Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Avira hlási 3 druhy trojanov každú chvíľu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
wanthom
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 02 led 2010 19:33

Avira hlási 3 druhy trojanov každú chvíľu

#1 Příspěvek od wanthom »

Mám Win 7, všetky aktualizácie, zapnutý firewall, antivirus Avira Free, Spybot zapnuty hlásia sa mi tieto vírusy (viď príloha).
Nepomôže ani zmazanie, za chvíľu vybehne okno znova. Ďakujem za každú pomoc.
Urobil som log z Hijackthis, viď tu :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ambra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: 1964233.lnk = Ambra\AppData\Local\Temp\nvvscv.exe
O4 - Startup: 2070234.lnk = Ambra\AppData\Local\Temp\a32pasop.exe
O4 - Startup: 3271679.lnk = Ambra\AppData\Local\Temp\InstModule.exe
O8 - Extra context menu item: &Stiahnuť položku pomocou FlashGetu - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stiahnuť všetky položky pomocou FlashGetu - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7461 bytes
Přílohy
Virusy.jpg
Virusy.jpg (66.34 KiB) Zobrazeno 3010 x

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Avira hlási 3 druhy trojanov každú chvíľu

#2 Příspěvek od Rudy »

Udělejte sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

wanthom
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 02 led 2010 19:33

Re: Avira hlási 3 druhy trojanov každú chvíľu

#3 Příspěvek od wanthom »

No fúha, dosť toho našlo, tento antimalware som doteraz nepoznal. A čo teraz s tým len Odstrániť vybraté? Vďaka za promptnú odpoveď. Tu je log :

Malwarebytes' Anti-Malware 1.43
Verzia databázy: 3481
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2. 1. 2010 20:28:23
mbam-log-2010-01-02 (20-28-17).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 97855
Uplynutý cas: 7 minute(s), 41 second(s)

Infikovaných procesov pamäte: 2
Infikovaných modulov pamäte: 1
Infikovaných registracných klúcov: 4
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 27

Infikovaných procesov pamäte:
C:\Users\Ambra\AppData\Local\Temp\w.exe (Trojan.Downloader) -> No action taken.
C:\Windows\msd.exe (Trojan.Agent) -> No action taken.

Infikovaných modulov pamäte:
C:\Windows\System32\spool\prtprocs\w32x86\56A7.tmp (Trojan.Dropper) -> No action taken.

Infikovaných registracných klúcov:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PUT2VIDQLG (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\B1RQJ7YJ0U (Trojan.FakeAlert) -> No action taken.

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\Windows\System32\spool\prtprocs\w32x86\56A7.tmp (Trojan.Dropper) -> No action taken.
C:\Windows\System32\sshnas.dll (Trojan.Downloader) -> No action taken.
C:\Users\Ambra\AppData\Local\Temp\1157319.exe (Trojan.Downloader) -> No action taken.
C:\Users\Ambra\AppData\Local\Temp\204507.exe (Trojan.Downloader) -> No action taken.
C:\Users\Ambra\AppData\Local\Temp\330434.exe (Trojan.Downloader) -> No action taken.
C:\Users\Ambra\AppData\Local\Temp\588C.tmp (Trojan.Dropper) -> No action taken.
C:\Users\Ambra\AppData\Local\Temp\a.exe (Trojan.Downloader) -> No action taken.
C:\Users\Ambra\AppData\Local\Temp\c.exe (Trojan.Fraudpack) -> No action taken.
C:\Users\Ambra\AppData\Local\Temp\sshnas.dll (Trojan.Downloader) -> No action taken.
C:\Users\Ambra\AppData\Local\Temp\i.exe (Trojan.Downloader) -> No action taken.
C:\Users\Ambra\AppData\Local\Temp\j.exe (Trojan.Downloader) -> No action taken.
C:\Users\Ambra\AppData\Local\Temp\r.exe (Trojan.Fraudpack) -> No action taken.
C:\Users\Ambra\AppData\Local\Temp\f.exe (Trojan.Downloader) -> No action taken.
C:\Windows\System32\spool\prtprocs\w32x86\5189.tmp (Trojan.Dropper) -> No action taken.
C:\Windows\System32\spool\prtprocs\w32x86\9194.tmp (Trojan.Dropper) -> No action taken.
C:\Users\Ambra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1964233.lnk (Malware.Trace) -> No action taken.
C:\Users\Ambra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2070234.lnk (Malware.Trace) -> No action taken.
C:\Users\Ambra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3271679.lnk (Malware.Trace) -> No action taken.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Users\Ambra\AppData\Local\Temp\w.exe (Trojan.Downloader) -> No action taken.
C:\Windows\msa.exe (Trojan.Agent) -> No action taken.
C:\Windows\msb.exe (Trojan.Agent) -> No action taken.
C:\Windows\msd.exe (Trojan.Agent) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Users\Ambra\AppData\Local\Temp\b.exe (Trojan.Dropper) -> No action taken.
C:\Users\Ambra\AppData\Local\Temp\d.exe (Trojan.Dropper) -> No action taken.
C:\Users\Ambra\AppData\Local\Temp\e.exe (Trojan.Dropper) -> No action taken.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Avira hlási 3 druhy trojanov každú chvíľu

#4 Příspěvek od Rudy »

Vše smažte a pro jistotu ještě dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

wanthom
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 02 led 2010 19:33

Re: Avira hlási 3 druhy trojanov každú chvíľu

#5 Příspěvek od wanthom »

ComboFix 10-01-01.05 - Ambra . 01. 2010 20:52:54.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2039.1302 [GMT 1:00]
Running from: c:\download\ComboFix.exe
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 )))))))))))))))))))))))))))))))
.

2010-01-02 20:00 . 2010-01-02 20:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-02 19:18 . 2010-01-02 19:18 -------- d-----w- c:\users\Ambra\AppData\Roaming\Malwarebytes
2010-01-02 19:17 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-02 19:17 . 2010-01-02 19:17 -------- d-----w- c:\programdata\Malwarebytes
2010-01-02 19:17 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 19:17 . 2010-01-02 19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-02 18:30 . 2010-01-02 18:30 -------- d-----w- C:\rsit
2010-01-02 18:08 . 2010-01-02 18:08 -------- d-----w- c:\program files\Trend Micro
2010-01-02 16:33 . 2010-01-02 16:33 174027 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{21DDA8DA-C032-F245-23B3-4AE82312ECEA}-InstModule.exe
2009-12-31 15:53 . 2009-09-22 10:50 293888 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HP1006S.DLL
2009-12-31 15:53 . 2008-05-08 13:52 65536 ----a-w- c:\windows\system32\HPPLVS.dll
2009-12-31 15:53 . 2009-09-22 10:50 284160 ----a-w- c:\windows\system32\HP1006LM.DLL
2009-12-31 15:53 . 2009-12-31 15:53 -------- d-----w- c:\program files\HP
2009-12-31 15:50 . 2009-12-31 15:50 -------- d-----w- c:\windows\system32\URTTEMP
2009-12-31 15:49 . 2009-12-31 15:53 -------- d--h--w- c:\program files\Avago-HP
2009-12-31 15:47 . 2009-12-31 15:47 -------- d-sh--w- c:\windows\ftpcache
2009-12-26 16:11 . 2009-12-26 16:12 -------- d-----w- c:\program files\The KMPlayer
2009-12-26 15:57 . 2009-12-26 17:07 -------- d-----w- C:\Nikon DVD03
2009-12-25 16:19 . 2009-12-25 16:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-25 16:19 . 2009-12-25 16:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-24 20:05 . 2009-12-24 20:05 -------- d-----w- c:\program files\CrystalDiskInfo
2009-12-20 11:23 . 2009-12-31 22:53 -------- d-----w- C:\Vladko predaj
2009-12-11 17:04 . 2009-12-11 17:04 -------- d-----w- c:\users\Ambra\AppData\Roaming\Foxit
2009-12-11 17:04 . 2009-12-11 17:04 -------- d-----w- c:\program files\Foxit Software
2009-12-07 20:26 . 2009-12-28 11:41 -------- d-----w- C:\Obrázky CD11
2009-12-07 16:42 . 2009-12-07 16:42 503808 ----a-w- c:\programdata\LangSoft\WebIE.dll
2009-12-07 16:42 . 2009-12-07 16:42 299008 ----a-w- c:\programdata\LangSoft\TrnWord.dll
2009-12-07 16:39 . 2009-12-07 16:41 -------- d-----w- c:\program files\PC Translator
2009-12-07 16:38 . 2009-12-07 16:42 -------- d-----w- c:\programdata\LangSoft
2009-12-07 16:38 . 2009-12-07 16:40 -------- d-----w- c:\users\Ambra\AppData\Roaming\LangSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 20:01 . 2009-11-14 08:36 -------- d-----w- c:\users\Ambra\AppData\Roaming\Skype
2010-01-02 19:24 . 2009-11-14 11:36 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-02 16:23 . 2009-11-14 08:39 -------- d-----w- c:\users\Ambra\AppData\Roaming\skypePM
2009-12-31 16:09 . 2009-11-14 09:57 -------- d-----w- c:\programdata\Microsoft Help
2009-12-30 18:32 . 2009-11-14 13:06 -------- d-----w- c:\program files\SpeedFan
2009-12-09 15:15 . 2009-11-14 08:33 -------- d-----w- c:\programdata\Skype
2009-12-07 18:49 . 2009-11-13 23:17 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-25 12:47 . 2009-11-14 09:36 -------- d-----w- c:\program files\RQmoney
2009-11-22 11:01 . 2009-11-13 22:16 110784 ----a-w- c:\users\Ambra\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-20 18:52 . 2009-11-20 18:52 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-11-20 16:42 . 2009-11-20 16:42 -------- d-----w- c:\program files\Microsoft IntelliPoint 5.2
