HijackThis - prosím o kontrolu

[Flonid]

Zdravím,

nedávno jsem začal mít velké problémy s internetem z ničeho nic mi přestane běžet nebo je šíleně pomalý - když vypínám procesy tak se mi někdy podaří vypnout ten správný a jede to v pořádku.

Doufám, že tu jsou odborníci na HijacThis a dokážou mi poradit, předem děkuji.

Zde je výpis:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:19:22, on 10.11.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\sysdriver32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Warcraft III\w3dr.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\LiveZilla\LiveZilla.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\WINDOWS\update.tray-9-0\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\PROGRA~1\Uniblue\DRIVER~1\driverscanner.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe
C:\Program Files\MSI\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\test\Dokumenty\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/bsprpc/{760FE25C-4255-4814-A3DF-3A6034C585A5}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/bsprpc/{951A9593-C513-49CF-99B2-DA78725A60E5}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BrowserPlugin - {1C749E08-6B62-11E0-B6DA-075F4824019B} - C:\Documents and Settings\11111\Local Settings\Data aplikací\GamePlayLabs Plugin\BHO.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: IEHlprObj Class - {DA5A2A9E-DF07-4a8e-B423-BC5CD4D1880C} - C:\Program Files\FileStream\Web Boomerang\IEHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\BSP DB Toolbar\tbcore3.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll (file missing)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Softonic Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: BSP DB Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\BSP DB Toolbar\tbcore3.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [w3dr.exe] C:\Program Files\Warcraft III\w3dr.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [LiveZilla] "C:\Program Files\LiveZilla\LiveZilla.exe" -minimize
O4 - HKLM\..\Run: [IRadioVB6] C:\Program Files\IradioVb6\IRadioVB6.exe -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\WINDOWS\update.tray-9-0\svchost.exe
O4 - HKLM\..\Run: [2726350.exe] "C:\WINDOWS\TEMP\2726350.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [4719671.exe] "C:\DOCUME~1\11111\LOCALS~1\Temp\4719671.exe"
O4 - HKLM\..\Run: [157301.exe] "C:\DOCUME~1\11111\LOCALS~1\Temp\157301.exe"
O4 - HKLM\..\Run: [2306655.exe] "C:\WINDOWS\TEMP\2306655.exe"
O4 - HKLM\..\Run: [6697869.exe] "C:\WINDOWS\TEMP\6697869.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DriverScanner] "C:\PROGRA~1\Uniblue\DRIVER~1\launcher.exe" delay 20000
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\test\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Automatické vypnutí počítače.lnk = ?
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Remote Control.lnk = C:\Program Files\MSI\DIGIVOX mini III\DIGIVOX mini III Device Utilities\AFRCtl.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\MSI\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\test\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9aa459c3fb63a) (gupdate1c9aa459c3fb63a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: wxpdrivers - Cronosoft - C:\WINDOWS\update.1\svchost.exe

--
End of file - 13784 bytes

[Reklama]

[Damned]

No nazdar, to je úroda...

Odinstaluj si:
Conduit
Ask Toolbar
BSP DB Toolbar
DAEMON Tools Toolbar
ICQ6Toolbar

a zastav zbytečnej Spyware Terminator.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/bsprpc/{760FE25C-4255-4814-A3DF-3A6034C585A5}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/bsprpc/{951A9593-C513-49CF-99B2-DA78725A60E5}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R3 - URLSearchHook: (no name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll (file missing)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: IEHlprObj Class - {DA5A2A9E-DF07-4a8e-B423-BC5CD4D1880C} - C:\Program Files\FileStream\Web Boomerang\IEHelper.dll (file missing)
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\BSP DB Toolbar\tbcore3.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll (file missing)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Softonic Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: BSP DB Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\BSP DB Toolbar\tbcore3.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [w3dr.exe] C:\Program Files\Warcraft III\w3dr.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [LiveZilla] "C:\Program Files\LiveZilla\LiveZilla.exe" -minimize
O4 - HKLM\..\Run: [IRadioVB6] C:\Program Files\IradioVb6\IRadioVB6.exe -start
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\WINDOWS\update.tray-9-0\svchost.exe
O4 - HKLM\..\Run: [2726350.exe] "C:\WINDOWS\TEMP\2726350.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [4719671.exe] "C:\DOCUME~1\11111\LOCALS~1\Temp\4719671.exe"
O4 - HKLM\..\Run: [157301.exe] "C:\DOCUME~1\11111\LOCALS~1\Temp\157301.exe"
O4 - HKLM\..\Run: [2306655.exe] "C:\WINDOWS\TEMP\2306655.exe"
O4 - HKLM\..\Run: [6697869.exe] "C:\WINDOWS\TEMP\6697869.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DriverScanner] "C:\PROGRA~1\Uniblue\DRIVER~1\launcher.exe" delay 20000
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\test\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - Startup: Automatické vypnutí počítače.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti: Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko Konec.
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje a poté kliknutím na OK spusť program
- nech vybranou možnost Rychlá kontrola a klikni na tlačítko Prohledat

