SMS za 199,-

[fru-fru]

PC po startu a spuštění plochy vyhodilo nějakou chybovou hlášku ohledně Windows.
Po odkliknutí plocha zmizela a objevil se text na bílém pozadí zřejmě automaticky
přeložený překladačem do češtiny o poslání SMS na číslo začínající 909 (na konci 199)
a tímto, že dojde k odstranění chyby do několika minut nějakými "odborníky"

Aplikoval jsem ComboFix, tady je log:

ComboFix 10-01-11.04 - Peťa Vrlík 12.01.2010 15:49:03.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.567 [GMT 1:00]
Spuštěný z: c:\documents and settings\Peťa Vrlík\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6.5\ICQLRun.exe
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe
c:\windows\$NtUninstallKB922582$
c:\windows\$NtUninstallKB922582$\fltlib.dll
c:\windows\$NtUninstallKB922582$\fltmc.exe
c:\windows\$NtUninstallKB922582$\fltmgr.sys
c:\windows\$NtUninstallKB922582$\spuninst\spuninst.exe
c:\windows\$NtUninstallKB922582$\spuninst\spuninst.inf
c:\windows\$NtUninstallKB922582$\spuninst\spuninst.txt
c:\windows\$NtUninstallKB922582$\spuninst\updspapi.dll
c:\windows\EventSystem.log
c:\windows\system32\portmap.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APPLE_MOBILE_DEVICE
-------\Service_Apple Mobile Device


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-12 do 2010-01-12 )))))))))))))))))))))))))))))))
.

2009-12-26 14:13 . 2009-12-26 14:13 -------- d-----w- c:\program files\D-Link
2009-12-26 13:46 . 2007-10-08 18:13 262144 ----a-w- c:\windows\system32\wnicapi.dll
2009-12-15 11:37 . 2007-08-20 16:41 233472 ----a-w- c:\windows\system32\WlanApp.dll
2009-12-15 11:37 . 2005-10-27 07:55 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2009-12-15 11:37 . 2005-10-19 17:19 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2009-12-15 11:37 . 2005-10-19 17:19 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2009-12-15 11:37 . 2007-11-02 19:09 679936 ----a-w- c:\windows\system32\ANIWZCS2.dll
2009-12-15 11:37 . 2007-05-12 12:33 217088 ----a-w- c:\windows\system32\aIPH.dll
2009-12-15 11:37 . 2006-09-26 12:49 45115 ----a-w- c:\windows\system32\ANICtl.dll
2009-12-15 11:36 . 2009-12-15 11:37 -------- d-----w- c:\program files\ANI
2009-12-15 11:36 . 2005-12-13 09:38 48128 ----a-w- c:\windows\system32\ANIO64.sys
2009-12-15 11:36 . 2005-12-11 10:55 28195 ----a-w- c:\windows\system32\ANIO.sys
2009-12-15 11:36 . 2005-10-21 14:56 36864 ----a-w- c:\windows\system32\ANIOApi.dll
2009-12-15 11:36 . 2004-10-14 09:29 11904 ----a-w- c:\windows\system32\anio4.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 15:05 . 2008-03-10 01:13 84534 ----a-w- c:\windows\system32\perfc005.dat
2010-01-12 15:05 . 2008-03-10 01:13 442330 ----a-w- c:\windows\system32\perfh005.dat
2010-01-12 14:55 . 2009-03-23 17:30 -------- d-----w- c:\program files\ICQ6.5
2009-12-27 19:04 . 2008-04-04 16:55 -------- d-----w- c:\program files\Google
2009-12-26 13:50 . 2008-03-10 00:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-15 12:44 . 2008-11-22 16:26 -------- d-----w- c:\program files\Microsoft Works
2009-12-09 08:31 . 2008-03-10 01:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-09 08:23 . 2008-04-04 16:55 -------- d-----w- c:\program files\BitComet
2009-12-09 08:06 . 2009-12-09 08:06 0 ----a-w- c:\windows\nsreg.dat
2009-10-29 07:43 . 2008-03-10 01:13 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:40 . 2008-03-10 01:13 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2008-03-10 01:12 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-03-10 01:13 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-08-07 21:57 . 2009-08-07 21:57 10258648 ----a-w- c:\program files\googleearth-win-pro-4.3.7284.3916.exe
2009-07-08 05:11 . 2009-07-08 05:10 10315456 ----a-w- c:\program files\Google_Earth_5_0_11733_Beta.exe
2008-10-22 20:28 . 2008-10-22 20:26 51812984 ----a-w- c:\program files\avg_free_stf_en_8_175a1382.exe
2008-09-14 16:53 . 2008-09-14 16:52 7730856 ----a-w- c:\program files\Google_Earth_CZXD.exe
2008-06-26 11:22 . 2008-06-26 11:22 1336031 ----a-w- c:\program files\wrar371cz.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-06 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 544768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"nwiz"="nwiz.exe" [2006-07-20 1519616]
"FirstSteps"="c:\firststeps\FirstSteps.exe" [2004-10-07 303104]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-27 16844800]
"SkyTel"="SkyTel.EXE" [2007-08-03 1826816]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"D-Link AirPlus XtremeG DWL-G122"="c:\program files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe" [2008-01-02 1552384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Peśa Vrlˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Quick Office.lnk - c:\qoobox\Quarantine\C\WINDOWS\system32\portmap.exe.vir [2010-1-6 233472]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2008-7-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-30 12:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23213:TCP"= 23213:TCP:BitComet 23213 TCP
"23213:UDP"= 23213:UDP:BitComet 23213 UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.4.2008 8:20 717296]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22.10.2008 21:33 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22.10.2008 21:33 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [22.10.2008 21:33 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [22.10.2008 21:33 297752]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [23.3.2009 18:31 222456]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27.12.2009 20:00 135664]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [3.10.2008 13:37 36864]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 19:00]

