MWAV vyhadzuje chyby

[motji]

Prosím Vás, ten soubot otestujte znovu, aby to byl Váš soubor z počítače


----------------
editováno

[korzar]

ledok AVP tool
Autoscan: completed 6 hours ago (events: 3, objects: 418152, time: 02:31:41)
17.2.2010 0:02:28 Task started
17.2.2010 0:09:00 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrator\Application Data\Thinstall\Internet TV & Radio Player\TEMP\TVPlayer.exe.TA
17.2.2010 2:34:09 Task completed

[motji]

Já jsem Vám to trochu editovala .
Jak to ted vypadá s počítačem?

[korzar]

este raz virus total
http://www.virustotal.com/cs/analisis/d ... 1246969906

s pocitacom neviem, lebo celu noc testoval
skusim restartnut a zhodnotim

[motji]

Prosím Vás, když se Vás na vt zeptá, zda cxhcete stálý odkaz, nebo znovu testovat, dejte otestovat znovu.
Tohle určitě není Váš soubor 427a07930056060b80d90bc22981760095d85469.EXE přijatý 2009.07.07

A viruta bych Vám fakt nepřála , naštěstí ho Avptool nepotvrdil

[korzar]

no, win po restarte nabieha slusne. Dlhsie trva nabeh Eset SC4 - asi 40 sec, a firefox asi minutu. Potom ide vsetko relativne dobre
novy vysledok VT
http://www.virustotal.com/cs/analisis/d ... 1266393353

[motji]

Předpokládám že to bude falešná detekce. Ten program znáte?

[korzar]

365 dni? to je TV program. Trochu masivny na moj vkus, ale dobry

[motji]

Ještě prosím znovu otestujte tento soubor
c:\lotus\organize\bandobjs.dll

a pak domažeme zbytky

[korzar]

http://www.virustotal.com/cs/analisis/1 ... 1266394438

[motji]

Děkuji

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Regnull::
[HKEY_USERS\S-1-5-21-1547161642-1563985344-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{14AC7FF2-6A27-A8E7-E230-8304256ADFF2}*]

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[korzar]

neviem preco mi to robi, stale mi vyhodi CD emulation drivers running a restrtne mi pocitac...
mozno to tak ma byt, neviem.
Musim teraz utekat do prace.
Urobim to vecer
dakujem za vasu ochotu a cas

[motji]

Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe
- zmáčkněte tlačítko disable,
-restartujte pc,
-řekněte, zda už je to v pořádku

[korzar]

tak este ten log:
ComboFix 10-02-12.01 - Administrator 17.02.2010 10:02:33.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.511.261 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((( Files Created from 2010-01-17 to 2010-02-17 )))))))))))))))))))))))))))))))
.

