VIRY.CZ

Zravím,
Jde o web forexcompanyonline.com. Na tento web hackeři pravidelně dělají DDOS útok, protože mají v několika bankách hodně peněz.
A naposledy když takový útok byl tak mi ten web od té doby úplně blbne a doslova si dělá co se mu zlíbí... Načítá se pomalu a většinou se ani nenačte (chybí nějaké obrázky) nebo mi to napíše nějaký chybový hlášky.
Zajímavé ale je, že v IE9 jde web úplně v pohodě... žádný chyby prostě v pořádku.

Používám Google Chrome a už jsem zkusil vymazat cookies z tohoto webu, ale to nepomohlo.... A ještě si tak říkám jestli ti hackekři na ten web nedaly nějaký škodlivý kód díky kterému jsem jsem teď součástí toho DDOS útoku...

Většinou mi to taky píše tuhle chybu:

This webpage is not available
Webové stránky na adrese https://forexcompanyonline.com/ jsou možná dočasně nedostupné nebo mohly být přemístěny na novou webovou adresu.
Chyba 324(net::ERR_EMPTY_RESPONSE): Neznámá chyba.

Když tak tady je log z hijakcthis, ale já jsem tam nic zvláštního nenašel.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:07:30, on 8.12.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Programy\office\Office12\GrooveMonitor.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\WebMoney Agent\wmagent.exe
C:\Users\Czech\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Czech\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\QIP 2010\qip.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
D:\Programy\VLC\vlc.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\AppData\Local\Google\Chrome SxS\Application\chrome.exe
C:\Users\Czech\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://forexcompanyonline.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programy\office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [wmagent.exe] "C:\Program Files\WebMoney Agent\wmagent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Czech\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [googletalk] C:\Users\Czech\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Pozadi z webky] C:\Program Files\Pozadi z webky\PozadiZWebky.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3438439536-3322280551-1058881768-1008\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O4 - HKUS\S-1-5-21-3438439536-3322280551-1058881768-1008\..\Run: [AdobeBridge] (User 'postgres')
O4 - HKUS\S-1-5-21-3438439536-3322280551-1058881768-1008\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun (User 'postgres')
O4 - HKUS\S-1-5-21-3438439536-3322280551-1058881768-1008\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (User 'postgres')
O4 - HKUS\S-1-5-21-3438439536-3322280551-1058881768-1008\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'postgres')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\Programy\office\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\office\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programy\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programy\ICQ7.2\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\office\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programy\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programy\partypoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC6C398E-5DAB-4154-99B2-3E3CD24A622C}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programy\office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Aktivátor Správce výběru OS Acronis (Správce výběru OS) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 11205 bytes

Poradíte mi teda někdo prosím?

Zdravim
Web je v uplnom poriadku.
Odinstaluj od symanteca live update a antivirak
http://us.norton.com/support/kb/web_vie ... 10133834EN

Mas tam AVAST
Stiahnes na plochu TFC
zatvor vsetko co mas otvorene a spust-po skane restart

Stáhni, nainstaluj program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- PravyKlik na kos-spustit ccleaner ->>>Cakas>>na cistenie,,
PravyKlik na kos-otvorit ccleaner-záložka Windows a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na záložku Aplikace a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na Registry, stiskni Hledej problémy, po dokončení skenování klikni na Opravit vybrané problémy,
-zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Opravit všechny problémy,

Stiahnes>>mbam-setup
Nainstalovat, aktualizovat, a spustit skan.
Spravit Uplny skan, co najde daj zmazat,
Log vloz sem.
Podrobny Navod:
http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

Tak je hotovo. Zde protokol


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 5281

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.7930.16406

9.12.2010 18:31:09
mbam-log-2010-12-09 (18-31-09).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 328065
Uplynulý čas: 1 hodin, 17 minut, 50 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Europa Casino (Adware.Casino) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Casino\europa casino\_europasetup_c9d297.exe (Adware.Casino) -> Quarantined and deleted successfully.
c:\Users\Czech\downloads\setuppoker_401a00.exe (Adware.Casino) -> Quarantined and deleted successfully.
c:\Users\Czech\downloads\europasetup_c9d297.exe (Adware.Casino) -> Quarantined and deleted successfully.

PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

ComboFix 10-12-08.04 - Czech 09.12.2010 20:00:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2038.1067 [GMT 1:00]
Spuštěný z: c:\users\Czech\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fonts\trebucbi.ttf
c:\windows\system\msvbvm60.dll
c:\windows\system32\drivers\mtrqtqsk.sys
c:\windows\system32\Ijl11.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_xittapjt


((((((((((((((((((((((((( Soubory vytvořené od 2010-11-09 do 2010-12-09 )))))))))))))))))))))))))))))))
.

2010-12-09 19:19 . 2010-12-09 19:30 -------- d-----w- c:\users\Czech\AppData\Local\temp
2010-12-09 19:19 . 2010-12-09 19:25 -------- d-----w- c:\users\postgres\AppData\Local\temp
2010-12-09 19:19 . 2010-12-09 19:19 -------- d-----w- c:\users\ucet1\AppData\Local\temp
2010-12-09 19:19 . 2010-12-09 19:19 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-09 19:19 . 2010-12-09 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-07 07:42 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A0B24D1-92F4-4A5D-AF5D-6FFF932D5548}\mpengine.dll
2010-11-25 15:23 . 2010-11-25 15:23 -------- d-----w- c:\users\Czech\AppData\Local\Apple
2010-11-25 15:23 . 2010-11-26 10:55 -------- d-----w- c:\program files\Apple Software Update
2010-11-25 12:07 . 2010-11-25 12:07 -------- d-----w- c:\users\Czech\AppData\Local\Jan_Macháček
2010-11-25 12:06 . 2010-11-25 12:07 -------- d-----w- c:\users\Czech\AppData\Roaming\Pozadi z webky
2010-11-25 12:06 . 2010-11-25 12:18 -------- d-----w- c:\program files\Pozadi z webky
2010-11-25 02:02 . 2010-11-01 23:03 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-25 02:02 . 2010-11-01 22:59 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-13 19:03 . 2010-11-13 19:03 -------- d-----w- c:\users\Czech\AppData\Roaming\WebMoney
2010-11-13 18:59 . 2010-11-13 18:59 -------- d-----w- c:\program files\WebMoney Agent
2010-11-13 18:58 . 2010-11-13 18:59 -------- d-----w- c:\program files\WebMoney
2010-11-12 18:43 . 2010-11-12 18:43 -------- d-----w- c:\program files\SopCast
2010-11-10 13:04 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-09 19:30 . 2010-05-21 10:03 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-11-30 10:22 . 2010-07-15 18:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-29 14:10 . 2010-05-21 07:15 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-10-19 09:41 . 2010-05-21 10:54 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-05 17:57 . 2010-10-29 14:09 1084008 ----a-w- c:\windows\system32\RTSndMgr.cpl
2010-10-05 17:57 . 2010-10-29 14:09 3211432 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-10-05 17:57 . 2010-10-29 14:09 1843816 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-10-05 17:56 . 2010-10-29 14:09 66152 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-10-05 17:56 . 2010-10-29 14:09 453224 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-10-05 17:56 . 2010-10-29 14:09 3610216 ----a-w- c:\windows\system32\RtkAPO.dll
2010-10-05 17:56 . 2010-10-29 14:09 477288 ----a-w- c:\windows\system32\RCoRes.dat
2010-09-29 11:11 . 2010-10-29 14:09 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-09-27 07:34 . 2010-10-29 14:09 232792 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2010-09-16 17:33 . 2010-10-29 14:09 404704 ----a-w- c:\windows\system32\DTSVoiceClarityDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 427744 ----a-w- c:\windows\system32\DTSSymmetryDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 1131232 ----a-w- c:\windows\system32\DTSS2SpeakerDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 961248 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 290016 ----a-w- c:\windows\system32\DTSNeoPCDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 222944 ----a-w- c:\windows\system32\DTSLimiterDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 105696 ----a-w- c:\windows\system32\DTSLFXAPO.dll