Bude-li nalezen problém:
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost Uložit protokol a ulož si log na Plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
- výsledný log mi sem zkopíruj
(zatím nic nemaž!).

[Flonid]

Damned:

Díky, díky ) - ten link na anti-malware ti nefunguje stahoval jsem to odjinud

tady je výpis:

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

10.11.2011 11:17:10
mbam-log-2011-11-10 (11-17-05).txt

Typ: Rychlá kontrola
Kontrolované objekty: 238343
Uplynulý čas: 15 minut, 27 sekund

Infikované procesy v paměti: 11
Infikované moduly v paměti: 0
Infikované klíče v registru: 20
Infikované hodnoty v registru: 2
Infikované datové položky v registru: 3
Infikované složky: 1
Infikované soubory: 31

Infikované procesy v paměti:
c:\program files\common files\ArcSoft\connection service\Bin\acservice.exe (Trojan.PatchLoad) -> 3516 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 2396 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 2796 -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> 3048 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 2656 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 328 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 4792 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 4832 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 5020 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 5052 -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Agent) -> 3192 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACDaemon (Trojan.PatchLoad) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\20f80b64 (Backdoor.0Access) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1C749E08-6B62-11E0-B6DA-075F4824019B} (Spyware.GamePlayLabs) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{199C34A4-5436-403F-A250-219E16672570} (Spyware.GamePlayLabs) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8E7AD93B-3E87-423D-947F-A321FA7E31C4} (Spyware.GamePlayLabs) -> No action taken.
HKEY_CLASSES_ROOT\BHO.BrowserPlugin.1 (Spyware.GamePlayLabs) -> No action taken.
HKEY_CLASSES_ROOT\BHO.BrowserPlugin (Spyware.GamePlayLabs) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C749E08-6B62-11E0-B6DA-075F4824019B} (Spyware.GamePlayLabs) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1C749E08-6B62-11E0-B6DA-075F4824019B} (Spyware.GamePlayLabs) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C749E08-6B62-11E0-B6DA-075F4824019B} (Spyware.GamePlayLabs) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WXPDRIVERS (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
c:\WINDOWS\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované soubory:
c:\program files\common files\ArcSoft\connection service\Bin\acservice.exe (Trojan.PatchLoad) -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\1678506016:3741840539.exe (Backdoor.0Access) -> No action taken.
c:\documents and settings\11111\local settings\data aplikací\gameplaylabs plugin\BHO.dll (Spyware.GamePlayLabs) -> No action taken.
c:\documents and settings\11111\dokumenty\downloads\mediapluginsetup.exe (Spyware.GamePlayLabs) -> No action taken.
c:\documents and settings\11111\local settings\temp\157301.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\11111\local settings\temp\4719671.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\2726350.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\6697869.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\2306655.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\8485840.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\8660763.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\winrtsnr.txt (Malware.Trace) -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Agent) -> No action taken.

[Damned]

Odkaz ještě včera fungoval. Neva, mrknu se po jiným...

Spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Restartuj.

Stáhni si Rogue Killer a ulož si ho na Plochu.
Spusť ho. Po načtení se ti objeví tabulka. Zvol 1 a Enter. Proběhne sken a na Ploše se ti objeví log s názvem: RKreport[1].txt.
Zkopíruj mi ho sem.

[Flonid]

mbam sken:

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

10.11.2011 11:36:00
mbam-log-2011-11-10 (11-35-59).txt

Typ: Rychlá kontrola
Kontrolované objekty: 238620
Uplynulý čas: 9 minut, 18 sekund

Infikované procesy v paměti: 11
Infikované moduly v paměti: 0
Infikované klíče v registru: 20
Infikované hodnoty v registru: 2
Infikované datové položky v registru: 3
Infikované složky: 1
Infikované soubory: 32

Infikované procesy v paměti:
c:\program files\common files\ArcSoft\connection service\Bin\acservice.exe (Trojan.PatchLoad) -> 3516 -> Unloaded process successfully.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 2396 -> Unloaded process successfully.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 2796 -> Unloaded process successfully.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> 3048 -> Unloaded process successfully.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 2656 -> Unloaded process successfully.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 328 -> Unloaded process successfully.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 5816 -> Unloaded process successfully.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 4780 -> Unloaded process successfully.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 4456 -> Unloaded process successfully.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 1360 -> Unloaded process successfully.
c:\WINDOWS\update.1\svchost.exe (Trojan.Agent) -> 3192 -> Unloaded process successfully.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACDaemon (Trojan.PatchLoad) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\20f80b64 (Backdoor.0Access) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1C749E08-6B62-11E0-B6DA-075F4824019B} (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{199C34A4-5436-403F-A250-219E16672570} (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8E7AD93B-3E87-423D-947F-A321FA7E31C4} (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BHO.BrowserPlugin.1 (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BHO.BrowserPlugin (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C749E08-6B62-11E0-B6DA-075F4824019B} (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1C749E08-6B62-11E0-B6DA-075F4824019B} (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C749E08-6B62-11E0-B6DA-075F4824019B} (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WXPDRIVERS (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
c:\WINDOWS\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.

Infikované soubory:
c:\program files\common files\ArcSoft\connection service\Bin\acservice.exe (Trojan.PatchLoad) -> Quarantined and deleted successfully.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\1678506016:3741840539.exe (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\documents and settings\11111\local settings\data aplikací\gameplaylabs plugin\BHO.dll (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\11111\dokumenty\downloads\mediapluginsetup.exe (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\11111\local settings\temp\157301.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\11111\local settings\temp\4719671.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\2726350.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\6697869.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\windows\ (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\sysdriver32_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\2306655.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\8485840.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\8660763.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\winrtsnr.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\update.1\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

[Flonid]

rogue:


RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: test [Admin rights]
Mode: Scan -- Date : 11/10/2011 11:39:39

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤
[BLACKLIST] HKLM\[...]\services : wxpdrivers (wxpdrivers.sys) -> FOUND
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVBTCCLIENT () -> FOUND
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVIECHECK () -> FOUND
[BLACKLIST] HKLM\[...]\Root : LEGACY_WXPDRIVERS () -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (socks=) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt

[Damned]

Proxy máš jako výchozí? Pokud je používaný proxy server stabilně, RK ho nechá, pokud si ho vir namontoval sám, bude odstraněn. Opiš si případně nastavení proxy, pokud je tvé.

Spust znova Rooter,. zvol 2 a Enter. Po proběhnutí se objeví log RKreport[2].txt.

Zkopíruj ho sem.

//OT - Copak bylo tak hezkýho na fejzbůku, že to stálo za vir?

[Flonid]

s proxy jsem asi nikdy nic nedelal, vubec nevim ze neco mam

bratr byl v předevčírem u mě na PC ... od té doby mi přestal fungovat internet a teď jak jsi mi napsal o facebooku tak jsem ho zkusil zapnout a nechce ho načíst

Jejda! Prohlížeči Google Chrome se nepodařilo připojit k serveru www.facebook.com

--
jestli dobře chápu tak asi bratr na facebooku na něco klikl a stáhnul vira?..

jedu asi 2 roky bez antiviráku . avast jsem neprodlužovat a neměl jsem nikdy žádný problém až teď

[Flonid]

rogue:

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: test [Admin rights]
Mode: Remove -- Date : 11/10/2011 12:01:14

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVBTCCLIENT () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SRVIECHECK () -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_WXPDRIVERS () -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (socks=) -> NOT REMOVED, USE PROXYFIX
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (
)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]


Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

[Flonid]

jo ještě taková chybka... jestli náhodou nebudeš vědět...

mám win xp a vytvořené 2 uživatelské účty, z ničeho nic mi to nedává na výběr uživatele, ale rovnou si to automaticky vybere a příhlásí - vůbec netuším kvůli čeho se toto děje....

[Damned]

Je možný, že to splašil ten vir. Zkusíme to potom, co ho odstraníme.

Spusť znovu Rogue Killer, zvol 3. Poté mi sem zkopíruj log RKreport[2].txt.

Poté:

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs) nebo ComboFix (subs) a ulož si ho na Plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Flonid]

rogue:

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: test [Admin rights]
Mode: HOSTSFix -- Date : 11/10/2011 12:13:37

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt