Prosim o pomoc s logem Vyřešeno

[bruno]

zo skype som chytil nejaky šmejd.eset mi nepomohl akorat mi hlasi infikovana pamet a neda se odstranit.zasilam log z HijackThis.Dekuji
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:21:19, on 26. 2. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
c:\users\public\mdm.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Bronislav\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: iebho surf - {341116E2-9CC4-4A6E-9303-4819C84846DE} - (no file)
O2 - BHO: Groove GFS Browser Helper - {73EC23B8-36E2-3DCA-1729-112430D06709} - (no file)
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Firevall Engine] c:\users\public\mdm.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: protector.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: bProtector - bProtector - C:\ProgramData\bProtector\bProtect.exe
O23 - Service: ESET HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4513 bytes

[Reklama]

[Žbeky]

Fixni:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: iebho surf - {341116E2-9CC4-4A6E-9303-4819C84846DE} - (no file)
O2 - BHO: Groove GFS Browser Helper - {73EC23B8-36E2-3DCA-1729-112430D06709} - (no file)
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Firevall Engine] c:\users\public\mdm.exe
O20 - AppInit_DLLs: protector.dll

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

[bruno]

zasilam log z malware
Malwarebytes Anti-Malware 1.60.1.1000
http://www.malwarebytes.org

Verzia databázy: v2012.02.26.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Bronislav :: BRONISLAV-PC [administrátor]

26. 2. 2012 21:02:59
mbam-log-2012-02-26 (21-08-00).txt

Typ kontroly: Rýchla kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 188726
Uplynutý čas: 4 min, 16 sek

Detegované služby pamäte: 1
C:\Users\Public\mdm.exe (Backdoor.Agent) -> 2364 -> Žiadna úloha nevykonaná.

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 11
HKCR\CLSID\{341116E2-9CC4-4A6E-9303-4819C84846DE} (Trojan.FakeAlert) -> Žiadna úloha nevykonaná.
HKCR\TypeLib\{15C7D7AD-A87A-4C0D-9D8B-637FCD3488EF} (Trojan.FakeAlert) -> Žiadna úloha nevykonaná.
HKCR\Interface\{9D9471F0-B58C-49D2-8B6C-0472917A6CA0} (Trojan.FakeAlert) -> Žiadna úloha nevykonaná.
HKCR\Jungle (Trojan.FakeAlert) -> Žiadna úloha nevykonaná.
HKCR\toolie.Bho (Trojan.FakeAlert) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{341116E2-9CC4-4A6E-9303-4819C84846DE} (Trojan.FakeAlert) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{341116E2-9CC4-4A6E-9303-4819C84846DE} (Trojan.FakeAlert) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\ZU6RKI1ONY (Trojan.FakeAlert.SA) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Žiadna úloha nevykonaná.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Žiadna úloha nevykonaná.

Detegované registračné hodnoty: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Firevall Engine (Backdoor.Agent) -> Dáta: c:\users\public\mdm.exe -> Žiadna úloha nevykonaná.

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 4
C:\Users\Bronislav\Favorites\VIP Casino.url (Rogue.Link) -> Žiadna úloha nevykonaná.
C:\Users\Bronislav\AppData\Roaming\Microsoft\Windows\Start Menu\VIP Casino.url (Rogue.Link) -> Žiadna úloha nevykonaná.
C:\Windows\System32\c.ico (Malware.Trace) -> Žiadna úloha nevykonaná.
C:\Users\Public\mdm.exe (Backdoor.Agent) -> Žiadna úloha nevykonaná.