2010-02-15 12:20 . 2010-02-15 12:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\ESET
2010-02-15 12:19 . 2010-02-15 12:19 -------- d-----w- c:\program files\ESET
2010-02-14 00:46 . 2010-02-14 00:46 -------- d-----w- c:\windows\system32\Adobe
2010-02-13 15:48 . 2010-02-13 15:48 81920 ----a-w- c:\windows\OLE2TASK.DAT
2010-02-13 15:47 . 2010-02-13 15:47 -------- d-----w- c:\program files\Elcom
2010-02-13 15:46 . 2009-09-25 11:51 101816 ----a-w- c:\windows\system32\POS.dll
2010-02-13 15:46 . 2009-11-13 10:46 524288 ----a-w- c:\windows\system32\ECR.dll
2010-02-13 15:46 . 2009-11-11 14:35 270336 ----a-w- c:\windows\system32\Comm32.dll
2010-02-13 15:46 . 2008-07-01 08:43 43152 ----a-w- c:\windows\system32\CommTX.dll
2010-02-13 15:41 . 2010-02-13 15:41 -------- d-----w- c:\program files\Common Files\BUSINESS OBJECTS
2010-02-13 15:41 . 2010-02-13 18:21 -------- d-----w- C:\Omega
2010-02-13 15:38 . 2010-02-13 15:39 -------- d-----w- C:\OmegaIns
2010-02-13 13:23 . 2009-11-11 13:50 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2010-02-13 13:22 . 2009-06-19 17:51 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2010-02-13 13:22 . 2009-06-19 17:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-02-13 13:22 . 2009-06-19 17:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2010-02-13 13:22 . 2009-06-19 17:51 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2010-02-13 13:22 . 2009-06-19 17:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2010-02-13 13:22 . 2010-02-13 19:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\FreeFLVConverter
2010-02-13 13:22 . 2010-02-13 13:23 -------- d-----w- c:\program files\Free FLV Converter
2010-02-12 17:38 . 2010-02-12 17:38 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-02-09 07:44 . 2010-02-09 07:46 6072853 ----a-w- c:\windows\REGBK04.ZIP
2010-02-09 07:43 . 2010-02-09 07:43 -------- d---a-w- c:\windows\zts2.exe
2010-02-09 07:43 . 2010-02-09 07:43 -------- d---a-w- c:\windows\system32\vcmgcd32.dll
2010-02-09 07:43 . 2010-02-09 07:43 -------- d---a-w- c:\windows\system32\systems.txt
2010-02-09 07:43 . 2010-02-09 07:43 -------- d---a-w- c:\windows\system32\iifgfgf.dll
2010-02-09 07:43 . 2010-02-09 07:43 -------- d---a-w- c:\windows\rundl132.dll
2010-02-04 23:03 . 2010-02-04 23:03 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-31 19:53 . 2010-02-13 12:21 -------- d-----w- c:\program files\PDF Editor 2
2010-01-31 19:53 . 2010-01-31 19:53 74752 ----a-w- c:\windows\cadkasdeinst01e.exe
2010-01-30 11:57 . 2010-02-13 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak
2010-01-30 11:51 . 2010-02-13 12:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Systweak
2010-01-30 11:51 . 2010-01-30 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\MyDefrag
2010-01-30 11:24 . 2010-01-30 11:24 -------- d-----w- c:\program files\DiskInternals
2010-01-28 11:21 . 2010-01-28 11:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\ABBYY
2010-01-28 11:03 . 2010-01-31 11:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ABBYY
2010-01-27 13:33 . 2010-01-31 11:03 -------- d-----w- c:\program files\ABBYY FineReader 10
2010-01-27 13:33 . 2010-01-31 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ABBYY
2010-01-27 13:29 . 2010-01-27 13:30 -------- d-----w- c:\temp\FR10PE
2010-01-26 15:51 . 2010-01-26 15:51 -------- d-----w- c:\program files\LizardTech
2010-01-24 12:17 . 2010-01-24 12:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\MyNotesKeeper
2010-01-20 10:16 . 2010-01-20 10:16 -------- d-----w- c:\program files\ConvertHelper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 20:05 . 2009-11-18 22:22 -------- d-----w- c:\program files\trend micro
2010-02-15 20:05 . 2009-12-21 16:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2010-02-15 19:41 . 2009-12-11 16:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\365dni
2010-02-13 19:54 . 2009-10-03 09:06 12856 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-13 18:20 . 2009-10-11 09:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-13 14:38 . 2010-01-03 13:33 -------- d-----w- c:\program files\Images Index Creator
2010-02-13 12:28 . 2010-01-03 11:39 -------- d-----w- c:\program files\Pinnacle
2010-02-13 12:23 . 2009-12-25 10:38 -------- d-----w- c:\program files\Common Files\Nikon
2010-02-13 12:20 . 2009-12-06 15:11 -------- d-----w- c:\program files\Image Grabber II
2010-02-13 10:45 . 2009-10-03 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-02-11 12:33 . 2009-11-11 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-02-11 12:33 . 2009-11-11 14:28 -------- d-----w- c:\program files\Spyware Terminator
2010-02-11 12:29 . 2009-11-11 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Spyware Terminator
