Blbne mi jeden web, ale na jiném prohlížeči jde v pohodě

[czech10]

Zravím,
Jde o web forexcompanyonline.com. Na tento web hackeři pravidelně dělají DDOS útok, protože mají v několika bankách hodně peněz.
A naposledy když takový útok byl tak mi ten web od té doby úplně blbne a doslova si dělá co se mu zlíbí... Načítá se pomalu a většinou se ani nenačte (chybí nějaké obrázky) nebo mi to napíše nějaký chybový hlášky.
Zajímavé ale je, že v IE9 jde web úplně v pohodě... žádný chyby prostě v pořádku.

Používám Google Chrome a už jsem zkusil vymazat cookies z tohoto webu, ale to nepomohlo.... A ještě si tak říkám jestli ti hackekři na ten web nedaly nějaký škodlivý kód díky kterému jsem jsem teď součástí toho DDOS útoku...

Většinou mi to taky píše tuhle chybu:

This webpage is not available
Webové stránky na adrese https://forexcompanyonline.com/ jsou možná dočasně nedostupné nebo mohly být přemístěny na novou webovou adresu.
Chyba 324(net::ERR_EMPTY_RESPONSE): Neznámá chyba.

Když tak tady je log z hijakcthis, ale já jsem tam nic zvláštního nenašel.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:07:30, on 8.12.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Programy\office\Office12\GrooveMonitor.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\WebMoney Agent\wmagent.exe
C:\Users\Czech\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Czech\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\QIP 2010\qip.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
D:\Programy\VLC\vlc.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://forexcompanyonline.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programy\office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [wmagent.exe] "C:\Program Files\WebMoney Agent\wmagent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Czech\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [googletalk] C:\Users\Czech\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Pozadi z webky] C:\Program Files\Pozadi z webky\PozadiZWebky.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3438439536-3322280551-1058881768-1008\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O4 - HKUS\S-1-5-21-3438439536-3322280551-1058881768-1008\..\Run: [AdobeBridge] (User 'postgres')
O4 - HKUS\S-1-5-21-3438439536-3322280551-1058881768-1008\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun (User 'postgres')
O4 - HKUS\S-1-5-21-3438439536-3322280551-1058881768-1008\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (User 'postgres')
O4 - HKUS\S-1-5-21-3438439536-3322280551-1058881768-1008\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'postgres')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\Programy\office\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\office\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programy\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programy\ICQ7.2\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\office\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programy\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programy\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC6C398E-5DAB-4154-99B2-3E3CD24A622C}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programy\office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Aktivátor Správce výběru OS Acronis (Správce výběru OS) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 11205 bytes

[czech10]

Poradíte mi teda někdo prosím?

[stell]

Zdravim
Web je v uplnom poriadku.
Odinstaluj od symanteca live update a antivirak
http://us.norton.com/support/kb/web_vie ... 10133834EN

Mas tam AVAST
Stiahnes na plochu TFC
zatvor vsetko co mas otvorene a spust-po skane restart

Stáhni, nainstaluj program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- PravyKlik na kos-spustit ccleaner ->>>Cakas>>na cistenie,,
PravyKlik na kos-otvorit ccleaner-záložka Windows a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na záložku Aplikace a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na Registry, stiskni Hledej problémy, po dokončení skenování klikni na Opravit vybrané problémy,
-zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Opravit všechny problémy,

Stiahnes>>mbam-setup
Nainstalovat, aktualizovat, a spustit skan.
Spravit Uplny skan, co najde daj zmazat,
Log vloz sem.
Podrobny Navod:
http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

[czech10]

Tak je hotovo. Zde protokol


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 5281

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.7930.16406

9.12.2010 18:31:09
mbam-log-2010-12-09 (18-31-09).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 328065
Uplynulý čas: 1 hodin, 17 minut, 50 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Europa Casino (Adware.Casino) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Casino\europa casino\_europasetup_c9d297.exe (Adware.Casino) -> Quarantined and deleted successfully.
c:\Users\Czech\downloads\setuppoker_401a00.exe (Adware.Casino) -> Quarantined and deleted successfully.
c:\Users\Czech\downloads\europasetup_c9d297.exe (Adware.Casino) -> Quarantined and deleted successfully.

[stell]

PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

[czech10]

ComboFix 10-12-08.04 - Czech 09.12.2010 20:00:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2038.1067 [GMT 1:00]
Spuštěný z: c:\users\Czech\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fonts\trebucbi.ttf
c:\windows\system\msvbvm60.dll
c:\windows\system32\drivers\mtrqtqsk.sys
c:\windows\system32\Ijl11.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_xittapjt


((((((((((((((((((((((((( Soubory vytvořené od 2010-11-09 do 2010-12-09 )))))))))))))))))))))))))))))))
.