(koniec)

[memphisto]

- Takže spus znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[bruno]

zasilam log z combofix
ComboFix 12-02-25.02 - Bronislav . 02. 2012 21:41:39.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.2048.1214 [GMT 1:00]
Running from: c:\users\Bronislav\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bronislav\AppData\Roaming\Microsoft\Windows\Recent\forums.url
c:\users\Public\mdm.exe
c:\windows\system32\1020
c:\windows\system32\1020\inf1020.dat
c:\windows\system32\SETB530.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 20:01 . 2012-02-26 20:01 -------- d-----w- c:\users\Bronislav\AppData\Roaming\Malwarebytes
2012-02-26 20:01 . 2012-02-26 20:01 -------- d-----w- c:\programdata\Malwarebytes
2012-02-26 20:01 . 2012-02-26 20:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-26 20:01 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-25 06:22 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4DAA0C39-093F-43AF-BFF5-278D14196FD2}\mpengine.dll
2012-02-19 18:30 . 2012-02-19 18:30 -------- d-----w- c:\program files\Common Files\Java
2012-02-19 18:30 . 2012-02-19 18:29 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-18 02:32 . 2012-02-18 02:32 9216 ----a-r- c:\users\Bronislav\AppData\Roaming\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe
2012-02-18 02:31 . 2012-02-18 02:31 -------- d-----w- c:\users\Bronislav\AppData\Roaming\Win7codecs
2012-02-18 02:31 . 2012-02-18 02:31 -------- d-----w- c:\program files\Win7codecs
2012-02-18 02:28 . 2012-02-18 03:31 -------- d-----w- c:\programdata\Win7codecs
2012-02-16 21:18 . 2012-02-16 21:18 240 ----a-w- C:\user.js
2012-02-16 21:17 . 2012-02-17 08:09 -------- d-----w- c:\users\Bronislav\AppData\Roaming\PerformerSoft
2012-02-16 21:17 . 2012-02-01 12:47 17464 ----a-w- c:\windows\system32\roboot.exe
2012-02-16 21:17 . 2012-02-16 21:17 790520 ----a-w- c:\windows\system32\protector.dll
2012-02-16 21:17 . 2012-02-16 21:17 -------- d-----w- c:\programdata\bProtector
2012-02-16 21:17 . 2012-02-16 21:17 -------- d-----w- c:\users\Bronislav\AppData\Local\Babylon
2012-02-16 21:17 . 2012-02-16 21:17 -------- d-----w- c:\programdata\Babylon
2012-02-16 21:17 . 2012-02-16 21:17 -------- d-----w- c:\users\Bronislav\AppData\Roaming\Babylon
2012-02-15 16:41 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 16:41 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 16:41 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 16:41 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-09 13:20 . 2012-02-09 13:20 4794880 ----a-w- c:\windows\system32\x264vfw.dll
2012-01-31 11:00 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-31 11:00 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-31 11:00 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-31 11:00 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-31 11:00 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-31 11:00 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-31 11:00 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-31 11:00 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-31 11:00 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-31 11:00 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-28 11:12 . 2012-01-28 11:12 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-01-28 11:10 . 2012-01-28 11:10 48128 ----a-w- c:\windows\system32\ff_acm.acm
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 13:17 . 2011-05-18 14:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 09:02 . 2011-04-10 06:59 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-02-19 18:29 . 2010-06-15 22:48 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-18 02:34 . 2010-06-02 00:08 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-01-29 04:10 . 2010-04-27 13:39 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 13:21 . 2012-01-25 13:21 913920 ----a-w- c:\windows\system32\lameACM.acm
