Win32:Neshta

[vyosek]

Jeste jednou nemate zac

[Treeper]

Zdravím,
nechci zakládat nové téma, když už k viru neshta je tady toho dost, jak už vyplíva mam také problém s timto virem, použil jsem Combofix a zde je vypis LOGu, mohl by mi někdo poradit jak dál postupovat abych se toho parazita zbavil. DIK

ComboFix 11-10-19.06 - Treeper 21.10.2011 10:00:21.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3070.2051 [GMT 2:00]
Spuštěný z: c:\users\Treeper\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Treeper\AppData\Roaming\Microsoft\Internet Explorer\qsTAtsrv.dll
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-21 do 2011-10-21 )))))))))))))))))))))))))))))))
.
.
2011-10-21 07:19 . 2011-10-21 07:19 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7326B68D-43A6-45BB-9805-A176172AECA4}\offreg.dll
2011-10-21 07:19 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7326B68D-43A6-45BB-9805-A176172AECA4}\mpengine.dll
2011-10-17 18:59 . 2011-10-17 18:59 -------- d--h--w- c:\programdata\CanonBJ
2011-10-17 18:59 . 2008-10-09 05:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP99.DLL
2011-10-17 18:59 . 2008-10-09 05:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD99.DLL
2011-10-13 05:22 . 2011-10-13 05:22 -------- d-----w- c:\program files\MSXML 4.0
2011-10-10 18:25 . 2011-10-10 18:35 -------- d-----w- c:\programdata\FLEXnet
2011-10-10 18:00 . 2011-10-10 18:00 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-10-10 17:54 . 2011-10-10 17:54 -------- d-----w- c:\program files\Microsoft Chart Controls
2011-10-10 17:54 . 2011-10-10 17:54 -------- d-----w- c:\program files\Microsoft WSE
2011-10-10 17:53 . 2011-10-10 18:03 -------- d-----w- c:\users\Treeper\AppData\Local\Autodesk
2011-10-10 17:53 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2011-10-10 17:53 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-10-10 17:53 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2011-10-10 17:52 . 2011-10-10 18:09 -------- d-----w- c:\program files\Autodesk
2011-10-10 17:52 . 2011-10-10 18:09 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2011-10-10 17:44 . 2011-10-10 18:48 -------- d-----w- c:\users\Treeper\AppData\Roaming\Autodesk
2011-10-10 17:44 . 2011-10-10 18:37 -------- d-----w- c:\programdata\Autodesk
2011-10-07 14:55 . 2011-10-07 14:55 -------- d-----w- c:\users\Treeper\AppData\Local\ElevatedDiagnostics
2011-10-07 14:31 . 2004-03-01 21:05 407104 ----a-w- c:\windows\system32\MSHFLXGD.OCX
2011-10-07 14:31 . 2004-02-11 13:37 203976 ----a-w- c:\windows\system32\RICHTX32.OCX
2011-10-07 14:27 . 2002-02-14 09:26 647872 ----a-w- c:\windows\system32\mscomct2.ocx
2011-10-07 14:14 . 2011-10-07 14:32 -------- d-----w- c:\program files\MATLAB71
2011-10-07 14:03 . 2011-10-07 14:38 -------- d-----w- c:\program files\Zrychleni Pocitace
2011-10-07 14:03 . 2011-10-07 14:03 -------- d-----w- c:\program files\Microsoft Silverlight
2011-10-07 14:01 . 2011-10-07 14:36 -------- d-----w- c:\users\Treeper\AppData\Local\OpenCandy
2011-10-07 14:01 . 2011-10-07 14:01 -------- d-----w- c:\users\Treeper\AppData\Roaming\OpenCandy
2011-10-07 14:01 . 2011-10-07 14:01 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-07 14:00 . 2011-10-07 14:01 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-10-07 14:00 . 2011-10-07 14:11 -------- d-----w- c:\users\Treeper\AppData\Roaming\DAEMON Tools Lite
2011-10-07 14:00 . 2011-10-07 14:00 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-10-07 11:13 . 2011-10-07 11:13 -------- d-----w- c:\users\Treeper\AppData\Roaming\MathWorks
2011-10-03 20:24 . 2011-10-20 17:24 -------- d-----w- c:\users\Treeper\AppData\Roaming\Canon