2010-09-16 17:33 . 2010-10-29 14:09 105184 ----a-w- c:\windows\system32\DTSGFXAPONS.dll
2010-09-16 17:33 . 2010-10-29 14:09 105696 ----a-w- c:\windows\system32\DTSGFXAPO.dll
2010-09-16 17:32 . 2010-10-29 14:09 235232 ----a-w- c:\windows\system32\DTSGainCompensatorDLL.dll
2010-09-16 17:32 . 2010-10-29 14:09 899808 ----a-w- c:\windows\system32\DTSBoostDLL.dll
2010-09-16 17:32 . 2010-10-29 14:09 447200 ----a-w- c:\windows\system32\DTSBassEnhancementDLL.dll
2010-09-13 13:56 . 2010-10-13 11:01 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Czech\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-05-23 136176]
"googletalk"="c:\users\Czech\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-12 328568]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"GrooveMonitor"="d:\programy\office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-10-05 9742952]
"wmagent.exe"="c:\program files\WebMoney Agent\wmagent.exe" [2009-10-19 210400]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-30 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 136176]
R3 ASNDIS4;ASNDIS4 Protocol Driver;c:\windows\system32\ASNDIS4.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AFS;AFS; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-26 691696]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 13:35]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 13:35]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3438439536-3322280551-1058881768-1000Core.job
- c:\users\Czech\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 19:06]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3438439536-3322280551-1058881768-1000UA.job
- c:\users\Czech\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 19:06]
.
.
------- Doplňkový sken -------
.
uStart Page = https://forexcompanyonline.com/
IE: E&xportovat do aplikace Microsoft Excel - d:\programy\office\Office12\EXCEL.EXE/3000
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
TCP: {CC6C398E-5DAB-4154-99B2-3E3CD24A622C} = 8.8.8.8,8.8.4.4
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\users\Czech\AppData\Roaming\Mozilla\Firefox\Profiles\l7k2voko.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\users\Czech\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\Czech\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Czech\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 6\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Czech\AppData\Roaming\Mozilla\Firefox\Profiles\l7k2voko.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-AdobeBridge - (no file)
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Czech\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
Binary file temp00 matches
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3438439536-3322280551-1058881768-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9430C223-10C7-9AB8-79A8-57F3791B4807}*]
"mafbhkmchpfmdjagcbkeikcieh"=hex:6b,61,69,6a,64,6e,61,6b,6d,6e,66,6b,62,69,62,
63,69,70,70,6c,6f,63,00,00
"nahabimdgemokmfmlaghpcefohoj"=hex:6b,61,69,6a,64,6e,61,6b,6d,6e,66,6b,62,69,
62,63,69,70,70,6c,6f,63,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3260)
d:\programy\Nokia\Nokia PC Suite 6\phonebrowser.dll
d:\programy\Nokia\Nokia PC Suite 6\NGSCM.DLL
d:\programy\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
d:\programy\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-12-09 20:36:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-09 19:36