2012-01-09 18:45 . 2012-01-09 18:45 178688 ----a-w- c:\windows\system32\unrar.dll
2011-12-22 21:40 . 2011-12-22 21:40 155648 ----a-w- c:\windows\system32\ac3acm.acm
2011-12-07 18:32 . 2011-12-07 18:32 216064 ----a-w- c:\windows\system32\lagarith.dll
2012-02-17 20:29 . 2012-02-17 08:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-26 2140880]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Bronislav^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^YoWindow.lnk]
path=c:\users\Bronislav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YoWindow.lnk
backup=c:\windows\pss\YoWindow.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-10-30 14:47 137536 ----atw- c:\users\Bronislav\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2010-10-20 14:32 2192752 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-09-01 12:39 966712 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2007-12-10 13:55 323584 ----a-w- c:\windows\PixArt\Pac7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 10:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 136176]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2009-12-21 16456]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2009-12-21 11088]
R3 SliceDisk5;SliceDisk5;c:\users\Bronislav\AppData\Local\Temp\FindAndMount\slicedisk.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-02-23 12984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1343400]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 bProtector;bProtector;c:\programdata\bProtector\bProtect.exe [2012-02-16 773624]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-02-26 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-02-26 810120]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-02-26 41312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LPDService REG_MULTI_SZ LPDSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2729308256-4087512430-2140066002-1000Core.job
- c:\users\Bronislav\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 14:47]
.
2012-02-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2729308256-4087512430-2140066002-1000UA.job
- c:\users\Bronislav\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 14:47]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 16:41]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 16:41]
.
2012-02-23 c:\windows\Tasks\SlimDrivers Scan.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2012-02-01 12:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk/
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Bronislav\AppData\Roaming\Mozilla\Firefox\Profiles\j3gk7q60.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/resultsext.as ... ource=3&q={searchterms}
FF - prefs.js: browser.search.selectedengine - google
FF - prefs.js: browser.startup.homepage - hxxp://www.zoznam.sk/
FF - prefs.js: keyword.url - hxxp://search.babylon.com/?af=101587&ba ... 92af046&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 14ac32b50000000000000011092af046
FF - user.js: extensions.BabylonToolbar_i.hardId - 14ac32b50000000000000011092af046
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15386
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:18
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
BHO-{73EC23B8-36E2-3DCA-1729-112430D06709} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-Microsoft Firevall Engine - c:\users\public\mdm.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Nokia - c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-26 21:55:12
ComboFix-quarantined-files.txt 2012-02-26 20:55
.
Pre-Run: 74 295 164 928 bytes free
Post-Run: 74 210 013 184 bytes free
.
- - End Of File - - C7019E40232FBFFB773B3D1F4AC1B47A