2011-10-03 20:23 . 2011-10-03 20:23 -------- d-----w- c:\users\Treeper\AppData\Roaming\ArcSoft
2011-10-03 20:21 . 1996-06-30 22:00 77312 ----a-w- c:\windows\system32\TWAIN_32.DLL
2011-10-03 20:21 . 1995-07-31 11:44 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL
2011-10-03 20:20 . 2011-10-03 20:20 -------- d-----w- c:\program files\ArcSoft
2011-10-03 20:20 . 2001-09-05 03:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-10-03 20:20 . 2001-09-05 03:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2011-10-03 20:20 . 2001-09-05 03:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-10-03 20:20 . 2001-09-05 03:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-09-30 17:07 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-09-30 17:07 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-09-30 17:06 . 2011-09-30 17:06 -------- d-----w- c:\program files\Microsoft Works
2011-09-30 17:05 . 2011-09-30 17:05 -------- d-----w- c:\windows\PCHEALTH
2011-09-30 17:04 . 2011-09-30 17:04 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-09-30 17:03 . 2011-09-30 17:03 -------- d-----w- c:\users\Treeper\AppData\Local\Microsoft Help
2011-09-30 17:03 . 2011-09-30 17:08 -------- d-----w- c:\programdata\Microsoft Help
2011-09-23 11:38 . 2011-09-23 11:38 -------- d-----w- c:\program files\A4Tech
2011-09-23 11:38 . 2007-05-15 15:31 36864 ----a-w- c:\windows\system32\Amhooker.dll
2011-09-23 11:38 . 2007-05-15 03:41 14336 ----a-w- c:\windows\system32\drivers\Amusbprt.sys
2011-09-23 11:38 . 2007-05-15 03:40 14336 ----a-w- c:\windows\system32\drivers\Amps2prt.sys
2011-09-23 11:38 . 2007-05-15 03:38 9216 ----a-w- c:\windows\system32\drivers\Amfilter.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-07 14:46 . 2011-08-07 14:47 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2011-08-07 14:46 . 2011-08-07 14:47 298104 ----a-w- c:\windows\system32\imon.dll
2011-08-07 14:46 . 2011-08-07 14:47 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2011-08-02 13:06 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-30 12:56 . 2011-07-30 12:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-08 07:29 . 2011-09-17 18:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP Internet Guardian"="c:\users\Treeper\AppData\Roaming\QipGuard\QipGuard.exe" [2010-10-25 190928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Infium"="c:\program files\QIP Infium\infium.exe" [2010-10-25 5892560]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"PCSpeedUp"="c:\program files\Zrychleni Pocitace\PCSpeedUp.lnk" [2011-10-07 2395]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-09 10082920]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2011-08-07 949376]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2011-08-07 462848]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 mitsijm2011;Správce úloh aplikace Autodesk Moldflow Inventor Tool Suite Integration 2011;c:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-23 462336]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-31 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-07 232512]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2011-08-07 15424]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Treeper\AppData\Roaming\Mozilla\Firefox\Profiles\y5hid6ug.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-10-21 10:09:05
ComboFix-quarantined-files.txt 2011-10-21 08:09
.
Před spuštěním: 8 894 394 368
Po spuštění: 8 687 546 368
.
- - End Of File - - 4DC6CF57D8005FEB89035A7F42467789

[vyosek]

Zdravim a pekny den preji

A ja vas preto pozadam, abyste si nove tema zalozil - mame tu takovou dohodu.Tohle tema je uzavreno a jen by se to tu motalo

Dekuji za pochopeni, tema zamykam.