2010-02-10 11:22 . 2009-10-13 15:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-02-10 10:12 . 2009-10-13 16:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-02-04 23:02 . 2009-11-11 14:48 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-31 19:39 . 2009-10-18 13:38 -------- d-----w- c:\program files\Foxit Software
2010-01-31 15:21 . 2009-10-31 18:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-01-31 12:47 . 2009-11-29 15:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\FlashgetSetup
2010-01-28 12:17 . 2009-10-03 22:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-28 10:58 . 2010-01-11 18:05 -------- d-----w- c:\program files\Your Webcam Watcher Program
2010-01-26 15:51 . 2009-10-02 09:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-24 12:30 . 2009-12-03 14:55 588 ---ha-w- C:\os652192.bin
2010-01-20 17:39 . 2009-11-28 11:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-13 15:03 . 2010-01-13 15:03 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-13 09:25 . 2010-01-13 09:25 -------- d-----w- c:\program files\MSECache
2010-01-11 19:08 . 2010-01-11 19:08 -------- d-----w- c:\program files\Google
2010-01-06 10:11 . 2010-01-06 10:10 5823539 ----a-w- c:\windows\REGBK03.ZIP
2010-01-05 10:00 . 2004-08-04 04:56 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 04:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 04:56 17408 ------w- c:\windows\system32\corpol.dll
2010-01-03 16:04 . 2010-01-03 16:04 -------- d-----w- c:\program files\Haali
2010-01-03 14:41 . 2009-12-19 12:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-01-03 14:35 . 2010-01-03 14:34 -------- d-----w- c:\program files\iTunes
2010-01-03 14:35 . 2010-01-03 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-03 14:34 . 2010-01-03 14:34 -------- d-----w- c:\program files\iPod
2010-01-03 14:34 . 2009-12-18 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-03 14:34 . 2010-01-03 14:34 -------- d-----w- c:\program files\Bonjour
2010-01-03 11:44 . 2010-01-03 11:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-01-03 11:37 . 2010-01-03 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2010-01-02 00:33 . 2010-01-02 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\VideoMach
2010-01-01 23:07 . 2010-01-01 23:07 -------- d-----w- c:\program files\Smallvideosoft
2009-12-31 16:50 . 2004-08-04 03:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 12:13 . 2009-10-21 16:15 2004 ----a-w- c:\windows\Registration\e10f24f0-652e-11dd-ad8b-0800200c9a66.dll
2009-12-25 14:32 . 2009-12-25 11:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nikon
2009-12-25 13:34 . 2009-12-25 11:49 0 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-12-25 11:50 . 2009-12-25 10:38 -------- d-----w- c:\program files\Nikon
2009-12-25 11:49 . 2009-12-25 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2009-12-25 11:49 . 2009-12-25 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2009-12-25 11:05 . 2009-12-25 11:05 -------- d-----w- c:\program files\BreezeSys
2009-12-25 10:38 . 2009-12-25 10:38 0 ----a-w- c:\documents and settings\All Users\Application Data\PKP_DLdy.DAT
2009-12-24 20:02 . 2009-11-28 17:18 -------- d-----w- c:\program files\NOVOMATIC Gaminator CF1 Final
2009-12-23 13:15 . 2009-12-23 12:32 -------- d-----w- c:\program files\FLY2000TV
2009-12-22 21:35 . 2009-11-11 14:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-22 20:43 . 2009-12-22 20:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2009-12-22 20:39 . 2009-12-22 20:31 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-22 20:39 . 2009-12-22 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-12-22 20:37 . 2009-12-22 20:37 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-12-21 17:00 . 2009-12-21 17:00 -------- d-----w- c:\program files\LimeWire
2009-12-20 11:44 . 2009-11-02 13:45 5430 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{846E11C7-4E39-469C-8469-569E7DE9C5CD}\_E9E3E8815ADBA390949375.exe
2009-12-20 11:44 . 2009-11-02 13:45 5430 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{846E11C7-4E39-469C-8469-569E7DE9C5CD}\_6FEFF9B68218417F98F549.exe
2009-12-20 11:44 . 2009-11-02 13:45 5430 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{846E11C7-4E39-469C-8469-569E7DE9C5CD}\_0276E7E570CBB4EA97FB0F.exe
2009-12-20 11:44 . 2009-11-02 13:05 -------- d-----w- c:\program files\Readon Technology
2009-12-16 18:43 . 2009-10-02 08:37 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 04:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2004-08-04 03:18 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-04 03:15 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-03 18:52 . 2009-12-03 18:52 65536 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CDEBE7FF-C832-4B91-9214-A4CA610D78C9}\ARPPRODUCTICON.exe
2009-11-29 16:16 . 2009-11-29 16:16 3349872 ----a-w- c:\documents and settings\Administrator\Application Data\PPLiveVA\PPVAUpdate\PPVAUpdate.exe
2009-11-29 15:37 . 2009-11-29 15:37 305 ----a-w- c:\windows\system32\secushr.dat