Před spuštěním: 8 841 773 056
Po spuštění: 8 617 164 800

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 53E30D84907ABD064086D100D17900D4

otestuj na www.virustotal.com
c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
link vloz sem.

to je co za program??musi ti bezat v startupe??

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex: Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

Já vůbec nevím co to je za program.... Nejspíš něco od Adobe to by snad nemělo být nějak nebezpečné. Níže je LOG.


ComboFix 10-12-08.04 - Czech 09.12.2010 21:56:30.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2038.1184 [GMT 1:00]
Spuštěný z: c:\users\Czech\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Czech\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFS
-------\Service_AFS


((((((((((((((((((((((((( Soubory vytvořené od 2010-11-09 do 2010-12-09 )))))))))))))))))))))))))))))))
.

2010-12-09 21:04 . 2010-12-09 21:06 -------- d-----w- c:\users\Czech\AppData\Local\temp
2010-12-09 21:04 . 2010-12-09 21:04 -------- d-----w- c:\users\ucet1\AppData\Local\temp
2010-12-09 21:04 . 2010-12-09 21:04 -------- d-----w- c:\users\postgres\AppData\Local\temp
2010-12-09 21:04 . 2010-12-09 21:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-07 07:42 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A0B24D1-92F4-4A5D-AF5D-6FFF932D5548}\mpengine.dll
2010-11-25 15:23 . 2010-11-25 15:23 -------- d-----w- c:\users\Czech\AppData\Local\Apple
2010-11-25 15:23 . 2010-11-26 10:55 -------- d-----w- c:\program files\Apple Software Update
2010-11-25 12:07 . 2010-11-25 12:07 -------- d-----w- c:\users\Czech\AppData\Local\Jan_Macháček
2010-11-25 12:06 . 2010-11-25 12:07 -------- d-----w- c:\users\Czech\AppData\Roaming\Pozadi z webky
2010-11-25 12:06 . 2010-11-25 12:18 -------- d-----w- c:\program files\Pozadi z webky
2010-11-25 02:02 . 2010-11-01 23:03 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-25 02:02 . 2010-11-01 22:59 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-13 19:03 . 2010-11-13 19:03 -------- d-----w- c:\users\Czech\AppData\Roaming\WebMoney
2010-11-13 18:59 . 2010-11-13 18:59 -------- d-----w- c:\program files\WebMoney Agent
2010-11-13 18:58 . 2010-11-13 18:59 -------- d-----w- c:\program files\WebMoney
2010-11-12 18:43 . 2010-11-12 18:43 -------- d-----w- c:\program files\SopCast
2010-11-10 13:04 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-09 21:06 . 2010-05-21 10:03 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-11-30 10:22 . 2010-07-15 18:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-29 14:10 . 2010-05-21 07:15 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-10-19 09:41 . 2010-05-21 10:54 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-05 17:57 . 2010-10-29 14:09 1084008 ----a-w- c:\windows\system32\RTSndMgr.cpl
2010-10-05 17:57 . 2010-10-29 14:09 3211432 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-10-05 17:57 . 2010-10-29 14:09 1843816 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-10-05 17:56 . 2010-10-29 14:09 66152 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-10-05 17:56 . 2010-10-29 14:09 453224 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-10-05 17:56 . 2010-10-29 14:09 3610216 ----a-w- c:\windows\system32\RtkAPO.dll
2010-10-05 17:56 . 2010-10-29 14:09 477288 ----a-w- c:\windows\system32\RCoRes.dat
2010-09-29 11:11 . 2010-10-29 14:09 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-09-27 07:34 . 2010-10-29 14:09 232792 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2010-09-16 17:33 . 2010-10-29 14:09 404704 ----a-w- c:\windows\system32\DTSVoiceClarityDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 427744 ----a-w- c:\windows\system32\DTSSymmetryDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 1131232 ----a-w- c:\windows\system32\DTSS2SpeakerDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 961248 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 290016 ----a-w- c:\windows\system32\DTSNeoPCDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 222944 ----a-w- c:\windows\system32\DTSLimiterDLL.dll
2010-09-16 17:33 . 2010-10-29 14:09 105696 ----a-w- c:\windows\system32\DTSLFXAPO.dll
2010-09-16 17:33 . 2010-10-29 14:09 105184 ----a-w- c:\windows\system32\DTSGFXAPONS.dll
2010-09-16 17:33 . 2010-10-29 14:09 105696 ----a-w- c:\windows\system32\DTSGFXAPO.dll
2010-09-16 17:32 . 2010-10-29 14:09 235232 ----a-w- c:\windows\system32\DTSGainCompensatorDLL.dll
2010-09-16 17:32 . 2010-10-29 14:09 899808 ----a-w- c:\windows\system32\DTSBoostDLL.dll
2010-09-16 17:32 . 2010-10-29 14:09 447200 ----a-w- c:\windows\system32\DTSBassEnhancementDLL.dll
2010-09-13 13:56 . 2010-10-13 11:01 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Czech\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-12 328568]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"GrooveMonitor"="d:\programy\office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-10-05 9742952]
"wmagent.exe"="c:\program files\WebMoney Agent\wmagent.exe" [2009-10-19 210400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 136176]
R3 ASNDIS4;ASNDIS4 Protocol Driver;c:\windows\system32\ASNDIS4.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-26 691696]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 13:35]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 13:35]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3438439536-3322280551-1058881768-1000Core.job
- c:\users\Czech\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 19:06]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3438439536-3322280551-1058881768-1000UA.job
- c:\users\Czech\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-23 19:06]
.
.
------- Doplňkový sken -------
.
uStart Page = https://forexcompanyonline.com/
IE: E&xportovat do aplikace Microsoft Excel - d:\programy\office\Office12\EXCEL.EXE/3000
IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
TCP: {CC6C398E-5DAB-4154-99B2-3E3CD24A622C} = 8.8.8.8,8.8.4.4
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\users\Czech\AppData\Roaming\Mozilla\Firefox\Profiles\l7k2voko.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox 4.0 Beta 6\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Czech\AppData\Roaming\Mozilla\Firefox\Profiles\l7k2voko.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
Binary file temp00 matches
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(1556)
d:\programy\Nokia\Nokia PC Suite 6\phonebrowser.dll
d:\programy\Nokia\Nokia PC Suite 6\NGSCM.DLL
d:\programy\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
d:\programy\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-12-09 22:12:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-09 21:12
ComboFix2.txt 2010-12-09 19:36

Před spuštěním: 8 593 727 488
Po spuštění: 8 528 740 352

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 308125E57443F1F4744A470A0A3D64CE

ok, ako je na tom pc??vyskusaj.

stell píše:ok, ako je na tom pc??vyskusaj.

