POprosim,spomaleny pc,zasekava sa,videa trhaju na internete

[martinerik]

No mam tam asi virus co robi bordel..napriklad nejde otvorit ani windows firewall...combofix pdstrani virus nie?

[martinerik]

Mozno je problem preto lebo som zabudol pri ADW vypnut avast

[Rudy]

OK. Dejte log ComboFix

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[martinerik]

inak v spracovi zariadeni v systeme pise toto,chyba je tam casto: Služba DCOM zjistila chybu Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení. při pokusu o spuštění služby winmgmt s argumenty za účelem spuštění serveru:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

[Rudy]

CF spustíte? Pokud ano, proveďte sken a dejte log.

[martinerik]

ComboFix 13-01-26.02 - Martin . 01. 2013 12:18:23.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1023.722 [GMT 1:00]
Running from: c:\documents and settings\Martin\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-26 to 2013-01-26 )))))))))))))))))))))))))))))))
.
.
2013-01-26 10:29 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-26 10:29 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-26 10:29 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-01-26 10:29 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-26 10:29 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-26 10:29 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-01-26 10:29 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-01-26 10:29 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-01-26 10:28 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-26 10:20 . 2013-01-26 10:20 -------- d-----w- c:\documents and settings\Administrator
2013-01-26 10:03 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-25 19:17 . 2013-01-25 21:24 -------- d-----w- c:\program files\trend micro
2013-01-25 19:17 . 2013-01-25 19:17 -------- d-----w- C:\rsit
2013-01-11 15:22 . 2013-01-11 15:22 -------- d--h--w- c:\windows\PIF
2013-01-10 16:05 . 2013-01-10 16:05 -------- d-----w- c:\documents and settings\Martin\Local Settings\Data aplikací\PCHealth
2013-01-05 21:00 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-01-05 21:00 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-01-05 21:00 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2013-01-05 21:00 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-01-05 21:00 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2013-01-05 21:00 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-01-05 21:00 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2013-01-05 21:00 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-01-05 21:00 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2013-01-05 21:00 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2013-01-05 21:00 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2013-01-05 21:00 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2013-01-04 08:10 . 2013-01-04 08:10 -------- d-----w- c:\program files\TeamViewer
2013-01-04 07:59 . 2013-01-04 07:59 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:31 . 2010-01-14 14:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:56 . 2010-01-14 15:02 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-11-06 02:00 . 2010-01-14 15:01 1446912 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:03 . 2008-04-14 11:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:11 . 2010-01-14 15:02 920064 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:11 . 2010-01-14 15:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:11 . 2010-01-14 15:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-31 23:39 . 2010-01-14 15:00 385024 ----a-w- c:\windows\system32\html.iec
2013-01-18 20:33 . 2013-01-18 20:33 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-10-09 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2012-9-14 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2010-01-14 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Martin\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26. 1. 2013 11:29 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26. 1. 2013 11:29 21256]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26. 1. 2013 11:29 738504]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [14. 1. 2010 16:04 9472]
S4 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [4. 1. 2013 9:10 3467768]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AAVMKER4
*NewlyCreated* - ASWMON2
*NewlyCreated* - AVAST!_ANTIVIRUS
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-26 22:50]
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\04ec4ov3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10025&q=
FF - ExtSQL: 2013-01-26 11:04; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Notify-RailNotification - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-26 12:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-606747145-1177238915-1417001333-1004\Software\SecuROM\License information*]
"datasecu"=hex:90,c1,85,47,00,bf,e6,ba,6b,01,37,bf,01,77,5e,17,79,e0,75,c2,41,
1d,4b,e7,0d,a5,91,bb,d8,68,90,2f,65,bf,a2,eb,ec,63,fa,16,3b,20,8f,8c,97,24,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2013-01-26 12:22:52
ComboFix-quarantined-files.txt 2013-01-26 11:22
.
Pre-Run: 8 004 243 456
Post-Run: 8 115 519 488
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 150E971194C4E176D95E70292CE39C9B

[Rudy]

Ještě dosčistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Firefox::
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\04ec4ov3.default\
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?sr ... 0.10025&q=

Regnull::
[HKEY_USERS\S-1-5-21-606747145-1177238915-1417001333-1004\Software\SecuROM\License information*]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[martinerik]

Nieco naslo,no avast nejde zapnut stale

ComboFix 13-01-26.02 - Martin . 01. 2013 12:54:44.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1023.604 [GMT 1:00]
Running from: c:\documents and settings\Martin\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Martin\Plocha\CFScript.txt.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\erdnt\cache\ntfs.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-12-26 to 2013-01-26 )))))))))))))))))))))))))))))))
.
.
2013-01-26 11:46 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-26 11:46 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-26 11:46 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-01-26 11:46 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-26 11:46 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-26 11:46 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-01-26 11:46 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-01-26 11:46 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-01-26 11:45 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-26 11:45 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-26 11:45 . 2013-01-26 11:45 -------- d-----w- c:\program files\AVAST Software
2013-01-26 10:20 . 2013-01-26 10:20 -------- d-----w- c:\documents and settings\Administrator
2013-01-25 19:17 . 2013-01-25 21:24 -------- d-----w- c:\program files\trend micro
2013-01-25 19:17 . 2013-01-25 19:17 -------- d-----w- C:\rsit
2013-01-11 15:22 . 2013-01-11 15:22 -------- d--h--w- c:\windows\PIF
2013-01-10 16:05 . 2013-01-10 16:05 -------- d-----w- c:\documents and settings\Martin\Local Settings\Data aplikací\PCHealth
2013-01-05 21:00 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-01-05 21:00 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-01-05 21:00 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2013-01-05 21:00 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-01-05 21:00 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2013-01-05 21:00 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-01-05 21:00 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2013-01-05 21:00 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-01-05 21:00 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2013-01-05 21:00 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2013-01-05 21:00 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2013-01-05 21:00 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2013-01-04 08:10 . 2013-01-04 08:10 -------- d-----w- c:\program files\TeamViewer
2013-01-04 07:59 . 2013-01-04 07:59 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:31 . 2010-01-14 14:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:56 . 2010-01-14 15:02 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-11-06 02:00 . 2010-01-14 15:01 1446912 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:03 . 2008-04-14 11:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:11 . 2010-01-14 15:02 920064 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:11 . 2010-01-14 15:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:11 . 2010-01-14 15:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-31 23:39 . 2010-01-14 15:00 385024 ----a-w- c:\windows\system32\html.iec
2013-01-18 20:33 . 2013-01-18 20:33 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-10-09 . FF876311F58C86EC3E1A24F585949C25 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2012-9-14 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2010-01-14 304128]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Martin\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [26. 1. 2013 12:46 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26. 1. 2013 12:46 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26. 1. 2013 12:46 21256]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [14. 1. 2010 16:04 9472]
S4 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [4. 1. 2013 9:10 3467768]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWSNX
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-26 22:50]
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\04ec4ov3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - ExtSQL: 2013-01-26 12:46; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-26 13:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1204)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\PCHealth\HelpCtr\Binaries\HelpSvc.exe
.
**************************************************************************
.
Completion time: 2013-01-26 13:01:35 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-26 12:01
ComboFix2.txt 2013-01-26 11:38
ComboFix3.txt 2013-01-26 11:22
.
Pre-Run: 7 992 635 392
Post-Run: 7 984 832 512
.
- - End Of File - - 6BC40E4E8C047C75286564D9B0095667

[Rudy]

Log již vypadá OK. Zkuste Avast přeinstalovat.

[martinerik]

Nempomohlo Co mam robit?:(Neporadi niekto vas kolega?

[martinerik]

Problem je tam ze ten virus blokuje firewall windowsu...nejde ho zapnut vobec zapnut.Poradite prosim Vas?

[Rudy]

Udělejte sken IceSword: http://download.sosej.cz/programy3/IceSword122en.zip a dejte log.

[martinerik]

Advanced sken som dal ale neviem ako yvtvorim log

[martinerik]

Kernel Module:

\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
speedfan.sys
Mup.sys
giveio.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\Rtnicxp.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\StarOpen.SYS
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\giveio.sys
C:\WINDOWS\system32\speedfan.sys

[martinerik]

z SSDT a Advanced sken neviem ako vytvorit log