2009-11-27 17:11 . 2004-08-04 04:56 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-07 00:17 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 04:56 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 04:56 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-22 15:02 . 2009-11-22 15:02 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-11-22 10:52 . 2009-11-22 15:02 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-11-22 10:52 . 2009-11-22 15:02 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-11-21 15:51 . 2004-08-04 04:56 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-16_17.46.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-17 08:56 . 2010-02-17 08:56 16384 c:\windows\temp\Perflib_Perfdata_1d8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\365dni]
2007-01-06 17:16 753664 ----a-w- c:\program files\365dníNET\365dniNET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 15:07 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-09-23 21:45 1657448 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-06-23 09:21 847872 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WmdmPmSN"=3 (0x3)
"Themes"=3 (0x3)
"mnmsrvc"=3 (0x3)
"CiSvc"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"TapiSrv"=3 (0x3)
"sp_rssrv"=2 (0x2)
"SENS"=2 (0x2)
"Schedule"=2 (0x2)
"ASTSRV"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"Kingsoft Antivirus WebShield Service"=3 (0x3)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"ASO3DiskOptimizer"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Sierra\\Empire Earth\\Empire Earth.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\NOVOMATIC Gaminator CF1 Final\\game.exe"=
"$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\lotus\\organize\\org6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.4.2009 15:18 107256]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12.10.2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 21:24 74480]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [11.11.2009 15:28 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9.4.2009 15:19 731840]
R3 PhTVTune;Philips FM1216 MK3 TV Tuner;c:\windows\system32\drivers\phtvtune.sys [5.11.2004 0:45 19904]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [24.12.2009 16:42 17792]
S2 713xTVCard;SAA7134 TV Card;c:\windows\system32\drivers\SAA713x.sys [15.3.2005 11:00 277504]
S3 ADASPROT;SYSTWEAKASO;\??\c:\program files\Advanced System Optimizer 3\adasprot32.sys --> c:\program files\Advanced System Optimizer 3\adasprot32.sys [?]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [23.12.2009 13:33 4134]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 21:24 7408]
S4 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [21.10.2009 17:18 57344]
S4 Kingsoft Antivirus WebShield Service;Kingsoft Antivirus WebShield Service;c:\program files\Maxthon2\Modules\MxKWS\KSWebShield.exe [26.10.2009 3:53 202136]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.12.2009 21:31 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 14:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1563985344-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-06 12:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - c:\lotus\organize\bandobjs.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1v0u31ok.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1v0u31ok.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1v0u31ok.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1v0u31ok.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-365dnk6.0.7 - c:\windows\365dnk\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-17 10:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-17 10:11:35
ComboFix-quarantined-files.txt 2010-02-17 09:11
ComboFix2.txt 2010-02-16 17:51

Pre-Run: 100 921 925 632 bytes free
Post-Run: 100 886 421 504 bytes free

- - End Of File - - BFC68189D2C341244385131BFECEFFED

[motji]

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- ]nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********


Při použití combofixu byl vypnut autorun - nefunguje automatické spouštění cd rom a pod. Doporučovala bych nechat vypnuté, ale pokud je chcete zapnout, zde je návod

Otevřete si Poznámkový blok a zkopírujte do něj text

Kód: Vybrat vše

Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom] 
"AutoRun"=dword:00000001 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 
"NoDriveTypeAutoRun"=- 
"NoDriveAutoRun"=- 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 
"NoDriveTypeAutoRun"=- 
"NoDriveAutoRun"=- 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 
"NoDriveTypeAutoRun"=- 
"NoDriveAutoRun"=-
 

-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
-klikněte na uložit,
- pak na soubor standardně 2x klikněte a potvrďte dialogové okno.


***********


Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?