VIRY.CZ

Dobrý den, pokusil jsem se tento vir odstranit pomocí různých návodů, ale nejsem si zcela jist jestli se mi to povedlo. Log, který jsem zhotovil pomocí programu, který uvádíte se sem nevejde, mohl bych ho poslat např. na nějaký e-mail? Děkuji

Zdravim
Vsetky produkty od IOBIT>.odinstalovat.
Pouzi tento navod z mojho BLOGU
Logy vkladaj sem, budem tu okolo 7-vecer.

logy z KROKU 5 v návodu na vašem Bloku:

Možnost 2 v Roguekiller:

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Ondra [Admin rights]
Mode: Remove -- Date : 07/23/2011 18:18:01

Bad processes: 2
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED
[SUSP PATH] ClickClean.exe -- c:\documents and settings\ondra\local settings\data aplikací\google\chrome\user data\default\extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.6.0.0_0\plugin\clickclean.exe -> KILLED

Registry Entries: 1
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt


Možnost 3 v Roguekiller:


RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Ondra [Admin rights]
Mode: HOSTSFix -- Date : 07/23/2011 18:18:31

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Možnost 4 v Roguekiller:


RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Ondra [Admin rights]
Mode: ProxyFix -- Date : 07/23/2011 18:18:43

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


Možnost 5 v Roguekiller:


RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Ondra [Admin rights]
Mode: DNSFix -- Date : 07/23/2011 18:18:48

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

ok, pokracuj Malwarebytes, uplny sken, najdene odstranit, a log vloz sem,
sprav vsetko az po AVPTOOL, takze AVPTOOL uz nerob,, lebo mas tu mna, a vycistime to inak.

Dobře mockrát děkuji. Úplný sken bude trvat trochu déle už probíhá hodinu a vypadá to na nejméně dvakrát tolik, takže se zatím loučím.

ok, len kludne casu dost.

Log z Malwarebytes:


Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24.7.2011 0:15:50
mbam-log-2011-07-24 (00-15-50).txt

Typ: Úplná kontrola (C:\|E:\|)
Kontrolované objekty: 407199
Uplynulý čas: 1 hodin, 52 minut, 58 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 2
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 10

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\Jitka\dokumenty\azureus downloads\fs2004 - fsd cessna 337 skymaster rip\Aircraft\fsd cessna 337d\texture\FSD2_L.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\Jitka\Plocha\Flash\cod4 mw (instal)\crack+čeština\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\documents and settings\Jitka\Plocha\záloha-notebook\programy\dvdfab gold 3\dvdfabgold.exe (Malware.NSPack) -> Quarantined and deleted successfully.
c:\documents and settings\Ondra\local settings\data aplikací\gameplaylabs plugin\BHO.dll (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files\dvdfab gold 3\dvdfabgold.exe (Malware.NSPack) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6eea394e-af85-4cc9-b3d2-a77be8cc71c3}\rp406\a0268494.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6eea394e-af85-4cc9-b3d2-a77be8cc71c3}\rp406\a0268496.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6eea394e-af85-4cc9-b3d2-a77be8cc71c3}\rp406\a0268497.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\9147420.exe (Trojan.Agent) -> Quarantined and deleted successfully.

ok, spust combofix, zajtra sa pozriem na log
PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

Dobrý den, posílám log z opakovaného scanu Malwarebytes (dle návodu), za chvíli pošlu log z Combofixu.

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24.7.2011 2:10:28
mbam-log-2011-07-24 (02-10-28).txt

Typ: Úplná kontrola (A:\|C:\|D:\|E:\|F:\|H:\|I:\|J:\|K:\|)
Kontrolované objekty: 407989
Uplynulý čas: 1 hodin, 42 minut, 35 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Log z Combofixu má 519473 znaků, takže by se sem nevešel ani na třikrát, posílám odkaz na úschovnu:

http://www.uschovna.cz/zasilka/EBR2B7C8AHY5GYLY-J5T

Ještě se chci zeptat, ve vašem návodu v kroku 7 je napsáno: Zopakujeme kontrolu, bod 4 a bod 5.a 6., ale bod 5.=provést další kontrolu, opravdu to tak mám dělat? (kontrolu, použití Roguekiller a znovu kontrolu a restart?)

ano, spust znova RogouKiller, a vloz sem logy. a uvidime ci dame este raz malwarebytes.
ComboFix 11-07-19.03 - Ondra 24.07.2011 10:06:01.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.439 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ondra\Plocha\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\proc_list1.log
c:\windows\update.2
c:\windows\update.5.0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-24 do 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-23 16:14 . 2011-07-23 16:14 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\PriceGong
2011-07-23 16:13 . 2011-07-23 16:17 -------- d-----w- c:\documents and settings\Ondra\Local Settings\Data aplikací\AskToolbar
2011-07-23 16:13 . 2011-07-23 16:14 -------- d-----w- c:\documents and settings\Ondra\Local Settings\Data aplikací\ConduitEngine
2011-07-23 16:13 . 2011-07-23 16:13 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\Toolbar4
2011-07-23 10:20 . 2011-07-23 10:22 -------- d-----w- c:\program files\trend micro
2011-07-23 10:20 . 2011-07-23 10:20 -------- d-----w- C:\rsit
2011-07-23 10:00 . 2011-07-23 10:00 -------- d-----w- c:\program files\Symantec
2011-07-23 10:00 . 2011-07-23 10:00 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-07-23 10:00 . 2011-07-23 10:00 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-23 10:00 . 2011-07-23 10:00 -------- d-----w- c:\program files\Norton Internet Security
2011-07-23 09:54 . 2011-07-23 09:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PCSettings
2011-07-23 09:43 . 2011-07-23 09:43 -------- d-----w- c:\program files\NortonInstaller
2011-07-23 09:39 . 2011-07-23 10:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton
2011-07-23 07:34 . 2011-07-23 07:34 -------- d-----w- c:\documents and settings\Marek\Data aplikací\Malwarebytes
2011-07-22 20:54 . 2011-07-22 20:54 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\Malwarebytes
2011-07-22 20:54 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-22 20:54 . 2011-07-22 20:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-22 20:54 . 2011-07-22 20:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-22 20:54 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-22 17:56 . 2011-07-23 13:41 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-22 17:56 . 2011-07-22 21:05 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-22 17:34 . 2011-07-22 17:57 -------- d-----w- c:\windows\av_ico
2011-07-22 17:05 . 2011-07-22 17:05 -------- d-----w- c:\windows\ufa
2011-07-22 17:05 . 2011-07-22 17:05 -------- d-----w- c:\windows\rpcminer
2011-07-22 17:05 . 2011-07-22 17:05 -------- d-----w- c:\windows\phoenix
2011-07-22 16:54 . 2011-07-22 16:54 -------- d-----w- c:\documents and settings\Guest\Local Settings\Data aplikací\Adobe
2011-07-22 16:48 . 2011-07-22 17:05 246272 ----a-w- c:\windows\unrar.exe
2011-07-22 16:46 . 2011-07-22 16:46 -------- d-----w- c:\documents and settings\NetworkService\Nabídka Start
2011-07-22 16:44 . 2011-07-23 13:41 -------- d--h--w- c:\windows\update.tray-10-0-lnk
2011-07-22 16:44 . 2011-07-22 21:05 -------- d--h--w- c:\windows\update.tray-10-0
2011-07-22 16:44 . 2011-07-22 16:44 -------- d-----w- c:\documents and settings\Administrator
2011-07-22 16:32 . 2011-07-22 16:32 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-22 15:55 . 1998-06-24 00:00 115016 ----a-w- c:\windows\system32\MSINET.OCX
2011-07-22 15:55 . 2002-10-17 10:35 26096 ----a-w- c:\windows\system32\xmlinst.exe
2011-07-22 15:55 . 2002-04-24 12:43 35840 ----a-w- c:\windows\system32\comdlg32.oca
2011-07-22 15:55 . 2002-04-09 17:23 29184 ----a-w- c:\windows\system32\MSINET.oca
2011-07-22 15:55 . 2000-03-17 08:21 36864 ----a-w- c:\windows\system32\xmlparse.dll
2011-07-22 15:55 . 2000-03-17 08:21 69632 ----a-w- c:\windows\system32\xmltok.dll
2011-07-22 15:49 . 2011-07-22 15:55 -------- d-----w- c:\program files\Ubisoft
2011-07-22 11:28 . 2011-07-22 11:28 -------- d-----w- c:\documents and settings\Valerie\Local Settings\Data aplikací\Sony Ericsson
2011-07-19 08:02 . 2011-07-19 08:02 -------- d-----w- c:\program files\pdfforge Toolbar
2011-07-18 17:57 . 2011-07-18 17:57 -------- d-----w- c:\documents and settings\Ondra\Local Settings\Data aplikací\Apple Computer
2011-07-17 13:06 . 2011-07-17 13:06 -------- d-----w- c:\program files\IObit Toolbar
2011-07-08 17:56 . 2011-07-08 17:56 -------- d-----w- c:\documents and settings\Guest\Local Settings\Data aplikací\Google
2011-07-08 17:56 . 2011-07-22 16:50 -------- d-----w- c:\documents and settings\Guest\Data aplikací\IObit
2011-07-07 17:20 . 2011-07-07 17:20 -------- d-----w- c:\documents and settings\Ondra\Local Settings\Data aplikací\Symantec
2011-07-07 13:55 . 2011-07-07 13:55 -------- d-----w- c:\documents and settings\Valerie\Data aplikací\Tific
2011-07-07 13:55 . 2011-07-07 13:55 -------- d-----w- c:\documents and settings\Valerie\Local Settings\Data aplikací\Symantec
2011-07-04 07:09 . 2011-07-04 07:10 -------- d-----w- c:\program files\Planet Horse
2011-07-04 07:08 . 2011-07-04 07:09 -------- d-----w- c:\documents and settings\Valerie\Data aplikací\DAEMON Tools Lite
2011-07-03 20:15 . 2011-07-03 20:15 1409 ----a-w- c:\windows\QTFont.for
2011-07-03 14:57 . 2011-07-03 14:57 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-03 14:57 . 2011-07-03 14:57 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-25 12:55 . 2011-06-25 12:55 -------- d-----w- c:\documents and settings\NetworkService\Plocha
2011-06-25 08:44 . 2011-06-29 18:46 -------- d-----w- c:\documents and settings\Valerie\Data aplikací\go
2011-06-25 08:36 . 2011-06-29 20:00 -------- d-----w- c:\documents and settings\Valerie\Data aplikací\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-08 12:51 . 2009-09-14 17:11 138160 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-08 12:50 . 2009-09-15 17:31 271200 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2011-07-08 12:50 . 2009-09-14 17:10 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-15 11:39 . 2011-06-15 11:39 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-12 13:38 . 2011-05-20 14:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-12 13:36 . 2011-06-13 13:43 718208 ----a-w- c:\windows\system32\ezGOSvcApp.exe