2010-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 19:00]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\Peťa Vrlík\Nabídka Start\Programy\UltimateBet\UltimateBet.lnk
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.cz/Genoogle/Components/A ... eQuery.dll
FF - ProfilePath - c:\documents and settings\Peťa Vrlík\Data aplikací\Mozilla\Firefox\Profiles\a5maonv7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
HKCU-Run-Namedate - c:\documents and settings\Peťa Vrlík\Dokumenty\Nezmeskej\nezmeskej.exe
HKCU-Run-ICQ - c:\program files\ICQ6\ICQ.exe
Notify-AtiExtEvent - (no file)
AddRemove-Ares Tube_is1 - c:\program files\Ares Tube\unins000.exe
AddRemove-Family Tree Builder - c:\program files\MyHeritage\Bin\Uninstall.exe
AddRemove-UltimateBet - c:\program files\_uninstallation_info\UltimateBet\CasinoUninstall.exe
AddRemove-Nezmeškej - c:\documents and settings\Peťa Vrlík\Dokumenty\Nezmeskej\_odinstalovat.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 16:02
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sppq.sys >>UNKNOWN [0x86D92938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebf28
\Driver\ACPI -> ACPI.sys @ 0xf7246cb8
\Driver\atapi -> atapi.sys @ 0xf7201b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|˙˙˙˙¤•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3352)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\sm56hlpr.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2010-01-12 16:08:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-12 15:08

Před spuštěním: Volných bajtů: 169 202 630 656
Po spuštění: Volných bajtů: 170 415 714 304

- - End Of File - - 663878966C4E38748DD5BA91F7899A5D



Hláška ani bílá plocha se už neobjevila, za to ji nahradilo toto okno:

okno.JPG (23.54 KiB) Zobrazeno 2068 x

Chci to dočistit CCleanerem a projet MBAMem, ale nevím, jestli před tím neudělat ještě něco jiného.