2010-12-09 19:19 . 2010-12-09 19:30 -------- d-----w- c:\users\Czech\AppData\Local\temp
2010-12-09 19:19 . 2010-12-09 19:25 -------- d-----w- c:\users\postgres\AppData\Local\temp
2010-12-09 19:19 . 2010-12-09 19:19 -------- d-----w- c:\users\ucet1\AppData\Local\temp
2010-12-09 19:19 . 2010-12-09 19:19 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-09 19:19 . 2010-12-09 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-07 07:42 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A0B24D1-92F4-4A5D-AF5D-6FFF932D5548}\mpengine.dll
2010-11-25 15:23 . 2010-11-25 15:23 -------- d-----w- c:\users\Czech\AppData\Local\Apple
2010-11-25 15:23 . 2010-11-26 10:55 -------- d-----w- c:\program files\Apple Software Update
2010-11-25 12:07 . 2010-11-25 12:07 -------- d-----w- c:\users\Czech\AppData\Local\Jan_Macháček
2010-11-25 12:06 . 2010-11-25 12:07 -------- d-----w- c:\users\Czech\AppData\Roaming\Pozadi z webky
2010-11-25 12:06 . 2010-11-25 12:18 -------- d-----w- c:\program files\Pozadi z webky
2010-11-25 02:02 . 2010-11-01 23:03 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-25 02:02 . 2010-11-01 22:59 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-13 19:03 . 2010-11-13 19:03 -------- d-----w- c:\users\Czech\AppData\Roaming\WebMoney
2010-11-13 18:59 . 2010-11-13 18:59 -------- d-----w- c:\program files\WebMoney Agent
2010-11-13 18:58 . 2010-11-13 18:59 -------- d-----w- c:\program files\WebMoney
2010-11-12 18:43 . 2010-11-12 18:43 -------- d-----w- c:\program files\SopCast
2010-11-10 13:04 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-09 19:30 . 2010-05-21 10:03 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-11-30 10:22 . 2010-07-15 18:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-29 14:10 . 2010-05-21 07:15 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-10-19 09:41 . 2010-05-21 10:54 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-05 17:57 . 2010-10-29 14:09 1084008 ----a-w- c:\windows\system32\RTSndMgr.cpl
2010-10-05 17:57 . 2010-10-29 14:09 3211432 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-10-05 17:57 . 2010-10-29 14:09 1843816 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-10-05 17:56 . 2010-10-29 14:09 66152 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-10-05 17:56 . 2010-10-29 14:09 453224 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-10-05 17:56 . 2010-10-29 14:09 3610216 ----a-w- c:\windows\system32\RtkAPO.dll
2010-10-05 17:56 . 2010-10-29 14:09 477288 ----a-w- c:\windows\system32\RCoRes.dat
2010-09-29 11:11 . 2010-10-29 14:09 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-09-27 07:34 . 2010-10-29 14:09 232792 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2010-09-16 17:33 . 2010-10-29 14:09 404704 ----a-w- c:\windows\system32\DTSVoiceClarityDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 427744 ----a-w- c:\windows\system32\DTSSymmetryDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 1131232 ----a-w- c:\windows\system32\DTSS2SpeakerDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 961248 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 290016 ----a-w- c:\windows\system32\DTSNeoPCDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 222944 ----a-w- c:\windows\system32\DTSLimiterDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 105696 ----a-w- c:\windows\system32\DTSLFXAPO.dll
2010-09-16 17:33 . 2010-10-29 14:09 105184 ----a-w- c:\windows\system32\DTSGFXAPONS.dll
2010-09-16 17:33 . 2010-10-29 14:09 105696 ----a-w- c:\windows\system32\DTSGFXAPO.dll
2010-09-16 17:32 . 2010-10-29 14:09 235232 ----a-w- c:\windows\system32\DTSGainCompensatorDLL.dll
2010-09-16 17:32 . 2010-10-29 14:09 899808 ----a-w- c:\windows\system32\DTSBoostDLL.dll
2010-09-16 17:32 . 2010-10-29 14:09 447200 ----a-w- c:\windows\system32\DTSBassEnhancementDLL.dll
2010-09-13 13:56 . 2010-10-13 11:01 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Czech\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-23 136176]
"googletalk"="c:\users\Czech\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-12 328568]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"GrooveMonitor"="d:\programy\office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-10-05 9742952]
"wmagent.exe"="c:\program files\WebMoney Agent\wmagent.exe" [2009-10-19 210400]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-30 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 136176]
R3 ASNDIS4;ASNDIS4 Protocol Driver;c:\windows\system32\ASNDIS4.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AFS;AFS; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-26 691696]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 13:35]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 13:35]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3438439536-3322280551-1058881768-1000Core.job
- c:\users\Czech\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 19:06]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3438439536-3322280551-1058881768-1000UA.job
- c:\users\Czech\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 19:06]
.
.
------- Doplňkový sken -------
.
uStart Page = https://forexcompanyonline.com/
IE: E&xportovat do aplikace Microsoft Excel - d:\programy\office\Office12\EXCEL.EXE/3000
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
TCP: {CC6C398E-5DAB-4154-99B2-3E3CD24A622C} = 8.8.8.8,8.8.4.4
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\users\Czech\AppData\Roaming\Mozilla\Firefox\Profiles\l7k2voko.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\users\Czech\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\Czech\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Czech\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 6\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Czech\AppData\Roaming\Mozilla\Firefox\Profiles\l7k2voko.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-AdobeBridge - (no file)
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Czech\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
Binary file temp00 matches
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3438439536-3322280551-1058881768-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9430C223-10C7-9AB8-79A8-57F3791B4807}*]
"mafbhkmchpfmdjagcbkeikcieh"=hex:6b,61,69,6a,64,6e,61,6b,6d,6e,66,6b,62,69,62,
63,69,70,70,6c,6f,63,00,00
"nahabimdgemokmfmlaghpcefohoj"=hex:6b,61,69,6a,64,6e,61,6b,6d,6e,66,6b,62,69,
62,63,69,70,70,6c,6f,63,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3260)
d:\programy\Nokia\Nokia PC Suite 6\phonebrowser.dll
d:\programy\Nokia\Nokia PC Suite 6\NGSCM.DLL
d:\programy\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
d:\programy\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-12-09 20:36:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-09 19:36

Před spuštěním: 8 841 773 056
Po spuštění: 8 617 164 800

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 53E30D84907ABD064086D100D17900D4

[stell]

otestuj na www.virustotal.com
c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
link vloz sem.

[czech10]

http://www.virustotal.com/file-scan/rea ... 1291926784

[stell]

to je co za program??musi ti bezat v startupe??

[stell]

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
c:\windows\system32\acovcnt.exe
Driver::
AFS
RegNull::
[HKEY_USERS\S-1-5-21-3438439536-3322280551-1058881768-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9430C223-10C7-9AB8-79A8-57F3791B4807}*]
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"AdobeAAMUpdater-1.0"=-
"SwitchBoard"=-
"AdobeCS5ServiceManager"=-
"Malwarebytes' Anti-Malware (reboot)"=-

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

[czech10]

Já vůbec nevím co to je za program.... Nejspíš něco od Adobe to by snad nemělo být nějak nebezpečné. Níže je LOG.


ComboFix 10-12-08.04 - Czech 09.12.2010 21:56:30.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2038.1184 [GMT 1:00]
Spuštěný z: c:\users\Czech\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Czech\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFS
-------\Service_AFS


((((((((((((((((((((((((( Soubory vytvořené od 2010-11-09 do 2010-12-09 )))))))))))))))))))))))))))))))
.

