Coolwebsearch smejd + log

[Sobo]

Zdravim, vcera mne z niceho nic zacala otravovat tahle hnusna havet, ktera se bavi tim, ze porad vyhazuje hlasky jak je PC zamoreno apod. Nekolikrat jsem nechal projet scan Ad-Aware a Spybotu, ovsem ti jsou bezmocni, sice to vsechno smazou, ale pri dalsim scanu o dve minuty pozdeji je to zpatky. Zkousel jsem i nejake utility primo urcene na odstraneni toho coolweba, ale ani to nepomohlo, vi nekdo z vas, jak na to??


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:59, on 21.7.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\uoyzsydz.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Install\_utilities\Miranda\Mir4nda-IM-0.7-Pack-v1.9.1\miranda32.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Filestotalcmd\Total Commander\TOTALCMD.EXE
C:\Users\Sobo\AppData\Local\Temp\mexe.com
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\uoyzsydz.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: IE.Filter - {F65E955E-26C0-42FF-8EE2-443A05EA286A} - C:\Windows\system32\IEXFIL~1.DLL
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MirandaIM] "D:\Install\_utilities\Miranda\Mir4nda-IM-0.7-Pack-v1.9.1\miranda32.exe" "D:\Install\_utilities\Miranda\Mir4nda-IM-0.7-Pack-v1.9.1\Profile\dbase-v6.0"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [PTC Klikaè] D:\PTC\klikac.exe
O4 - HKCU\..\Run: [Steam] "d:\hry\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - D:\3DS Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe (file missing)
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - D:\3D max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe (file missing)
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\Windows\winself.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\Windows\portsv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7470 bytes

[Sobo]

Kam se podel EDIT?? Nejak ho tu nemam/nevidim.

Jinak vypada to asi takhle + jeste ikonka trojuhelniku s vykricnikem v tray

http://imajr.com/Coolweb-1138057
http://imajr.com/trojan-security-1138056


// jo, jeste mi pri stisknuti CTRL+ALT+DELETE chybi moznost spustit task managera.

[rary]

Zdravím.

Stáhni si ComboFix a ulož ho na plochu a poté ho spusť.
Postupuj dle pokynů na obrazovce, během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Je možné, že se restartuje počítač, znamená to, že byli nalezeny škodlivé soubory a je nutný restart, aby je ComboFix smazal.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.

Poznámka: Pro spuštění ComboFixe je nutné mít práva administrátora.

[Sobo]

No jo, ale na internetu jsem se docelt, ze combofix je dost nebezpecny a muze nenavratne poskodit pocitac.

Jsi si tim fakt jisty?? Jinak jsem jeste neco odmazal Spybotem a Avastem, cimz jsem se zbavil tech vlezlych reklam a nemoznosti spustit spravce uloh, takze system se ted jevi uplne normalni, ale ten Coolweb smejd tam porad je, zkusim jeste neco vygooglit.

[rary]

Nejprve bych se chtěl omluvit, že mám takové zpoždění, ale měl jsem málo času.

Ano máš pravdu ComboFix se nedoporučuje používat začátečníkům, protože může způsobit problémy s OS či smazat nějaký legitimní soubor. Ale to se stává v málo případech. Na druhé straně je ComboFix mocný nástroj a to z toho důvodu, že dokáže smazat spoustu havěti, na které běžné bezpečnostní programy nemají a navíc zobrazuje soubory vytvořené a modifikované během 30ti dnů.
Takže toho ComboFixe použij.

[Sobo]

No, vypada to, ze ani nebudu muset. Pomoci kombinace Ad-Aware + Spybot + Avast jsem PC vycistil, toho coolweba jsem se zbavil specialni utilitou CWSshreder. Projel jsem uz nekolik scanu a zda se, ze je cisto. Kdyby neco, tak pouziju ComboFix. Diky.