíruj sem FixIEDef log, kterej se uložil na plochu...

[Ždib]

Tak jsem AVG vyhodil a dal jsem tam Avast. Zjisil jsem, že to zasekávání dělá něco jiného. Někdy se to seklo už při přihlašování uživatele.Když jsem chtěl zadat heslo. Teď se mi stalo, že se kousla klavesnice a myš, ale vnitřně počtač makal, jelikož běžela ikona Avast (generování datu databáze pro obnovu dat při nečinnosti) Tak nevím co to je za xindl.

[Damned]

Vlož mi sem ten log. Je tam možná ještě zbytek malware a buď to odstraní ten FixIEDef nebo něco jinýho.
Potřebuji to ale vidět

[Ždib]

********************************************************************************
* *
* FixIEDef Log *
* Version 1.7.22.7514 *
* *
********************************************************************************

Created at 08:22:25 on Tuesday, December 08, 2009

Time Zone :

Logged On User : Honza

Operating System : Microsoft Windows XP Home Edition Service Pack 2
OS Architecture : X86
System Langauge : Czech
Keyboard Layout : Czech
Processor : X86 AMD Athlon(TM) XP 1500+

System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\system32

System Drive Type : Fixed
System Drive Status : READY
System Drive Label :
System Drive Size : 76.32 GB
System Drive Free : 38.73 GB

Total Physical Memory: 256 MB
Free Physical Memory : 72 MB
Total Page File : 256 MB
Free Page File : 356 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory : 1963 MB

Boot State : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\WINDOWS\system32\Uninstall.ico

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

C:\WINDOWS\system32\1024

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!