2010-12-09 21:04 . 2010-12-09 21:06 -------- d-----w- c:\users\Czech\AppData\Local\temp
2010-12-09 21:04 . 2010-12-09 21:04 -------- d-----w- c:\users\ucet1\AppData\Local\temp
2010-12-09 21:04 . 2010-12-09 21:04 -------- d-----w- c:\users\postgres\AppData\Local\temp
2010-12-09 21:04 . 2010-12-09 21:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-07 07:42 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A0B24D1-92F4-4A5D-AF5D-6FFF932D5548}\mpengine.dll
2010-11-25 15:23 . 2010-11-25 15:23 -------- d-----w- c:\users\Czech\AppData\Local\Apple
2010-11-25 15:23 . 2010-11-26 10:55 -------- d-----w- c:\program files\Apple Software Update
2010-11-25 12:07 . 2010-11-25 12:07 -------- d-----w- c:\users\Czech\AppData\Local\Jan_Macháček
2010-11-25 12:06 . 2010-11-25 12:07 -------- d-----w- c:\users\Czech\AppData\Roaming\Pozadi z webky
2010-11-25 12:06 . 2010-11-25 12:18 -------- d-----w- c:\program files\Pozadi z webky
2010-11-25 02:02 . 2010-11-01 23:03 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-25 02:02 . 2010-11-01 22:59 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-13 19:03 . 2010-11-13 19:03 -------- d-----w- c:\users\Czech\AppData\Roaming\WebMoney
2010-11-13 18:59 . 2010-11-13 18:59 -------- d-----w- c:\program files\WebMoney Agent
2010-11-13 18:58 . 2010-11-13 18:59 -------- d-----w- c:\program files\WebMoney
2010-11-12 18:43 . 2010-11-12 18:43 -------- d-----w- c:\program files\SopCast
2010-11-10 13:04 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-09 21:06 . 2010-05-21 10:03 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-11-30 10:22 . 2010-07-15 18:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-29 14:10 . 2010-05-21 07:15 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-10-19 09:41 . 2010-05-21 10:54 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-05 17:57 . 2010-10-29 14:09 1084008 ----a-w- c:\windows\system32\RTSndMgr.cpl
2010-10-05 17:57 . 2010-10-29 14:09 3211432 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-10-05 17:57 . 2010-10-29 14:09 1843816 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-10-05 17:56 . 2010-10-29 14:09 66152 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-10-05 17:56 . 2010-10-29 14:09 453224 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-10-05 17:56 . 2010-10-29 14:09 3610216 ----a-w- c:\windows\system32\RtkAPO.dll
2010-10-05 17:56 . 2010-10-29 14:09 477288 ----a-w- c:\windows\system32\RCoRes.dat
2010-09-29 11:11 . 2010-10-29 14:09 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-09-27 07:34 . 2010-10-29 14:09 232792 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2010-09-16 17:33 . 2010-10-29 14:09 404704 ----a-w- c:\windows\system32\DTSVoiceClarityDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 427744 ----a-w- c:\windows\system32\DTSSymmetryDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 1131232 ----a-w- c:\windows\system32\DTSS2SpeakerDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 961248 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 290016 ----a-w- c:\windows\system32\DTSNeoPCDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 222944 ----a-w- c:\windows\system32\DTSLimiterDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 105696 ----a-w- c:\windows\system32\DTSLFXAPO.dll
2010-09-16 17:33 . 2010-10-29 14:09 105184 ----a-w- c:\windows\system32\DTSGFXAPONS.dll
2010-09-16 17:33 . 2010-10-29 14:09 105696 ----a-w- c:\windows\system32\DTSGFXAPO.dll
2010-09-16 17:32 . 2010-10-29 14:09 235232 ----a-w- c:\windows\system32\DTSGainCompensatorDLL.dll
2010-09-16 17:32 . 2010-10-29 14:09 899808 ----a-w- c:\windows\system32\DTSBoostDLL.dll
2010-09-16 17:32 . 2010-10-29 14:09 447200 ----a-w- c:\windows\system32\DTSBassEnhancementDLL.dll
2010-09-13 13:56 . 2010-10-13 11:01 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Czech\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-12 328568]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"GrooveMonitor"="d:\programy\office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-10-05 9742952]
"wmagent.exe"="c:\program files\WebMoney Agent\wmagent.exe" [2009-10-19 210400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 136176]
R3 ASNDIS4;ASNDIS4 Protocol Driver;c:\windows\system32\ASNDIS4.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-26 691696]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 13:35]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 13:35]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3438439536-3322280551-1058881768-1000Core.job
- c:\users\Czech\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 19:06]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3438439536-3322280551-1058881768-1000UA.job
- c:\users\Czech\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 19:06]
.
.
------- Doplňkový sken -------
.
uStart Page = https://forexcompanyonline.com/
IE: E&xportovat do aplikace Microsoft Excel - d:\programy\office\Office12\EXCEL.EXE/3000
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
TCP: {CC6C398E-5DAB-4154-99B2-3E3CD24A622C} = 8.8.8.8,8.8.4.4
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\users\Czech\AppData\Roaming\Mozilla\Firefox\Profiles\l7k2voko.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 6\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Czech\AppData\Roaming\Mozilla\Firefox\Profiles\l7k2voko.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
Binary file temp00 matches
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(1556)
d:\programy\Nokia\Nokia PC Suite 6\phonebrowser.dll
d:\programy\Nokia\Nokia PC Suite 6\NGSCM.DLL
d:\programy\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
d:\programy\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-12-09 22:12:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-09 21:12
ComboFix2.txt 2010-12-09 19:36

Před spuštěním: 8 593 727 488
Po spuštění: 8 528 740 352

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 308125E57443F1F4744A470A0A3D64CE

[stell]

ok, ako je na tom pc??vyskusaj.