Celkově PC se mi trochu zrychlilo. A hlavně ten web už mi na Chromu běží (zatím) naprosto v pořádku. Nejspíš za tím opravdu byl nějakej vir díky kterýmu jsem se nevědomky zapojoval do DDOS útoku. Oni ty útoky na ten web jsou opravdu intenzivní a velmi časté...

Děkuju moc za pomoc jseš jednička.

premenuj ikonu combofixu na uninstall a spust. cobofix sa odinstaluje.
stiahni OTM, na plochu
Stiahnes>>OTMoveIt3 by OldTimer >.podla navodu vloz text a klik-Moveit>> Tot vse.
nemas zaco.

Tady je ještě ten poslední Log.


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP20AC.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP405C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4602.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5512.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB354.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCDDA.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE436.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI119.tmp moved successfully.
C:\WINDOWS\Installer\MSI1348.tmp moved successfully.
C:\WINDOWS\Installer\MSI1471.tmp moved successfully.
C:\WINDOWS\Installer\MSI1608.tmp moved successfully.
C:\WINDOWS\Installer\MSI19B1.tmp moved successfully.
C:\WINDOWS\Installer\MSI1B86.tmp moved successfully.
C:\WINDOWS\Installer\MSI1CCE.tmp moved successfully.
C:\WINDOWS\Installer\MSI1E46.tmp moved successfully.
C:\WINDOWS\Installer\MSI1FFC.tmp moved successfully.
C:\WINDOWS\Installer\MSI2386.tmp moved successfully.
C:\WINDOWS\Installer\MSI254B.tmp moved successfully.
C:\WINDOWS\Installer\MSI26F1.tmp moved successfully.
C:\WINDOWS\Installer\MSI28A7.tmp moved successfully.
C:\WINDOWS\Installer\MSI2955.tmp moved successfully.
C:\WINDOWS\Installer\MSI2A1E.tmp moved successfully.
C:\WINDOWS\Installer\MSI2C8F.tmp moved successfully.
C:\WINDOWS\Installer\MSI2DD8.tmp moved successfully.
C:\WINDOWS\Installer\MSI2E74.tmp moved successfully.
C:\WINDOWS\Installer\MSI300B.tmp moved successfully.
C:\WINDOWS\Installer\MSI3144.tmp moved successfully.
C:\WINDOWS\Installer\MSI32F8.tmp moved successfully.
C:\WINDOWS\Installer\MSI436.tmp moved successfully.
C:\WINDOWS\Installer\MSI70F6.tmp moved successfully.
C:\WINDOWS\Installer\MSI74B0.tmp moved successfully.
C:\WINDOWS\Installer\MSI779A.tmp moved successfully.
C:\WINDOWS\Installer\MSI7B33.tmp moved successfully.
C:\WINDOWS\Installer\MSI907.tmp moved successfully.
C:\WINDOWS\Installer\MSIB0B.tmp moved successfully.
C:\WINDOWS\Installer\MSIBB1F.tmp moved successfully.
C:\WINDOWS\Installer\MSIC128.tmp moved successfully.
C:\WINDOWS\Installer\MSIC50F.tmp moved successfully.
C:\WINDOWS\Installer\MSIC63.tmp moved successfully.
C:\WINDOWS\Installer\MSIC9B6.tmp moved successfully.
C:\WINDOWS\Installer\MSID92C.tmp moved successfully.
C:\WINDOWS\Installer\MSIDAC.tmp moved successfully.
C:\WINDOWS\Installer\MSIFB22.tmp moved successfully.
C:\WINDOWS\Installer\MSIFD80.tmp moved successfully.
C:\WINDOWS\ServiceProfiles\LocalService\AppData\Local\Temp\RACAD2E.tmp moved successfully.
File move failed. C:\WINDOWS\System32\DriverStore\FileRepository\hposcu08.inf_6b5c1a40\drivers\scanner\hpqgends.tmp scheduled to be moved on reboot.
C:\WINDOWS\Temp\Cab3429.tmp moved successfully.
C:\WINDOWS\Temp\Tar3459.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Czech
->Temp folder emptied: 34522 bytes
->Temporary Internet Files folder emptied: 1577102 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1158 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: ucet1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33972 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 12102010_114002

Files moved on Reboot...
File move failed. C:\WINDOWS\System32\DriverStore\FileRepository\hposcu08.inf_6b5c1a40\drivers\scanner\hpqgends.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...