[JaRon]

ano, pouzi MBAM

[fru-fru]

Po CCleaneru spuštěn MBAM:

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3552
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13.1.2010 10:22:09
mbam-log-2010-01-13 (10-22-00).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 217584
Uplynulý čas: 58 minute(s), 56 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 6
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 18
Infikované soubory: 28

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\Documents and Settings\Iva Vrlíková\Data aplikací\ShoppingReport (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Iva Vrlíková\Data aplikací\ShoppingReport\cs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Iva Vrlíková\Data aplikací\ShoppingReport\cs\db (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Iva Vrlíková\Data aplikací\ShoppingReport\cs\dwld (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Iva Vrlíková\Data aplikací\ShoppingReport\cs\report (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Iva Vrlíková\Data aplikací\ShoppingReport\cs\res2 (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Petr Vrlík\Data aplikací\ShoppingReport (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Petr Vrlík\Data aplikací\ShoppingReport\cs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Petr Vrlík\Data aplikací\ShoppingReport\cs\db (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Petr Vrlík\Data aplikací\ShoppingReport\cs\dwld (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Petr Vrlík\Data aplikací\ShoppingReport\cs\report (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Petr Vrlík\Data aplikací\ShoppingReport\cs\res1 (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Peťa Vrlík\Data aplikací\ShoppingReport (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Peťa Vrlík\Data aplikací\ShoppingReport\cs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Peťa Vrlík\Data aplikací\ShoppingReport\cs\db (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Peťa Vrlík\Data aplikací\ShoppingReport\cs\dwld (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Peťa Vrlík\Data aplikací\ShoppingReport\cs\report (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Peťa Vrlík\Data aplikací\ShoppingReport\cs\res1 (Adware.ShopperReports) -> No action taken.

Infikované soubory:
C:\Documents and Settings\Peťa Vrlík\Data aplikací\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll.vir (Adware.Shopper) -> No action taken.
C:\System Volume Information\_restore{D69F30ED-3AEB-47DD-8BBE-4BCA940656A8}\RP369\A0099967.dll (Adware.Shopper) -> No action taken.
C:\System Volume Information\_restore{D69F30ED-3AEB-47DD-8BBE-4BCA940656A8}\RP369\A0100018.sys (Malware.Trace) -> No action taken.
C:\Documents and Settings\Iva Vrlíková\Data aplikací\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Iva Vrlíková\Data aplikací\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Iva Vrlíková\Data aplikací\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Iva Vrlíková\Data aplikací\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Iva Vrlíková\Data aplikací\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Iva Vrlíková\Data aplikací\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Iva Vrlíková\Data aplikací\ShoppingReport\cs\res2\WhiteList.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Petr Vrlík\Data aplikací\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Petr Vrlík\Data aplikací\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Petr Vrlík\Data aplikací\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Petr Vrlík\Data aplikací\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Petr Vrlík\Data aplikací\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Petr Vrlík\Data aplikací\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Petr Vrlík\Data aplikací\ShoppingReport\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Peťa Vrlík\Data aplikací\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Peťa Vrlík\Data aplikací\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Peťa Vrlík\Data aplikací\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Peťa Vrlík\Data aplikací\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Peťa Vrlík\Data aplikací\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Peťa Vrlík\Data aplikací\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Peťa Vrlík\Data aplikací\ShoppingReport\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> No action taken.
C:\Documents and Settings\Iva Vrlíková\Nabídka Start\Programy\Po spuštění\Quick Office.lnk (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Peťa Vrlík\Nabídka Start\Programy\Po spuštění\Quick Office.lnk (Trojan.Agent) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> No action taken.


------------------

Předpokládám, že všechno smáznout + vypnout a zapnout
obnovu systému a poté opět použít CCleaner

[JaRon]

ano vsetko najdene ZMAZ v MBAM + restart a opakovana kontrola s MBAM ,,, CC nemusis

[fru-fru]

MBAM log je už úplně čistý.
Takže stačí jenom "ComboFix /Uninstall" a hotovo?

[JaRon]

tak-tak

[fru-fru]

děkuji za skvělou kooperaci

[JaRon]

rado sa stalo - pekny den