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\roboot.exe
c:\users\Bronislav\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2729308256-4087512430-2140066002-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2729308256-4087512430-2140066002-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\users\Bronislav\AppData\Local\Babylon
c:\programdata\Babylon
c:\users\Bronislav\AppData\Roaming\Babylon

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]

Firefox::
FF - ProfilePath - c:\users\Bronislav\AppData\Roaming\Mozilla\Firefox\Profiles\j3gk7q60.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/resultsext.as ... ource=3&q={searchterms}
FF - prefs.js: keyword.url - hxxp://search.babylon.com/?af=101587&ba ... 92af046&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 14ac32b50000000000000011092af046
FF - user.js: extensions.BabylonToolbar_i.hardId - 14ac32b50000000000000011092af046
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15386
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:18
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef – sst

RegNull::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[bruno]

Tu je log z combofix
ComboFix 12-02-25.02 - Bronislav . 02. 2012 11:28:33.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.2048.1400 [GMT 1:00]
Running from: c:\users\Bronislav\Desktop\ComboFix.exe
Command switches used :: c:\users\Bronislav\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
FILE ::
"c:\users\Bronislav\AppData\Local\Facebook\Update\FacebookUpdate.exe"
"c:\windows\system32\roboot.exe"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2729308256-4087512430-2140066002-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2729308256-4087512430-2140066002-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Babylon
c:\users\Bronislav\AppData\Local\Babylon
c:\users\Bronislav\AppData\Local\Babylon\Setup\bab033.tbinst.dat
c:\users\Bronislav\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
c:\users\Bronislav\AppData\Local\Babylon\Setup\Babylon.dat
c:\users\Bronislav\AppData\Local\Babylon\Setup\BExternal.dll
c:\users\Bronislav\AppData\Local\Babylon\Setup\HtmlScreens\cmbx.png
c:\users\Bronislav\AppData\Local\Babylon\Setup\HtmlScreens\common.js
c:\users\Bronislav\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
c:\users\Bronislav\AppData\Local\Babylon\Setup\HtmlScreens\lngs.png
c:\users\Bronislav\AppData\Local\Babylon\Setup\HtmlScreens\page1.css
c:\users\Bronislav\AppData\Local\Babylon\Setup\HtmlScreens\page1.html
c:\users\Bronislav\AppData\Local\Babylon\Setup\HtmlScreens\page1.js
c:\users\Bronislav\AppData\Local\Babylon\Setup\HtmlScreens\page1Lrg.css
c:\users\Bronislav\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
c:\users\Bronislav\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
c:\users\Bronislav\AppData\Local\Babylon\Setup\HtmlScreens\page2.js
c:\users\Bronislav\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\users\Bronislav\AppData\Local\Babylon\Setup\HtmlScreens\page9.html
c:\users\Bronislav\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
c:\users\Bronislav\AppData\Local\Babylon\Setup\HtmlScreens\title1.png
c:\users\Bronislav\AppData\Local\Babylon\Setup\HtmlScreens\title2.png
c:\users\Bronislav\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\users\Bronislav\AppData\Local\Babylon\Setup\HtmlScreens\vIcn.png
c:\users\Bronislav\AppData\Local\Babylon\Setup\IECookieLow.dll
c:\users\Bronislav\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.34.zpb
c:\users\Bronislav\AppData\Local\Babylon\Setup\Setup.exe
c:\users\Bronislav\AppData\Local\Babylon\Setup\SetupStrings.dat
c:\users\Bronislav\AppData\Local\Babylon\Setup\sqlite3.dll
c:\users\Bronislav\AppData\Roaming\Babylon
c:\users\Bronislav\AppData\Roaming\Babylon\log_file.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-01-27 to 2012-02-27 )))))))))))))))))))))))))))))))
.
.
2012-02-27 10:38 . 2012-02-27 10:40 -------- d-----w- c:\users\Bronislav\AppData\Local\temp
2012-02-26 20:01 . 2012-02-26 20:01 -------- d-----w- c:\users\Bronislav\AppData\Roaming\Malwarebytes
2012-02-26 20:01 . 2012-02-26 20:01 -------- d-----w- c:\programdata\Malwarebytes
2012-02-26 20:01 . 2012-02-26 20:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-26 20:01 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-25 06:22 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4DAA0C39-093F-43AF-BFF5-278D14196FD2}\mpengine.dll
2012-02-19 18:30 . 2012-02-19 18:30 -------- d-----w- c:\program files\Common Files\Java
2012-02-19 18:30 . 2012-02-19 18:29 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-18 02:32 . 2012-02-18 02:32 9216 ----a-r- c:\users\Bronislav\AppData\Roaming\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe
2012-02-18 02:31 . 2012-02-18 02:31 -------- d-----w- c:\users\Bronislav\AppData\Roaming\Win7codecs
2012-02-18 02:31 . 2012-02-18 02:31 -------- d-----w- c:\program files\Win7codecs
2012-02-18 02:28 . 2012-02-18 03:31 -------- d-----w- c:\programdata\Win7codecs
2012-02-16 21:18 . 2012-02-16 21:18 240 ----a-w- C:\user.js
2012-02-16 21:17 . 2012-02-17 08:09 -------- d-----w- c:\users\Bronislav\AppData\Roaming\PerformerSoft
2012-02-16 21:17 . 2012-02-01 12:47 17464 ----a-w- c:\windows\system32\roboot.exe
2012-02-16 21:17 . 2012-02-16 21:17 790520 ----a-w- c:\windows\system32\protector.dll
2012-02-16 21:17 . 2012-02-16 21:17 -------- d-----w- c:\programdata\bProtector