2009-11-20 12:46 . 2009-11-20 12:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-20 12:46 . 2009-11-20 12:46 -------- d-----w- c:\program files\Java
2009-11-14 23:23 . 2009-11-14 23:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-11-14 23:23 . 2009-11-14 23:22 -------- d-----w- c:\program files\CONEXANT
2009-11-14 23:20 . 2009-11-14 23:20 -------- d-----w- c:\program files\MSXML 4.0
2009-11-14 11:35 . 2009-11-14 11:35 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-14 11:33 . 2009-11-14 11:23 65536 ----a-r- c:\users\Ambra\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2009-11-14 11:33 . 2009-11-14 11:23 10134 ----a-r- c:\users\Ambra\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
2009-11-14 11:31 . 2009-11-14 11:31 -------- d-----w- c:\program files\Corel
2009-11-14 11:31 . 2009-11-14 11:31 -------- d-----w- c:\program files\Common Files\Corel
2009-11-14 11:24 . 2009-11-14 11:24 -------- d-----w- c:\users\Ambra\AppData\Roaming\Corel
2009-11-14 11:23 . 2009-11-14 11:23 -------- d-----w- c:\programdata\InstallShield
2009-11-14 11:23 . 2009-11-14 11:23 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-14 11:04 . 2009-11-14 11:04 -------- d-----w- c:\users\Ambra\AppData\Roaming\ACD Systems
2009-11-14 11:04 . 2009-11-14 11:04 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-11-14 11:04 . 2009-11-14 11:04 -------- d-----w- c:\programdata\ACD Systems
2009-11-14 11:04 . 2009-11-14 11:04 -------- d-----w- c:\program files\ACD Systems
2009-11-14 10:58 . 2009-11-14 10:58 -------- d-----w- c:\programdata\Hagel Technologies
2009-11-14 10:04 . 2009-11-14 10:04 -------- d-----w- c:\program files\Microsoft Works
2009-11-14 10:04 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2009-11-14 10:02 . 2009-11-14 10:02 -------- d-----w- c:\program files\Microsoft.NET
2009-11-14 09:59 . 2009-11-14 09:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-14 09:36 . 2009-11-14 09:36 -------- d-----w- c:\program files\RQmoneybeta
2009-11-14 09:33 . 2009-11-14 09:33 -------- d-----w- c:\program files\DU Meter
2009-11-14 09:32 . 2009-11-14 09:31 -------- d-----w- c:\program files\FlashGet
2009-11-14 09:31 . 2009-11-14 09:31 -------- d-----w- c:\users\Ambra\AppData\Roaming\FlashGet
2009-11-14 08:58 . 2009-11-14 08:57 -------- d-----w- c:\program files\VirtualCloneDrive
2009-11-14 08:33 . 2009-11-14 08:33 -------- d-----w- c:\program files\Skype
2009-11-14 08:33 . 2009-11-14 08:33 -------- d-----w- c:\program files\Common Files\Skype
2009-11-13 23:17 . 2009-11-13 23:17 -------- d-----w- c:\programdata\Avira
2009-11-13 23:17 . 2009-11-13 23:17 -------- d-----w- c:\program files\Avira
2009-11-13 22:51 . 2009-11-13 22:51 -------- d-----w- c:\program files\Total Commander
2009-11-13 22:16 . 2009-11-13 22:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-11-02 19:42 . 2009-11-13 22:39 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:22 . 2009-11-26 05:53 2048 ----a-w- c:\windows\system32\tzres.dll
2008-08-07 09:09 . 2009-11-14 12:09 952832 ----a-w- c:\program files\eurokalkulacka_kros.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"Google Update"="c:\users\Ambra\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-13 135664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2006-11-27 1582616]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-20 149280]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14. 11. 2009 0:17 108289]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\System32\drivers\dc3d.sys [28. 5. 2009 17:36 21392]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\netw5v32.sys [10. 6. 2009 22:18 4231168]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [25. 12. 2009 17:19 1153368]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VSTAZL3.SYS [13. 7. 2009 23:13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VSTDPV3.SYS [13. 7. 2009 23:13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\drivers\VSTCNXT3.SYS [13. 7. 2009 23:13 661504]
.
Contents of the 'Scheduled Tasks' folder

