Best Malware Protection
Napsal: 25 dub 2011 17:40
Zdravím. Do počítače se mi vloupal tento obtížný zmetek a blokuje všechny antivirové i antispywarové programy, takže není možné jej odstranit, nepovolí ani rozběhnout správce úloh. Prosím o pomoc a předem děkuji.
1. část logu:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Charlie at 2011-04-25 18:33:14
Microsoft Windows 7 Ultimate
System drive C: has 233 GB (49%) free of 477 GB
Total RAM: 4094 MB (68% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:33:33, on 25.4.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Users\Charlie\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Windows\SysWOW64\ATWTUSB.EXE
C:\Windows\SysWOW64\TBLMOUSE.EXE
C:\ProgramData\36617b\BM366_290.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\trend micro\Charlie.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 216.240.133.193 www.google.com
O1 - Hosts: 178.17.165.3 www.google.com
O1 - Hosts: 216.240.133.193 www.google.com.au
O1 - Hosts: 178.17.165.3 www.google.com.au
O1 - Hosts: 216.240.133.193 www.google.be
O1 - Hosts: 178.17.165.3 www.google.be
O1 - Hosts: 216.240.133.193 www.google.com.br
O1 - Hosts: 178.17.165.3 www.google.com.br
O1 - Hosts: 216.240.133.193 www.google.ca
O1 - Hosts: 178.17.165.3 www.google.ca
O1 - Hosts: 216.240.133.193 www.google.ch
O1 - Hosts: 178.17.165.3 www.google.ch
O1 - Hosts: 216.240.133.193 www.google.de
O1 - Hosts: 178.17.165.3 www.google.de
O1 - Hosts: 216.240.133.193 www.google.dk
O1 - Hosts: 178.17.165.3 www.google.dk
O1 - Hosts: 216.240.133.193 www.google.fr
O1 - Hosts: 178.17.165.3 www.google.fr
O1 - Hosts: 216.240.133.193 www.google.ie
O1 - Hosts: 178.17.165.3 www.google.ie
O1 - Hosts: 216.240.133.193 www.google.it
O1 - Hosts: 178.17.165.3 www.google.it
O1 - Hosts: 216.240.133.193 www.google.co.jp
O1 - Hosts: 178.17.165.3 www.google.co.jp
O1 - Hosts: 216.240.133.193 www.google.nl
O1 - Hosts: 178.17.165.3 www.google.nl
O1 - Hosts: 216.240.133.193 www.google.no
O1 - Hosts: 178.17.165.3 www.google.no
O1 - Hosts: 216.240.133.193 www.google.co.nz
O1 - Hosts: 178.17.165.3 www.google.co.nz
O1 - Hosts: 216.240.133.193 www.google.pl
O1 - Hosts: 178.17.165.3 www.google.pl
O1 - Hosts: 216.240.133.193 www.google.se
O1 - Hosts: 178.17.165.3 www.google.se
O1 - Hosts: 216.240.133.193 www.google.co.uk
O1 - Hosts: 178.17.165.3 www.google.co.uk
O1 - Hosts: 216.240.133.193 www.google.co.za
O1 - Hosts: 178.17.165.3 www.google.co.za
O1 - Hosts: 216.240.133.193 www.bing.com
O1 - Hosts: 178.17.165.3 www.bing.com
O1 - Hosts: 216.240.133.193 search.yahoo.com
O1 - Hosts: 178.17.165.3 search.yahoo.com
O1 - Hosts: 216.240.133.193 uk.search.yahoo.com
O1 - Hosts: 178.17.165.3 uk.search.yahoo.com
O1 - Hosts: 216.240.133.193 ca.search.yahoo.com
O1 - Hosts: 178.17.165.3 ca.search.yahoo.com
O1 - Hosts: 216.240.133.193 de.search.yahoo.com
O1 - Hosts: 178.17.165.3 de.search.yahoo.com
O1 - Hosts: 216.240.133.193 fr.search.yahoo.com
O1 - Hosts: 178.17.165.3 fr.search.yahoo.com
O1 - Hosts: 216.240.133.193 au.search.yahoo.com
O1 - Hosts: 178.17.165.3 au.search.yahoo.com
O1 - Hosts: 216.240.133.193 www.google-analytics.com
O1 - Hosts: 178.17.165.3 www.google-analytics.com
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Charlie\Program Files (x86)\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Best Malware Protection] "C:\ProgramData\36617b\BM366_290.exe" /s /d
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files (x86)\ClickPotatoLite\bin\10.0.628.0\ClickPotatoLiteSABHO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9779 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
/QuitInfo:0000000000000624;000000000000062C; /AddRef;
"taskhost.exe"
/QuitInfo:00000000000006A0;0000000000000694; /AddRef;
/QuitInfo:00000000000006A8;00000000000006B0;
/loadhooks /Parent:00000000000008D8
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Users\Charlie\Program Files (x86)\DNA\btdna.exe"
"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Windows\System32\ATWTUSB.EXE"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
TBLMOUSE.EXE U
"C:\ProgramData\36617b\BM366_290.exe" /s /d
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4056.7f1f2e0.969627861 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 4056 plugin \\.\pipe\gecko-crash-server-pipe.4056
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
"C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding
"taskhost.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Charlie\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
1. část logu:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Charlie at 2011-04-25 18:33:14
Microsoft Windows 7 Ultimate
System drive C: has 233 GB (49%) free of 477 GB
Total RAM: 4094 MB (68% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:33:33, on 25.4.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Users\Charlie\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Windows\SysWOW64\ATWTUSB.EXE
C:\Windows\SysWOW64\TBLMOUSE.EXE
C:\ProgramData\36617b\BM366_290.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\trend micro\Charlie.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 216.240.133.193 www.google.com
O1 - Hosts: 178.17.165.3 www.google.com
O1 - Hosts: 216.240.133.193 www.google.com.au
O1 - Hosts: 178.17.165.3 www.google.com.au
O1 - Hosts: 216.240.133.193 www.google.be
O1 - Hosts: 178.17.165.3 www.google.be
O1 - Hosts: 216.240.133.193 www.google.com.br
O1 - Hosts: 178.17.165.3 www.google.com.br
O1 - Hosts: 216.240.133.193 www.google.ca
O1 - Hosts: 178.17.165.3 www.google.ca
O1 - Hosts: 216.240.133.193 www.google.ch
O1 - Hosts: 178.17.165.3 www.google.ch
O1 - Hosts: 216.240.133.193 www.google.de
O1 - Hosts: 178.17.165.3 www.google.de
O1 - Hosts: 216.240.133.193 www.google.dk
O1 - Hosts: 178.17.165.3 www.google.dk
O1 - Hosts: 216.240.133.193 www.google.fr
O1 - Hosts: 178.17.165.3 www.google.fr
O1 - Hosts: 216.240.133.193 www.google.ie
O1 - Hosts: 178.17.165.3 www.google.ie
O1 - Hosts: 216.240.133.193 www.google.it
O1 - Hosts: 178.17.165.3 www.google.it
O1 - Hosts: 216.240.133.193 www.google.co.jp
O1 - Hosts: 178.17.165.3 www.google.co.jp
O1 - Hosts: 216.240.133.193 www.google.nl
O1 - Hosts: 178.17.165.3 www.google.nl
O1 - Hosts: 216.240.133.193 www.google.no
O1 - Hosts: 178.17.165.3 www.google.no
O1 - Hosts: 216.240.133.193 www.google.co.nz
O1 - Hosts: 178.17.165.3 www.google.co.nz
O1 - Hosts: 216.240.133.193 www.google.pl
O1 - Hosts: 178.17.165.3 www.google.pl
O1 - Hosts: 216.240.133.193 www.google.se
O1 - Hosts: 178.17.165.3 www.google.se
O1 - Hosts: 216.240.133.193 www.google.co.uk
O1 - Hosts: 178.17.165.3 www.google.co.uk
O1 - Hosts: 216.240.133.193 www.google.co.za
O1 - Hosts: 178.17.165.3 www.google.co.za
O1 - Hosts: 216.240.133.193 www.bing.com
O1 - Hosts: 178.17.165.3 www.bing.com
O1 - Hosts: 216.240.133.193 search.yahoo.com
O1 - Hosts: 178.17.165.3 search.yahoo.com
O1 - Hosts: 216.240.133.193 uk.search.yahoo.com
O1 - Hosts: 178.17.165.3 uk.search.yahoo.com
O1 - Hosts: 216.240.133.193 ca.search.yahoo.com
O1 - Hosts: 178.17.165.3 ca.search.yahoo.com
O1 - Hosts: 216.240.133.193 de.search.yahoo.com
O1 - Hosts: 178.17.165.3 de.search.yahoo.com
O1 - Hosts: 216.240.133.193 fr.search.yahoo.com
O1 - Hosts: 178.17.165.3 fr.search.yahoo.com
O1 - Hosts: 216.240.133.193 au.search.yahoo.com
O1 - Hosts: 178.17.165.3 au.search.yahoo.com
O1 - Hosts: 216.240.133.193 www.google-analytics.com
O1 - Hosts: 178.17.165.3 www.google-analytics.com
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Charlie\Program Files (x86)\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Best Malware Protection] "C:\ProgramData\36617b\BM366_290.exe" /s /d
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files (x86)\ClickPotatoLite\bin\10.0.628.0\ClickPotatoLiteSABHO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9779 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
/QuitInfo:0000000000000624;000000000000062C; /AddRef;
"taskhost.exe"
/QuitInfo:00000000000006A0;0000000000000694; /AddRef;
/QuitInfo:00000000000006A8;00000000000006B0;
/loadhooks /Parent:00000000000008D8
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Users\Charlie\Program Files (x86)\DNA\btdna.exe"
"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Windows\System32\ATWTUSB.EXE"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
TBLMOUSE.EXE U
"C:\ProgramData\36617b\BM366_290.exe" /s /d
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4056.7f1f2e0.969627861 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 4056 plugin \\.\pipe\gecko-crash-server-pipe.4056
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe"
"C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding
"taskhost.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Charlie\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
Stahněte MBAM z mého podpisu