[czech10]

ok, ako je na tom pc??vyskusaj.

Celkově PC se mi trochu zrychlilo. A hlavně ten web už mi na Chromu běží (zatím) naprosto v pořádku. Nejspíš za tím opravdu byl nějakej vir díky kterýmu jsem se nevědomky zapojoval do DDOS útoku. Oni ty útoky na ten web jsou opravdu intenzivní a velmi časté...

Děkuju moc za pomoc jseš jednička.

[stell]

premenuj ikonu combofixu na uninstall a spust. cobofix sa odinstaluje.
stiahni OTM, na plochu
Stiahnes>>OTMoveIt3 by OldTimer >.podla navodu vloz text a klik-Moveit>>

Kód: Vybrat vše

:processes
explorer.exe

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s

:Commands
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

Tot vse.
nemas zaco.

[czech10]

Tady je ještě ten poslední Log.


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP20AC.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP405C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4602.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5512.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB354.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCDDA.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE436.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI119.tmp moved successfully.
C:\WINDOWS\Installer\MSI1348.tmp moved successfully.
C:\WINDOWS\Installer\MSI1471.tmp moved successfully.
C:\WINDOWS\Installer\MSI1608.tmp moved successfully.
C:\WINDOWS\Installer\MSI19B1.tmp moved successfully.
C:\WINDOWS\Installer\MSI1B86.tmp moved successfully.
C:\WINDOWS\Installer\MSI1CCE.tmp moved successfully.
C:\WINDOWS\Installer\MSI1E46.tmp moved successfully.
C:\WINDOWS\Installer\MSI1FFC.tmp moved successfully.
C:\WINDOWS\Installer\MSI2386.tmp moved successfully.
C:\WINDOWS\Installer\MSI254B.tmp moved successfully.
C:\WINDOWS\Installer\MSI26F1.tmp moved successfully.
C:\WINDOWS\Installer\MSI28A7.tmp moved successfully.
C:\WINDOWS\Installer\MSI2955.tmp moved successfully.
C:\WINDOWS\Installer\MSI2A1E.tmp moved successfully.
C:\WINDOWS\Installer\MSI2C8F.tmp moved successfully.
C:\WINDOWS\Installer\MSI2DD8.tmp moved successfully.
C:\WINDOWS\Installer\MSI2E74.tmp moved successfully.
C:\WINDOWS\Installer\MSI300B.tmp moved successfully.
C:\WINDOWS\Installer\MSI3144.tmp moved successfully.
C:\WINDOWS\Installer\MSI32F8.tmp moved successfully.
C:\WINDOWS\Installer\MSI436.tmp moved successfully.
C:\WINDOWS\Installer\MSI70F6.tmp moved successfully.
C:\WINDOWS\Installer\MSI74B0.tmp moved successfully.
C:\WINDOWS\Installer\MSI779A.tmp moved successfully.
C:\WINDOWS\Installer\MSI7B33.tmp moved successfully.
C:\WINDOWS\Installer\MSI907.tmp moved successfully.
C:\WINDOWS\Installer\MSIB0B.tmp moved successfully.
C:\WINDOWS\Installer\MSIBB1F.tmp moved successfully.
C:\WINDOWS\Installer\MSIC128.tmp moved successfully.
C:\WINDOWS\Installer\MSIC50F.tmp moved successfully.
C:\WINDOWS\Installer\MSIC63.tmp moved successfully.
C:\WINDOWS\Installer\MSIC9B6.tmp moved successfully.
C:\WINDOWS\Installer\MSID92C.tmp moved successfully.
C:\WINDOWS\Installer\MSIDAC.tmp moved successfully.
C:\WINDOWS\Installer\MSIFB22.tmp moved successfully.
C:\WINDOWS\Installer\MSIFD80.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RACAD2E.tmp moved successfully.
File move failed. C:\WINDOWS\System32\DriverStore\FileRepository\hposcu08.inf_6b5c1a40\drivers\scanner\hpqgends.tmp scheduled to be moved on reboot.
C:\WINDOWS\Temp\Cab3429.tmp moved successfully.
C:\WINDOWS\Temp\Tar3459.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Czech
->Temp folder emptied: 34522 bytes
->Temporary Internet Files folder emptied: 1577102 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1158 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: ucet1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33972 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 12102010_114002

Files moved on Reboot...
File move failed. C:\WINDOWS\System32\DriverStore\FileRepository\hposcu08.inf_6b5c1a40\drivers\scanner\hpqgends.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...