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-08 09:04 . 2009-09-14 17:10 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-05-08 09:04 . 2009-09-14 17:10 271200 -c--a-w- c:\windows\system32\PnkBstrB.ex0
2011-05-02 15:32 . 2009-09-14 13:25 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-03-02 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:06 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-07-03 14:57 . 2011-04-13 19:35 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22E4A387-EBFC-442B-B46A-4E7957176FE0}]
2010-06-18 16:01 2604032 -c----w- c:\program files\Facicons\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 14:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyA0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
"{7124C800-B6B8-4A2E-BEC0-8B9ECCEA2149}"= "c:\program files\Facicons\tbcore3.dll" [2010-06-18 2604032]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{7124c800-b6b8-4a2e-bec0-8b9eccea2149}]
[HKEY_CLASSES_ROOT\TBSB02843.TBSB02843.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB02843.TBSB02843]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
"{7124C800-B6B8-4A2E-BEC0-8B9ECCEA2149}"= "c:\program files\Facicons\tbcore3.dll" [2010-06-18 2604032]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{7124c800-b6b8-4a2e-bec0-8b9eccea2149}]
[HKEY_CLASSES_ROOT\TBSB02843.TBSB02843.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB02843.TBSB02843]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"Ashampoo Core Tuner"="c:\program files\Ashampoo\Ashampoo Core Tuner\ct.exe" [2009-09-25 3334488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Valerie\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Marek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Ubisoft register.lnk - c:\program files\Ubisoft\Register\schedule.exe [2011-7-22 28672]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^SMART Board Tools.lnk]
backup=c:\windows\pss\SMART Board Tools.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 -c--a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"SweetIM"=c:\program files\SweetIM\Messenger\SweetIM.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Ashampoo Core Tuner"="c:\program files\Ashampoo\Ashampoo Core Tuner\ct.exe" -TRAY
"JMB36X IDE Setup"=c:\windows\JM\JMInsIDE.exe
"36X Raid Configurer"=c:\windows\system32\JMRaidSetup.exe boot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"facemoods"="c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"e:\\Program Files\\CoJBiBGame_x86.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCGui.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCService.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [15.6.2011 13:41 13496]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.9.2009 7:49 691696]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SymDS.sys [15.6.2011 11:15 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SymEFA.sys [15.6.2011 11:15 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [19.5.2011 21:37 810616]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [15.6.2011 13:39 218688]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.sys [15.6.2011 11:15 136312]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [15.6.2011 12:07 353168]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [24.6.2011 17:30 393112]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.9.2009 18:08 247096]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [23.7.2011 12:00 130008]
R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\SMART Product Drivers\UCService.exe [25.1.2011 18:10 846704]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 1:06 49152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [23.7.2011 12:49 105592]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [29.5.2010 15:20 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [29.5.2010 15:20 9856]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20110722.031\IDSXpx86.sys [22.7.2011 4:16 355256]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [25.12.2009 18:44 27632]
S2 gupdate1ca871463227f02;Služba Google Update (gupdate1ca871463227f02);c:\program files\Google\Update\GoogleUpdate.exe [27.12.2009 18:48 133104]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2.7.2010 11:53 406016]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18.9.2009 16:06 13224]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [29.5.2010 15:20 17408]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27.12.2009 18:48 133104]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [6.4.2011 20:18 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [6.4.2011 20:18 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [6.4.2011 20:18 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [6.4.2011 20:18 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [6.4.2011 20:18 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [6.4.2011 20:18 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [6.4.2011 20:18 115752]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [25.1.2011 18:13 1678704]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [6.4.2011 20:16 155344]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2.3.2006 14:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-23 c:\windows\Tasks\ASC4_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-06-15 12:46]
.
2011-07-24 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-09-14 13:13]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6f03f1d63b08.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 16:48]
.
2011-07-24 c:\windows\Tasks\Registry Reviver-Marek-Startup.job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2010-05-27 11:33]
.
2011-07-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 11:29]
.
2011-07-24 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-06-15 18:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.facemoods.com/?a=ost
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.254
FF - ProfilePath - c:\documents and settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\0zieh489.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ost
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=


FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-24 10:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-515967899-839522115-1005\Software\SecuROM\License information*]
"datasecu"=hex:c6,7b,06,20,16,a8,05,13,94,1d,41,98,7e,00,9f,84,2b,96,d3,a9,35,
19,df,f1,68,84,67,2d,9e,88,20,a8,f9,77,20,bb,a0,d7,0e,65,4c,07,ae,37,7e,3a,\
"rkeysecu"=hex:87,78,0a,12,f1,dd,32,d9,24,ee,38,53,48,09,98,64
.
[HKEY_USERS\S-1-5-21-1659004503-515967899-839522115-1007\Software\SecuROM\License information*]
"datasecu"=hex:57,d3,a0,31,17,b8,45,2b,43,8a,ea,df,2d,71,a3,47,e4,33,66,43,fd,
64,52,9b,a5,39,fb,41,83,f7,88,9c,e8,a3,18,a7,e2,d6,cf,90,ae,88,9c,5e,88,c0,\
"rkeysecu"=hex:b8,f0,d0,49,86,09,41,04,68,5f,82,b2,47,4f,50,b1
.
Celkový čas: 2011-07-24 10:18:14
ComboFix-quarantined-files.txt 2011-07-24 08:18
.
Před spuštěním: 9 037 918 208
Po spuštění: 9 645 789 184
.
- - End Of File - - 7D783A429FA5FBEFB9B783F1B7401924

cece, rob len toto, Malwarebytes uz nerob,a nestahuj vseliake blobosti na opravu pc.

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex: Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí