kontrola PC po odstránení vírusu

Zpráva

Jochanan · #1 Příspěvek od **Jochanan** » 07 zář 2012 19:40

Zdravím. Prosím o kontrolu po odstránení vírusu. Včera som stiahol dokument a namiesto neho tam bol iba vírus. Zablokoval mi všetky aplikácie, nedal sa spustiť prehliadač ani antivirák. Odstránil som ho v núdzovom režime programom Malwarebytes Anti-Malware. Vďaka.

Ak chcete, tu je ten vírus. [url]hxxp://www.uloz.to/xSBpqx1/prolomeni-sifry-mis ... -cesky-zip[/url]

Edit Rudy: Upraven odkaz. Není žádoucí, aby laik viry stahoval a experimentoval s nimi.

#2 Příspěvek od **Rudy** » 07 zář 2012 20:20

Také zdravím!
Poprosím o log RSIT: http://forum.viry.cz/viewtopic.php?f=13&t=105895 .

Jochanan · #3 Příspěvek od **Jochanan** » 07 zář 2012 22:47

Tu je ten log.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Uz at 2012-09-07 23:45:38
Systém Microsoft Windows XP Professional Service Pack 3
System drive E: has 9 GB (11%) free of 80 GB
Total RAM: 3326 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:45:44, on 7.9.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir Desktop\sched.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Avira\AntiVir Desktop\avguard.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
E:\Program Files\Avira\AntiVir Desktop\avshadow.exe
E:\WINDOWS\System32\PAStiSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
E:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
E:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
E:\Program Files\ASUS\WLAN Card Utilities\Center.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
E:\Program Files\Cyberlink\Shared files\brs.exe
E:\Program files\Returnil\Returnil.exe
E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
E:\Documents and Settings\Uz\Desktop\utorrent.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\WINDOWS\system32\wbem\unsecapp.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
E:\Documents and Settings\Uz\Desktop\RSIT.exe
E:\Program Files\trend micro\Uz.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.christ-net.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - E:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Six Engine] "E:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -b
O4 - HKLM\..\Run: [BCU] "E:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [HDAudDeck] E:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Control Center] E:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl10] "E:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] E:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [Rvsystem] "E:\Program files\Returnil\Returnil.exe"
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [uTorrent] "E:\Documents and Settings\Uz\Desktop\utorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "E:\Documents and Settings\Uz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASWLSVC - Unknown owner - E:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - E:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - E:\Program Files\Skype\Updater\Updater.exe
O23 - Service: STI Simulator - Unknown owner - E:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 7805 bytes

======Scheduled tasks folder======

E:\WINDOWS\tasks\Adobe Flash Player Updater.job
E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-73586283-839522115-1003Core.job
E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-73586283-839522115-1003UA.job
E:\WINDOWS\tasks\User_Feed_Synchronization-{8B9D2BC8-DA69-41EB-9FB6-8E4556A899E7}.job

=========Mozilla firefox=========

ProfilePath - E:\Documents and Settings\Uz\Application Data\Mozilla\Firefox\Profiles\7lwh4jeq.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"

"{20a82645-c095-46ed-80e3-08825760534b}"=E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=E:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.265 Plugin
"Path"=E:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=E:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35]
"Description"=
"Path"=E:\WINDOWS\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=E:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=E:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

E:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

E:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

E:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL

E:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
fcmdSrch.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

E:\Documents and Settings\Uz\Application Data\Mozilla\Firefox\Profiles\7lwh4jeq.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

E:\Documents and Settings\Uz\Application Data\Mozilla\Firefox\Profiles\7lwh4jeq.default\searchplugins\
filmova-databaze-fdbcz.xml
sfd.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - E:\Program Files\Java\jre6\bin\ssv.dll [2012-08-28 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - E:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-08-28 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-08-28 79856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 98304]
"Six Engine"=E:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03 5756544]
"BCU"=E:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe [2010-03-05 411864]
"HDAudDeck"=E:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2010-01-18 33714176]
"Control Center"=E:\Program Files\ASUS\WLAN Card Utilities\Center.exe [2006-08-15 1696256]
"GrooveMonitor"=E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"RemoteControl10"=E:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]
"BDRegion"=E:\Program Files\Cyberlink\Shared files\brs.exe [2010-06-28 75048]
"Rvsystem"=E:\Program files\Returnil\Returnil.exe [2011-12-27 2304000]
"avgnt"=E:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-04-21 281768]
"SunJavaUpdateSched"=E:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"Malwarebytes' Anti-Malware"=E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-07-03 462920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=E:\Documents and Settings\Uz\Desktop\utorrent.exe [2010-12-22 396152]
"ctfmon.exe"=E:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=E:\Documents and Settings\Uz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-24 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^Uz^Start Menu^Programs^Startup^Orezávač obrazovky a spúšťač programu OneNote 2007.lnk]
E:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
E:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Documents and Settings\Uz\Desktop\utorrent.exe"="E:\Documents and Settings\Uz\Desktop\utorrent.exe:*:Enabled:µTorrent"
"E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="E:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"E:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="E:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\ASUS\WLAN Card Utilities\Center.exe"="E:\Program Files\ASUS\WLAN Card Utilities\Center.exe:*:Enabled:ASUS WLAN Control Center"
"E:\Program Files\Ashampoo\Ashampoo Burning Studio 6 FREE\burningstudio.exe"="E:\Program Files\Ashampoo\Ashampoo Burning Studio 6 FREE\burningstudio.exe:*:Enabled:Ashampoo Burning Studio 6 FREE"
"E:\Program Files\Java\jre6\bin\javaw.exe"="E:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"E:\totalcmd\TOTALCMD.EXE"="E:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"E:\Program Files\Java\jre6\bin\java.exe"="E:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"E:\Program Files\Mozilla Firefox\firefox.exe"="E:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"E:\Program Files\Skype\Phone\Skype.exe"="E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=E:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=E:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2012-09-07 02:26:00 ----D---- E:\Program Files\Malwarebytes' Anti-Malware
2012-09-07 02:26:00 ----A---- E:\WINDOWS\system32\drivers\mbam.sys
2012-09-07 01:54:13 ----D---- E:\Documents and Settings\All Users\Application Data\67B889CB00001F2F8C777E5E7B07D287
2012-09-05 12:21:15 ----A---- E:\WINDOWS\system32\javaws.exe
2012-09-05 12:21:15 ----A---- E:\WINDOWS\system32\javaw.exe
2012-09-05 12:21:15 ----A---- E:\WINDOWS\system32\java.exe
2012-09-04 12:01:21 ----D---- E:\Documents and Settings\All Users\Application Data\Adobe

======List of files/folders modified in the last 1 month======

2012-09-07 23:45:44 ----D---- E:\WINDOWS\Prefetch
2012-09-07 23:45:40 ----D---- E:\Program Files\trend micro
2012-09-07 23:45:21 ----D---- E:\Documents and Settings\Uz\Application Data\uTorrent
2012-09-07 23:36:10 ----D---- E:\WINDOWS\Temp
2012-09-07 23:36:08 ----D---- E:\WINDOWS\system32\CatRoot2
2012-09-07 23:35:14 ----D---- E:\WINDOWS\system32\drivers
2012-09-07 23:34:58 ----A---- E:\WINDOWS\SchedLgU.Txt
2012-09-07 23:34:03 ----HDC---- E:\WINDOWS\ie8
2012-09-07 20:20:33 ----D---- E:\Torrenty
2012-09-07 16:23:22 ----A---- E:\ASWL2K.ini
2012-09-07 12:22:15 ----D---- E:\Program Files\Mozilla Firefox
2012-09-07 02:32:01 ----HDC---- E:\WINDOWS\$NtUninstallKB2555917$
2012-09-07 02:31:24 ----A---- E:\WINDOWS\ntbtlog.txt
2012-09-07 02:26:00 ----RD---- E:\Program Files
2012-09-07 02:18:41 ----SHD---- E:\RECYCLER
2012-09-07 02:08:49 ----D---- E:\Documents and Settings
2012-09-07 02:08:44 ----SHD---- E:\WINDOWS\CSC
2012-09-06 16:11:26 ----D---- E:\WINDOWS\system32
2012-09-05 12:21:26 ----SHD---- E:\WINDOWS\Installer
2012-09-05 12:21:26 ----D---- E:\Config.Msi
2012-09-05 12:21:10 ----D---- E:\Program Files\Java
2012-09-04 12:01:35 ----A---- E:\WINDOWS\system32\FlashPlayerApp.exe
2012-09-01 16:20:04 ----D---- E:\Documents and Settings\Uz\Application Data\Skype
2012-08-30 16:21:16 ----D---- E:\Program Files\JDownloader
2012-08-29 14:34:49 ----D---- E:\Documents and Settings\Uz\Application Data\gtk-2.0
2012-08-28 20:24:56 ----A---- E:\WINDOWS\system32\npdeployJava1.dll
2012-08-28 20:24:53 ----A---- E:\WINDOWS\system32\deployJava1.dll
2012-08-28 16:27:02 ----D---- E:\WINDOWS
2012-08-16 01:26:45 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI
2012-08-10 20:10:07 ----RSD---- E:\WINDOWS\assembly
2012-08-10 20:10:07 ----D---- E:\WINDOWS\Microsoft.NET
2012-08-10 18:52:20 ----D---- E:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 RVFsSec;RVFsSec; E:\WINDOWS\system32\Drivers\RVFsSec.sys [2011-12-27 22272]
R0 RVSystem;RVSystem; E:\WINDOWS\system32\Drivers\RVSystem.sys [2011-12-27 39424]
R0 sptd;sptd; E:\WINDOWS\System32\Drivers\sptd.sys [2011-07-28 691696]
R1 AmdPPM;AMD HwPState Processor Driver; E:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 AsIO;AsIO; E:\WINDOWS\system32\drivers\AsIO.sys [2009-08-04 11296]
R1 avgio;avgio; \??\E:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; E:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-02-17 138192]
R1 ssmdrv;ssmdrv; E:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; E:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; E:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/01/31 21:54:30]; \??\E:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; E:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-12-20 20747]
R2 avgntflt;avgntflt; E:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-02-17 66616]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\E:\WINDOWS\system32\ASNDIS5.SYS []
R3 ati2mtag;ati2mtag; E:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 4614144]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; E:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MBAMProtector;MBAMProtector; \??\E:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; E:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; E:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-03-08 220112]
R3 usbprint;Microsoft USB PRINTER Class; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; E:\WINDOWS\system32\drivers\viahduaa.sys [2010-01-11 2106880]
S3 catchme;catchme; \??\E:\DOCUME~1\Uz\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; E:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; E:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; E:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PAC207;VideoCAM GE111; E:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
S3 RT73;ASUS USB Wireless LAN Card Driver; E:\WINDOWS\system32\DRIVERS\rt73.sys [2006-06-08 344064]
S3 SLIP;BDA Slip De-Framer; E:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; E:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; E:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 USBSTOR;USB Mass Storage Driver; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; E:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-02-17 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; E:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
R2 Ati HotKey Poller;Ati HotKey Poller; E:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 BCUService;Browser Configuration Utility Service; E:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
R2 JavaQuickStarterService;Java Quick Starter; E:\Program Files\Java\jre6\bin\jqs.exe [2012-08-28 153584]
R2 MBAMService;MBAMService; E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 STI Simulator;STI Simulator; E:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
S2 ASWLSVC;ASWLSVC; E:\WINDOWS\system32\ASWLSVC.exe [2004-05-06 496640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; E:\Program Files\Skype\Updater\Updater.exe [2012-06-07 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 250568]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; E:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MozillaMaintenance;Mozilla Maintenance Service; E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
S3 odserv;Microsoft Office Diagnostics Service; E:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; E:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; E:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#4 Příspěvek od **Rudy** » 08 zář 2012 10:32

Máte čisto až na pár zbytečností. Spusťte znovu HijackThis a v otevřeném okně vlevo ve čtverečcícha zaškrtněte:

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

Klikněte na >FixChecked< a restartujte PC.

Jochanan · #5 Příspěvek od **Jochanan** » 08 zář 2012 13:19

Vykonané. To je všetko? Nič netreba. Ďalej urobiť? Vďaka.

#6 Příspěvek od **Rudy** » 08 zář 2012 16:03

Pokud vám PC správně funguje, není třeba další zásah.

Jochanan · #7 Příspěvek od **Jochanan** » 08 zář 2012 16:06

Ďakujem veľmi pekne. Mám nejaké problémy s PC ale to nebude asi virusom. Niekedy mi premiestnenie DVD z jedneho disku na druhy trva 15 minut. Ale to je asi v niečom inom.

#8 Příspěvek od **Rudy** » 08 zář 2012 16:34

Koukněte do ovl. panelů>systém>správce zařízení>řadiče IDE/ATA. Rozklikněte a na jednotlivé kanály klikněte pravým myšítkem>vlastnosti>upřesnit nastavení. Zjistěte, zda je povolen režim DMA. Pokud ne, povolte, nastavení uložte a restatujte PC.

Jochanan · #9 Příspěvek od **Jochanan** » 08 zář 2012 17:23

Všade je povolený. To len niekedy tak dlho trvá premiestnenie väčšieho súboru. Tiež to badám ak napr. premiestnujem niečo a súčasne prehliadavam net, tak niekedy premiestnenie trva dlhšie, príp- sa aj pomalšie načítava stránka, ale nie je to vždy tak. Pritom mám 3 jadrový procesor a 4 GB RAM. Ale nie je to nič čo by sa nedalo nechať tak. Nerobí to často.

#10 Příspěvek od **Rudy** » 08 zář 2012 17:26

OK. Samozřejmě čím delší soubor, tím delší přesun. To je logické.

#11 Příspěvek od **motji** » 17 zář 2012 21:12

Jak to tu vypadá?

//edit

Pro neaktivitu uzamknuto, viz pravidla
http://forum.viry.cz/viewtopic.php?f=12&t=123975

Pokud chcete topic odemknout, kontaktujte mě nebo někoho z moderátorů na email.

VIRY.CZ

kontrola PC po odstránení vírusu

kontrola PC po odstránení vírusu

Re: kontrola PC po odstránení vírusu

Re: kontrola PC po odstránení vírusu

Re: kontrola PC po odstránení vírusu

Re: kontrola PC po odstránení vírusu

Re: kontrola PC po odstránení vírusu

Re: kontrola PC po odstránení vírusu

Re: kontrola PC po odstránení vírusu

Re: kontrola PC po odstránení vírusu

Re: kontrola PC po odstránení vírusu

Re: kontrola PC po odstránení vírusu