2010-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4034374830-3287638629-461662111-1001Core.job
- c:\users\Ambra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-13 23:42]

2010-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4034374830-3287638629-461662111-1001UA.job
- c:\users\Ambra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-13 23:42]
.
.
------- Supplementary Scan -------
.
IE: &Stiahnuť položku pomocou FlashGetu - c:\program files\FlashGet\jc_link.htm
IE: &Stiahnuť všetky položky pomocou FlashGetu - c:\program files\FlashGet\jc_all.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\Ambra\AppData\Roaming\Mozilla\Firefox\Profiles\463xqxus.default\
FF - component: c:\users\Ambra\AppData\Roaming\Mozilla\Firefox\Profiles\463xqxus.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\Ambra\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

AddRemove-PC Translator - c:\users\Ambra\AppData\Local\Temp\UN32.EXE



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x857AA826]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x84ab19d8
QueryNameProcedure -> 0x84ab1b68
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.032"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.abr"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ani"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.apd"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.arw"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bay"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bmp"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bw"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cr2"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.crw"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cs1"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cur"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcr"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcx"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dib"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djv"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djvu"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dng"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.emf"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.eps"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.erf"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fff"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fpx"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.gif"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.hdr"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icl"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icn"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iff"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ilbm"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.int"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.inta"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iw4"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2c"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2k"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jbr"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jfif"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jif"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jp2"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpc"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpe"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpeg"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpg"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpk"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpx"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kdc"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.lbm"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mef"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mos"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mrw"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nef"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nrw"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.orf"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbm"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbr"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcd"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pct"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcx"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pef"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pgm"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pic"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pict"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pix"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.png"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ppm"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psd"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psp"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspbrush"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspimage"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raf"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ras"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raw"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgb"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgba"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rle"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rsb"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rw2"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rwl"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sgi"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sr2"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.srf"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tga"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.thm"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tif"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tiff"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttc"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttf"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbm"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbmp"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wmf"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xbm"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xif"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"

[HKEY_USERS\S-1-5-21-4034374830-3287638629-461662111-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xpm"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2496)
c:\program files\FlashGet\fgmgr.dll
.
Completion time: 2010-01-02 21:04:06
ComboFix-quarantined-files.txt 2010-01-02 20:04

Pre-Run: 45 486 424 064 bytes free
Post-Run: 45 436 964 864 bytes free

- - End Of File - - 314917AE4AEE937CE6258D97E9FB0341

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Avira hlási 3 druhy trojanov každú chvíľu

#6 Příspěvek od Rudy »

CF nic nenašel. PC již vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

wanthom
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 02 led 2010 19:33

Re: Avira hlási 3 druhy trojanov každú chvíľu

#7 Příspěvek od wanthom »

Ďakujem. Zaujímavé, že Avira to nevedela trvale odstrániť...

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Avira hlási 3 druhy trojanov každú chvíľu

#8 Příspěvek od Rudy »

Na tuhle nákazu je třeba použít speciální utilitu. Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět