avast ma nevie zbavit trojana Win32:Inject-SW [Trj]

[janci100]

aha, vdaka za vysvetlenie, ak si dobre pamatam, mal som to volakedy nainstalovane, myslim ze ten deamon tools, subory mali myslim priponu ISO...
no ale k veci... zvolil som teda ten 32-bitovy, ulozil ho na plochu a po spusteni mi to vyhodilo okno s textom: "No SPTD version was detected. Celect action to be pefrormed." a s moznostami "Instal", "Uninstal" a "Cancel", pricom ale moznost "Uninstal" nie je mozne kliknut tak dat najprv "Instal"..?

[Caroprd111]

SPTD vynechte a použijte :

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Poté proveďte kroky z předchozího příspěvku.

[janci100]

no, nespravil som to 100%-ne, ale tak hadam v tom nebude problem
stiahol a spustil som ten defogger:


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:03 on 12/03/2010 (miska a mirko)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-


potom som restartoval a stiahol a spustil som to mbr.exe (cize som to nespravil podla toho postupu, ale spustil som to dvojklikom na mbr.exe) potom som to spravil este raz, tentokrat uz podla navodu, len ten odkaz som upravil - namiesto plocha som napisal desktop. oba logy ktore to vytvorili ale vyzeraju rovnako:


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


teraz idem spustit ten gmer, vysledok sem doplnim...


EDIT:

log z gmer:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-12 18:34:03
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\MISKAA~1\LOCALS~1\Temp\uwdiyaoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

[Caroprd111]

OK

[janci100]

log z gmer:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-12 19:47:25
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\MISKAA~1\LOCALS~1\Temp\uwdiyaoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEF5C56B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEF5C5574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEF5C5A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEF5C514C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEF5C564E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEF5C508C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEF5C50F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEF5C576E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEF5C572E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEF5C58AE]

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\MISKAA~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003C0002
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003C0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----

[Caroprd111]

Jak to vypadá s PC

[janci100]

viac - menej po starom, raz za cas to vyhodi virusy, no zo system volume information uz nie, myslim ze len z temporary files a zo system 32...

[Caroprd111]

Kde přesně viry hlásí

[janci100]

cast logu z dennika avastu:

datum a cas / - / program / popis /
11. 3. 2010 21:04:36 miska a mirko 1216 Sign of "Win32:Inject-SW [Trj]" has been found in "C:\System Volume Information\_restore{D6FAF8B1-F794-4FF1-8B77-31180F6BF2E2}\RP201\A0051006.scr" file.
11. 3. 2010 21:08:08 miska a mirko 1216 Sign of "Win32:Inject-SW [Trj]" has been found in "C:\WINDOWS\system32\76.scr" file.
11. 3. 2010 21:32:19 miska a mirko 1216 Sign of "Win32:Inject-SW [Trj]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\01QF4XU7\x[1]" file.
11. 3. 2010 21:34:32 miska a mirko 1216 Sign of "Win32:Inject-SW [Trj]" has been found in "C:\WINDOWS\system32\65.scr" file.
12. 3. 2010 9:03:39 SYSTEM 1200 Sign of "Win32:Inject-SW [Trj]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4TMBWP6V\x[1]" file.
12. 3. 2010 9:04:46 SYSTEM 1200 Sign of "Win32:Inject-SW [Trj]" has been found in "C:\WINDOWS\system32\60.scr" file.
12. 3. 2010 10:38:42 SYSTEM 1200 Sign of "Win32:Inject-SW [Trj]" has been found in "C:\WINDOWS\system32\63.scr" file.
12. 3. 2010 12:10:07 SYSTEM 1200 Sign of "Win32:Inject-SW [Trj]" has been found in "C:\WINDOWS\system32\70.scr" file.
12. 3. 2010 13:12:26 SYSTEM 1200 Sign of "Win32:Inject-SW [Trj]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1B4TLCER\x[1]" file.
12. 3. 2010 13:35:24 SYSTEM 1200 Sign of "Win32:Inject-SW [Trj]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1B4TLCER\x[2]" file.
12. 3. 2010 13:35:45 SYSTEM 1200 Sign of "Win32:Inject-SW [Trj]" has been found in "C:\WINDOWS\system32\58.scr" file.
12. 3. 2010 13:35:57 SYSTEM 1200 Sign of "Win32:Inject-SW [Trj]" has been found in "C:\WINDOWS\system32\22.scr" file.
12. 3. 2010 13:49:40 SYSTEM 1200 Sign of "Win32:Inject-SW [Trj]" has been found in "C:\WINDOWS\system32\44.scr" file.
12. 3. 2010 17:15:01 SYSTEM 1200 Sign of "Win32:Inject-SW [Trj]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\01QF4XU7\x[1]" file.
12. 3. 2010 17:15:27 SYSTEM 1200 Sign of "Win32:Inject-SW [Trj]" has been found in "C:\WINDOWS\system32\17.scr" file.
12. 3. 2010 17:46:50 SYSTEM 1200 Sign of "Win32:Inject-SW [Trj]" has been found in "C:\WINDOWS\system32\03.scr" file.
12. 3. 2010 19:50:21 SYSTEM 1200 Sign of "Win32:Inject-SW [Trj]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4TMBWP6V\x[1]" file.
12. 3. 2010 19:50:50 SYSTEM 1200 Sign of "Win32:Inject-SW [Trj]" has been found in "C:\WINDOWS\system32\21.scr" file.


taka mala poznamka - sa mi zda, ze niekde sm o tom trojane cital, ze dokaze vytvorit v pocitaci dalsi ucet s admin pravami... naschval som tam dal aj zopar vypisov zo vcera kde je za datumom a casom uvedene "miska a mirko" co je nazov nasho pocitaca, to SYSTEM nemoze byt nejaky virusom vytvoreny ucet?

[Caroprd111]

Soubory Avast smazal

[janci100]

no ked avast nasiel tie subory, tak sa ma pytal odstranit, presunut do truhly atd... tak som dal odstranit... ziadnu hlasku ze by mu to odstranit neslo nevypisal, tak predpokladam ze ano... teraz ked pozeram system32, tak tam tie subory nevidim, ale v temporary files "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4TMBWP6V" som napriklad ten subor x[1] nasiel, tak teraz neviem

[Caroprd111]

Dejte nový log z RSIT.

[janci100]

System drive C: has 7 GB (46%) free of 16 GB
Total RAM: 767 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:32, on 12. 3. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\miska a mirko\My Documents\Preberanie\RSIT.exe
C:\Program Files\trend micro\miska a mirko.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home&lang=sk
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: setup_9.0.0.722_11.03.2010_22-30.lnk = C:\Program Files\Virus Removal Tool\setup_9.0.0.722_11.03.2010_22-30\startup.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C596693-999C-4BAE-9ED9-8CF240531D3F}: NameServer = 192.168.20.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3531 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTpatch]
C:\WINDOWS\htpatch.exe [2002-10-30 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-07-01 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^miska a mirko^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE [2007-11-14 393216]

C:\Documents and Settings\miska a mirko\Start Menu\Programs\Startup
setup_9.0.0.722_11.03.2010_22-30.lnk - C:\Program Files\Virus Removal Tool\setup_9.0.0.722_11.03.2010_22-30\startup.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-11 23:38:40 ----D---- C:\Program Files\Virus Removal Tool
2010-03-11 23:10:24 ----SHD---- C:\RECYCLER
2010-03-11 20:24:31 ----D---- C:\Documents and Settings\miska a mirko\Application Data\Malwarebytes
2010-03-11 20:24:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-11 20:24:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-11 19:42:37 ----A---- C:\ComboFix.txt
2010-03-11 19:35:59 ----A---- C:\Boot.bak
2010-03-11 19:35:51 ----RASHD---- C:\cmdcons
2010-03-11 19:25:38 ----A---- C:\WINDOWS\zip.exe
2010-03-11 19:25:38 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-11 19:25:38 ----A---- C:\WINDOWS\SWSC.exe
2010-03-11 19:25:38 ----A---- C:\WINDOWS\SWREG.exe
2010-03-11 19:25:38 ----A---- C:\WINDOWS\sed.exe
2010-03-11 19:25:38 ----A---- C:\WINDOWS\PEV.exe
2010-03-11 19:25:38 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-11 19:25:38 ----A---- C:\WINDOWS\MBR.exe
2010-03-11 19:25:38 ----A---- C:\WINDOWS\grep.exe
2010-03-11 19:25:33 ----D---- C:\WINDOWS\ERDNT
2010-03-11 19:24:46 ----D---- C:\Qoobox
2010-03-09 20:00:29 ----D---- C:\Config.Msi
2010-03-07 10:58:45 ----D---- C:\Program Files\trend micro
2010-03-07 10:58:41 ----D---- C:\rsit

======List of files/folders modified in the last 1 months======

2010-03-12 21:16:25 ----D---- C:\WINDOWS\Prefetch
2010-03-12 19:51:04 ----D---- C:\WINDOWS\system32
2010-03-12 19:50:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-12 18:14:58 ----D---- C:\WINDOWS\Temp
2010-03-12 18:11:03 ----D---- C:\Program Files\Mozilla Firefox
2010-03-12 18:07:38 ----D---- C:\WINDOWS
2010-03-12 18:05:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-11 23:41:33 ----SHD---- C:\System Volume Information
2010-03-11 23:39:04 ----HD---- C:\WINDOWS\inf
2010-03-11 23:39:04 ----D---- C:\WINDOWS\system32\drivers
2010-03-11 23:38:40 ----RD---- C:\Program Files
2010-03-11 23:27:15 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-11 23:18:11 ----D---- C:\WINDOWS\system32\Restore
2010-03-11 19:41:59 ----SD---- C:\WINDOWS\Tasks
2010-03-11 19:41:03 ----A---- C:\WINDOWS\system.ini
2010-03-11 19:39:23 ----D---- C:\WINDOWS\AppPatch
2010-03-11 19:39:20 ----D---- C:\Program Files\Common Files
2010-03-11 19:35:59 ----RASH---- C:\boot.ini
2010-03-11 19:14:40 ----SHD---- C:\WINDOWS\Installer
2010-03-11 19:14:21 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-03-11 19:14:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-09 20:16:06 ----D---- C:\WINDOWS\system32\config
2010-03-09 20:15:40 ----D---- C:\WINDOWS\system32\wbem
2010-03-09 20:15:36 ----D---- C:\WINDOWS\Registration
2010-03-05 14:22:19 ----HD---- C:\WINDOWS\WinZed
2010-03-01 10:50:38 ----A---- C:\WINDOWS\wincmd.ini
2010-03-01 10:16:27 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-22 16:59:53 ----D---- C:\Downloads
2010-02-14 16:33:42 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 93866221;93866221; C:\WINDOWS\system32\DRIVERS\93866221.sys [2009-09-25 128016]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 setup_9.0.0.722_11.03.2010_22-30drv;setup_9.0.0.722_11.03.2010_22-30drv; C:\WINDOWS\system32\DRIVERS\9386622.sys [2009-10-09 315408]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 catchme;catchme; \??\C:\DOCUME~1\MISKAA~1\LOCALS~1\Temp\catchme.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\MISKAA~1\LOCALS~1\Temp\mbr.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 uwdiyaoc;uwdiyaoc; \??\C:\DOCUME~1\MISKAA~1\LOCALS~1\Temp\uwdiyaoc.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-03 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]

-----------------EOF-----------------

[Caroprd111]

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

• Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
• Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

• Spusťte.
• Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

Stáhněte a použijte http://oldtimer.geekstogo.com/TFC.exe



Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

• Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
  
  Záložka Čistič
• Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
  
  Záložka Registry
• Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
  OK Zavřít

Doinstalujte SP3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100


V logu nevidím firewall, doinstalujte Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

[janci100]

ok, co stihnem spravim este dnes, ale vsetko asi nie, rano skoro vstavam CCcleaner mam nainstalovany, no bez yahoo toolbar, tak ak treba odinstalujem a opat nainstalujem. pravidelne ho aj pouzivam, aj teraz som ho pouzival (niekde v predchadzajucich bodoch to bolo odporucane). firewall som zapnuty nemal, no pokusim sa ho nejako rozumne nastavit pomocou navodu. zatial dakujem pekne.