Totálne spomalený počítač, a neodstranitelné vírusi.

[Dendo]

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.03.31 Email-Worm.Win32.Zhelatin.ml!IK
AhnLab-V3 5.0.0.2 2010.03.30 Win-Trojan/MalPatched.Gen
AntiVir 7.10.6.7 2010.03.31 WORM/Zhelatin.Gen
Antiy-AVL 2.0.3.7 2010.03.31 -
Authentium 5.2.0.5 2010.03.31 W32/StormWorm.I
Avast 4.8.1351.0 2010.03.31 Win32:Zhelatin-BJL
Avast5 5.0.332.0 2010.03.31 Win32:Zhelatin-BJL
AVG 9.0.0.787 2010.03.30 Packed.Tibs
BitDefender 7.2 2010.03.31 Trojan.Peed.INW
CAT-QuickHeal 10.00 2010.03.31 Win32.Email-Worm.Zhelatin.ml5
ClamAV 0.96.0.0-git 2010.03.31 Trojan.Peed-47
Comodo 4448 2010.03.31 EmailWorm.Win32.Zhelatin.ML
DrWeb 5.0.2.03300 2010.03.31 Trojan.Packed.210
eSafe 7.0.17.0 2010.03.28 -
eTrust-Vet 35.2.7399 2010.03.31 Win32/Sintun.AN
F-Prot 4.5.1.85 2010.03.31 W32/StormWorm.I
F-Secure 9.0.15370.0 2010.03.31 Trojan.Peed.INW
Fortinet 4.0.14.0 2010.03.30 W32/PackTibs.F
GData 19 2010.03.31 Trojan.Peed.INW
Ikarus T3.1.1.80.0 2010.03.31 Email-Worm.Win32.Zhelatin.ml
Jiangmin 13.0.900 2010.03.31 -
K7AntiVirus 7.10.1004 2010.03.22 Email-Worm.Win32.Zhelatin.ml
Kaspersky 7.0.0.125 2010.03.31 Email-Worm.Win32.Zhelatin.ml
McAfee 5936 2010.03.30 Downloader-ASH.gen.g
McAfee+Artemis 5936 2010.03.30 Downloader-ASH.gen.g
McAfee-GW-Edition 6.8.5 2010.03.31 Heuristic.BehavesLike.Win32.Adware.B
Microsoft 1.5605 2010.03.31 Trojan:Win32/Tibs.EX
NOD32 4987 2010.03.31 Win32/Nuwar
Norman 6.04.10 2010.03.30 Tibs.gen184
nProtect 2009.1.8.0 2010.03.31 Trojan.Peed.INW
Panda 10.0.2.2 2010.03.30 W32/Nuwar.gen.worm
PCTools 7.0.3.5 2010.03.31 Trojan.Tibs.Gen!Pac.132
Prevx 3.0 2010.03.31 -
Rising 22.41.02.02 2010.03.31 Packer.Win32.Agent.bk
Sophos 4.52.0 2010.03.31 Mal/Dorf-F
Sunbelt 6120 2010.03.31 Storm.Worm
Symantec 20091.2.0.41 2010.03.31 Trojan.Peacomm.D
TheHacker 6.5.2.0.248 2010.03.31 -
TrendMicro 9.120.0.1004 2010.03.31 WORM_NUCRP.GEN
VBA32 3.12.12.2 2010.03.30 Malware-Cryptor.Win32.General.3
ViRobot 2010.3.31.2253 2010.03.31 -
VirusBuster 5.0.27.0 2010.03.30 Trojan.Tibs.Gen!Pac.132

Malwarebytes' Anti-Malware 1.45
http://www.malwarebytes.org

Verzia databázy: 3930

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

31.3.2010 12:51:45
mbam-log-2010-03-31 (12-51-45).txt

Typ kontroly: Úplná kontrola (C:\|)
Objektov kontrolovaných: 167360
Uplynulý čas: 1 hod, 8 min, 30 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 0

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
(Škodlivé položky neboli zistené)

Mbam nenaslo sa nic, ale v avaste hlasi tych virov ked scanujem cez mbam straasne vela, a vestko presuvam do truhly...

A hlavne ked normalne volne otvaram nejake priecinky ktore su neni vo windowse, take ze ich nepoznam iba rucne ich otvorim myskou tak vyskoci ze tam nieco je niekedy..

[motji]

červík želatináček , jdeme na něj .
Postupujte popořadě

Stahněte si program AVPtool, a OTC, odkaz bude níže, a odpojte se od internetu (pokud máte kabel, vytáhněte ho z počítače

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

File::
c:\docume~1\ADMINI~1\LOCALS~1\Temp\adxapie.sys 
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

Folder::
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\Ask.com
C:\Program Files\MAX_EN_Atube

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6315c48-f861-4913-9578-1b5fac41ebe0}]

Driver::
adxapie
SetupNTGLM7X

DDS::
uStart Page = hxxp://eu.ask.com?o=14780&l=dis

Firefox::
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f2jvb1dt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2189222&q=

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech


Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

Pak se připojte k internetu, poprosím o nový log ze Rsitu a napište, jak to vypadá

[Dendo]

Sťahujem ten avp tool do 20 min to bude, čo mám urobiť ked nenabehne windows ani
po poslednej znamej konfiguraci?

Mám sa obávať že ten problem nastane?

[motji]

po tom mém skriptu by se to stát ale nemělo
Pokud by se to stalo, dát poslední zámou konfiguraci případně nouzový režim.

Vydíte, já zapoměla , před použitím OTC vypněte obnovu systému (klikněte v podpiisu na SVI, je tam návod). Po OTC restartujte počítač a zase ji zapněte. Pak spustte ten AVPtool

[Dendo]

Ten script z combofixu presunul som a po starte pc nabehol nejaky combofix script erorr,
potom som si dal ten otc zmazal som.

potom som dal kaspersky a stale vo value information, stale tam vyhadzuje tie zelatiny.. aspon 50 a neda sa zmazat..

[Dendo]

Motji, je to cez ten combofix spravene, ten kaspersky to cele neoskenoval musel som to vypnut stale vyhadzoval tie virusi, teraz som vypol to obnovovanie, a ptm som dal ten OTC..

Niekde robím chybu, mám to ešte raz spraviť.. kaspersky stále hádže tie želatíny
RSIT LOG:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-03-31 14:39:34
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 111 GB (73%) free of 153 GB
Total RAM: 511 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:57, on 31.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=14780&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.80\AMVConverter\grab.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.80\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Pridať do blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Pridať do blogu v programe Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://i.imdb.com/Photos/Ss/0172495/th-9
O24 - Desktop Component 1: (no name) - http://tbn0.google.com/images?q=tbn:JH9 ... /tiger.jpg
O24 - Desktop Component 2: (no name) - http://62.168.117.253/o/74/js/functions7.js

--
End of file - 7656 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-04-04 16120832]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-04-28 7573504]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-04-28 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"EPSON Stylus C43 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [2002-12-10 75776]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-06-02 267048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-02-22 26101032]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Valve\hltv.exe"="C:\Program Files\Valve\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Counter Strike\Valve\hl.exe"="C:\Program Files\Counter Strike\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Administrator\Desktop\WoW 3.1.3\BackgroundDownloader.exe"="C:\Documents and Settings\Administrator\Desktop\WoW 3.1.3\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Administrator\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\Administrator\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2010-03-31 14:39:35 ----D---- C:\Program Files\trend micro
2010-03-31 14:39:34 ----D---- C:\rsit
2010-03-31 11:42:33 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2010-03-31 11:42:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-31 11:42:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-31 11:00:46 ----SHD---- C:\RECYCLER
2010-03-31 10:48:43 ----D---- C:\WINDOWS\ERDNT
2010-03-31 08:43:34 ----D---- C:\Program Files\CCleaner
2010-03-30 13:07:43 ----D---- C:\Documents and Settings\Administrator\Application Data\TeamViewer
2010-03-17 22:27:41 ----D---- C:\WINDOWS\system32\XPSViewer
2010-03-17 22:27:35 ----D---- C:\Program Files\MSBuild
2010-03-17 22:27:32 ----D---- C:\WINDOWS\system32\en-US
2010-03-17 22:27:22 ----D---- C:\Program Files\Reference Assemblies
2010-03-17 22:26:18 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-03-17 22:26:18 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-03-17 22:26:18 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-03-17 22:26:17 ----HD---- C:\adfd5db93d8e1917216d6cbddba2
2010-03-17 22:16:19 ----D---- C:\Program Files\VDownloaders
2010-03-17 21:56:20 ----A---- C:\Program Files\Common Files\AskToolbarInstaller.exe
2010-03-17 21:13:19 ----D---- C:\Program Files\MSXML 6.0
2010-03-17 15:17:47 ----D---- C:\Program Files\Conduit
2010-03-17 15:15:35 ----D---- C:\Program Files\DsNET Corp
2010-03-08 18:28:02 ----D---- C:\Program Files\Common Files\Skype
2010-03-08 18:27:58 ----RD---- C:\Program Files\Skype

======List of files/folders modified in the last 1 months======

2010-03-31 14:39:35 ----RD---- C:\Program Files
2010-03-31 14:38:39 ----D---- C:\WINDOWS\Temp
2010-03-31 14:37:45 ----D---- C:\Program Files\Mozilla Firefox
2010-03-31 14:36:11 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype
2010-03-31 14:34:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-31 14:32:36 ----D---- C:\WINDOWS
2010-03-31 14:24:45 ----SHD---- C:\System Volume Information
2010-03-31 14:24:45 ----D---- C:\WINDOWS\system32\Restore
2010-03-31 14:24:41 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-31 14:19:17 ----D---- C:\WINDOWS\system32\drivers
2010-03-31 13:30:42 ----HD---- C:\WINDOWS\inf
2010-03-31 12:14:54 ----D---- C:\WINDOWS\mui
2010-03-31 12:11:28 ----D---- C:\WINDOWS\system32\wbem
2010-03-31 12:11:15 ----D---- C:\WINDOWS\system32\usmt
2010-03-31 12:10:43 ----D---- C:\WINDOWS\system32\Com
2010-03-31 12:10:20 ----D---- C:\WINDOWS\system32\npp
2010-03-31 12:09:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-31 12:06:57 ----D---- C:\WINDOWS\system32\oobe
2010-03-31 10:56:00 ----A---- C:\WINDOWS\system.ini
2010-03-31 10:55:30 ----D---- C:\WINDOWS\system32
2010-03-31 10:53:41 ----D---- C:\WINDOWS\AppPatch
2010-03-31 10:53:35 ----D---- C:\Program Files\Common Files
2010-03-31 10:13:08 ----D---- C:\Program Files\Valve
2010-03-31 10:05:26 ----D---- C:\Documents and Settings\Administrator\Application Data\skypePM
2010-03-31 10:02:13 ----D---- C:\Logs
2010-03-31 09:26:24 ----D---- C:\WINDOWS\Prefetch
2010-03-31 09:03:12 ----SHD---- C:\WINDOWS\Installer
2010-03-31 09:03:11 ----SD---- C:\WINDOWS\Tasks
2010-03-31 09:03:11 ----D---- C:\Config.Msi
2010-03-31 08:59:44 ----RSD---- C:\WINDOWS\assembly
2010-03-31 08:58:12 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-31 08:58:11 ----D---- C:\Program Files\Lineage II
2010-03-31 08:57:09 ----D---- C:\Program Files\ICQToolbar
2010-03-31 08:45:20 ----D---- C:\WINDOWS\Minidump
2010-03-31 08:45:20 ----D---- C:\WINDOWS\Debug
2010-03-31 08:34:39 ----D---- C:\WINDOWS\msagent
2010-03-29 08:05:21 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2010-03-28 20:28:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-18 15:04:02 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-17 22:27:30 ----RSD---- C:\WINDOWS\Fonts
2010-03-17 22:26:55 ----D---- C:\WINDOWS\system32\spool
2010-03-17 22:25:32 ----D---- C:\WINDOWS\WinSxS
2010-03-17 22:22:42 ----D---- C:\WINDOWS\system32\mui
2010-03-17 21:43:03 ----D---- C:\Program Files\Webteh
2010-03-08 18:27:57 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-03-01 20:56:14 ----D---- C:\WINDOWS\system32\config
2010-03-01 20:55:46 ----D---- C:\WINDOWS\Registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225920]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-06 4258816]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-04-28 3663040]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-08-24 10368]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 adxapie;adxapie; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\adxapie.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-02-04 25280]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 ovt519;VGA USB Camera; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-09-25 174530]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 61600]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 88688]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2006-08-24 223128]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-10-24 61504]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-02-23 717296]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2002-07-17 94208]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-04-28 143426]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-06-02 504104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Služba Bezpečnosť rodiny v službe Windows Live; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[motji]

Počkejte, musíte dodržet to pořadí co jsem psala, jinak to nemá cenu . Nemůžu najít zdroj infekce , v lozích nic nevidím , takže se musíte odpojit od internertu, počítač vyčistit a snad to pomůže.

Máte ve stejné síti ještě jiný počítač?

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.




tohle znáte? Měly by to být obrázky na plochu
O24 - Desktop Component 0: (no name) - http://i.imdb.com/Photos/Ss/0172495/th-9
O24 - Desktop Component 1: (no name) - http://tbn0.google.com/images?q=tbn:JH9 ... /tiger.jpg
O24 - Desktop Component 2: (no name) - http://62.168.117.253/o/74/js/functions7.js

stahněte si nějakou instalačku firewalu, já doporučuji Zone alarm, link
http://www.filehippo.com/download_zonealarm_free/5437/


A ted dodržte přesně postup
1 Odpojte se od internetu

2. Vypněte obnovu systému

3. Použijte OTC a restartujte počítač

4. Běžte do nouzového režimu (po restartu mačkejte F8 - nouzový režim

5. Spuste Avptool, co najde, nechte léčit/smazat.

6. Po dokončení skenu AVPtoolem spustte ještě Avast, a zjistěte, jestli ještě nějaké viry hlásí. Pokud ano, dejte odstranit.

7. Nainstalujte Zone alarm. Při instalaci nainstalujte pouze firewall, odmítněte instalaci Spy blockeru a askbaru.

8. Připojte se k internetu a napište, jak to s počítačem vypadá.

Pokud by Vám Zone alarm nešel nainstalovat, tak tento bod vynechejte, ale bylo by to lepší.

[Dendo]

Vykonám akonáhle sa dostanem na počítač.

[motji]