2012-02-15 16:41 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 16:41 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 16:41 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 16:41 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-09 13:20 . 2012-02-09 13:20 4794880 ----a-w- c:\windows\system32\x264vfw.dll
2012-01-31 11:00 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-31 11:00 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-31 11:00 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-31 11:00 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-31 11:00 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-31 11:00 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-31 11:00 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-31 11:00 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-31 11:00 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-31 11:00 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-28 11:12 . 2012-01-28 11:12 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-01-28 11:10 . 2012-01-28 11:10 48128 ----a-w- c:\windows\system32\ff_acm.acm
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 13:17 . 2011-05-18 14:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 09:02 . 2011-04-10 06:59 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-02-19 18:29 . 2010-06-15 22:48 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-18 02:34 . 2010-06-02 00:08 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-01-29 04:10 . 2010-04-27 13:39 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 13:21 . 2012-01-25 13:21 913920 ----a-w- c:\windows\system32\lameACM.acm
2012-01-09 18:45 . 2012-01-09 18:45 178688 ----a-w- c:\windows\system32\unrar.dll
2011-12-22 21:40 . 2011-12-22 21:40 155648 ----a-w- c:\windows\system32\ac3acm.acm
2011-12-07 18:32 . 2011-12-07 18:32 216064 ----a-w- c:\windows\system32\lagarith.dll
2012-02-17 20:29 . 2012-02-17 08:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-26 2140880]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Bronislav^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^YoWindow.lnk]
path=c:\users\Bronislav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YoWindow.lnk
backup=c:\windows\pss\YoWindow.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2010-10-20 14:32 2192752 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-09-01 12:39 966712 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2007-12-10 13:55 323584 ----a-w- c:\windows\PixArt\Pac7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 10:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 136176]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2009-12-21 16456]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2009-12-21 11088]
R3 SliceDisk5;SliceDisk5;c:\users\Bronislav\AppData\Local\Temp\FindAndMount\slicedisk.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-02-23 12984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1343400]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-02-26 114984]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 bProtector;bProtector;c:\programdata\bProtector\bProtect.exe [2012-02-16 773624]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-02-26 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-02-26 810120]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-02-26 41312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LPDService REG_MULTI_SZ LPDSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2729308256-4087512430-2140066002-1000Core.job
- c:\users\Bronislav\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 14:47]
.
2012-02-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2729308256-4087512430-2140066002-1000UA.job
- c:\users\Bronislav\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 14:47]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 16:41]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-04 16:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk/
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Bronislav\AppData\Roaming\Mozilla\Firefox\Profiles\j3gk7q60.default\
FF - prefs.js: browser.search.selectedengine - search the web (babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.zoznam.sk/
FF - prefs.js: network.proxy.type - 4
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2240)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\schtasks.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-02-27 11:45:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-27 10:45
ComboFix2.txt 2012-02-26 20:55
.
Pre-Run: 74 677 100 544 bytes free
Post-Run: 74 489 192 448 bytes free
.
- - End Of File - - 9C7DA48892D7CC8133324722C97BC92D

log z HiackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:53:31, on 27. 2. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Bronislav\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: bProtector - bProtector - C:\ProgramData\bProtector\bProtect.exe
O23 - Service: ESET HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 3672 bytes

[Žbeky]

Toto otestuj na Virustotal
c:\windows\system32\roboot.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[bruno]

https://www.virustotal.com/file/f5b20fd ... /analysis/

[bruno]

vim že jsem to koupil ze skype tak jsem ho nespouštel a dal to skontrolovat a ten šmejd je tam stale.zasilam link.
https://www.virustotal.com/file/08595a1 ... /analysis/

[Žbeky]

Je to jen 1/43 - to je spíš false detect. Ale klidně ho odinstaluj a znovu nainstaluj

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?

[bruno]

T-cleaner se nechce spustit,antivirus je zastaveny.na pokračovani stlačim klaves a???