Antivirus Sentry ( dočištění )

[EvilZone]

dravím tahle mrcha se mě naistalovala do pc .
Každej exe soubor považovala za infikovanej ( nic nešlo zapnout )
UPM => avs.exe kill , svchost.exe kill tím jsem mu zabranil se pořád dokola zapínat .

mbt :

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 156402
Uplynulý čas: 16 minuta(y), 38 sekunda(y)

Infikované procesy v paměti: 3
Infikované moduly v paměti: 0
Infikované klíče registru: 3
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 13

Infikované procesy v paměti:
C:\Documents and Settings\HackHell\Plocha\avs.exe (Rogue.Installer) -> Unloaded process successfully.
C:\Program Files\Sysinternals Antivirus\Sysinternals Antivirus.exe (Rogue.Installer) -> Unloaded process successfully.
C:\Program Files\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adbupd (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Sysinternals Antivirus (Rogue.SysinternalsAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\Program Files\alggui.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\HackHell\Plocha\avs.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Sysinternals Antivirus\Sysinternals Antivirus.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HackHell\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\5ab0itn4.default\Cache\6DC92D3Ed01 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\HackHell\Local Settings\Temporary Internet Files\Content.IE5\AHZ7SMQM\PC_protect[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\wpp.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\scdata\dbsinit.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\adb9_32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\alggui.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\nuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\skynet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\wp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\wp4.dat (Malware.Trace) -> Quarantined and deleted successfully.



Sken jsem daval i rano (preventivně) pc bylo čisté takže všechno nakazila tahle mrcha .

Rsit :

Logfile of random's system information tool 1.07 (written by random/random)
Run by HackHell at 2010-07-17 03:51:58
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 158 GB (66%) free of 238 GB
Total RAM: 3326 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:52:05, on 17.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\download\softyxD\RSIT.exe
C:\Program Files\Avira\AntiVir Desktop\usrreq.exe
C:\Program Files\trend micro\HackHell.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9051992000
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

--
End of file - 5917 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-06-04 227744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-06-04 227744]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"=C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [2010-02-18 357448]
"Launch LCDMon"=C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2010-02-18 1573448]
"Launch LGDCore"=C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2010-02-18 3203144]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=475
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\QIP Infium JadrisPack\infium.exe"="C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-07-17 03:51:58 ----D---- C:\rsit
2010-07-16 22:27:36 ----AD---- C:\WINDOWS\rundll16.exe
2010-07-16 22:27:36 ----AD---- C:\WINDOWS\logo1_.exe
2010-07-14 16:12:43 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-07-14 16:12:43 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-07-13 22:15:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-13 10:22:51 ----D---- C:\Program Files\UPM
2010-07-13 04:55:14 ----AD---- C:\WINDOWS\VDLL.DLL
2010-07-13 04:55:14 ----AD---- C:\WINDOWS\system32\runouce.exe
2010-07-13 04:55:14 ----AD---- C:\WINDOWS\RUNDL132.EXE
2010-07-13 04:55:14 ----AD---- C:\WINDOWS\logo_1.exe
2010-07-13 04:53:05 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-07-13 04:53:04 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-07-13 04:53:03 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-07-13 04:52:59 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2010-07-13 04:52:59 ----A---- C:\WINDOWS\system32\T.COM
2010-07-13 04:52:59 ----A---- C:\WINDOWS\REGEDIT.COM
2010-07-13 04:52:59 ----A---- C:\WINDOWS\R.COM
2010-07-13 04:52:58 ----D---- C:\Program Files\Common Files\MicroWorld
2010-07-13 04:52:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-07-13 04:22:37 ----D---- C:\Documents and Settings\HackHell\Data aplikací\Download Manager
2010-07-12 22:32:11 ----D---- C:\WINDOWS\Internet Logs
2010-07-12 22:23:47 ----D---- C:\Documents and Settings\HackHell\Data aplikací\Avira
2010-07-12 22:22:42 ----D---- C:\Program Files\Avira
2010-07-12 21:19:50 ----SHD---- C:\Config.Msi
2010-07-10 22:23:29 ----SHD---- C:\RECYCLER
2010-07-10 22:07:42 ----RASHD---- C:\cmdcons
2010-07-10 00:31:27 ----D---- C:\Documents and Settings\HackHell\Data aplikací\Xfire
2010-07-09 21:00:32 ----A---- C:\WINDOWS\system32\xfcodec.dll
2010-07-06 19:00:49 ----D---- C:\Program Files\XeroBank
2010-06-30 21:15:15 ----D---- C:\Program Files\MSXML 4.0
2010-06-30 18:52:46 ----D---- C:\Program Files\Common Files\Nero
2010-06-30 18:45:48 ----D---- C:\Documents and Settings\HackHell\Data aplikací\Trillian
2010-06-30 18:44:56 ----D---- C:\Program Files\Trillian
2010-06-28 23:15:40 ----D---- C:\Program Files\Common Files\McAfee
2010-06-28 23:15:33 ----D---- C:\Program Files\McAfee
2010-06-26 05:59:52 ----D---- C:\Program Files\GNU
2010-06-26 03:07:56 ----D---- C:\Program Files\CCleaner
2010-06-18 20:46:16 ----D---- C:\Program Files\AIMP2
2010-06-18 00:40:11 ----D---- C:\WINDOWS\ERDNT

======List of files/folders modified in the last 1 months======

2010-07-17 03:52:05 ----D---- C:\Program Files\Trend Micro
2010-07-17 03:51:21 ----RD---- C:\Program Files
2010-07-17 03:48:17 ----D---- C:\WINDOWS
2010-07-17 03:42:13 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-07-17 03:40:13 ----D---- C:\WINDOWS\Temp
2010-07-17 03:40:11 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-17 03:38:58 ----D---- C:\WINDOWS\system32\drivers
2010-07-17 03:38:19 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-07-17 03:38:04 ----D---- C:\WINDOWS\addins
2010-07-17 03:24:04 ----D---- C:\WINDOWS\system32\NtmsData
2010-07-17 03:23:32 ----SHD---- C:\System Volume Information
2010-07-17 02:33:04 ----D---- C:\WINDOWS\Registration
2010-07-17 02:26:04 ----D---- C:\WINDOWS\system32
2010-07-17 02:07:45 ----D---- C:\Documents and Settings\HackHell\Data aplikací\Skype
2010-07-17 00:01:04 ----D---- C:\Documents and Settings\HackHell\Data aplikací\skypePM
2010-07-16 22:17:56 ----D---- C:\WINDOWS\java
2010-07-14 22:55:07 ----D---- C:\WINDOWS\Debug
2010-07-14 22:42:28 ----D---- C:\QIP Infium JadrisPack
2010-07-14 22:41:35 ----D---- C:\Program Files\QIP Infium
2010-07-14 16:12:43 ----HD---- C:\WINDOWS\inf
2010-07-13 22:15:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-13 22:15:33 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-13 22:13:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-13 05:55:26 ----D---- C:\WINDOWS\Prefetch
2010-07-13 04:52:58 ----D---- C:\Program Files\Common Files
2010-07-12 22:22:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2010-07-12 21:20:17 ----SHD---- C:\WINDOWS\Installer
2010-07-10 22:23:09 ----D---- C:\WINDOWS\system32\Restore
2010-07-10 22:09:44 ----SD---- C:\WINDOWS\Tasks
2010-07-10 22:09:32 ----A---- C:\WINDOWS\system.ini
2010-07-10 22:08:39 ----D---- C:\WINDOWS\AppPatch
2010-07-10 22:07:45 ----RASH---- C:\boot.ini
2010-07-10 22:03:51 ----D---- C:\WINDOWS\Driver Cache
2010-07-10 00:39:59 ----D---- C:\Program Files\Xfire
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-06-30 21:15:19 ----D---- C:\WINDOWS\WinSxS
2010-06-28 23:15:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2010-06-28 10:57:30 ----D---- C:\Program Files\Mozilla Firefox
2010-06-24 04:55:43 ----SD---- C:\Documents and Settings\HackHell\Data aplikací\Microsoft
2010-06-24 01:22:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\NOS
2010-06-23 20:25:52 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-06-23 20:25:38 ----D---- C:\Program Files\Realtek

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avfwot;avfwot; C:\WINDOWS\system32\DRIVERS\avfwot.sys [2010-02-18 102856]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 avfwim;AvFw Packet Filter Miniport; C:\WINDOWS\system32\DRIVERS\avfwim.sys [2010-02-15 79432]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-11-17 5956608]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\WINDOWS\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 Razerlow;Diamondback 3G USB Filter Driver; C:\WINDOWS\System32\Drivers\DB3G.sys [2005-04-24 13225]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-03-08 220112]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirFirewallService;Avira FireWall; C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe [2010-04-01 536232]
R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2010-03-30 337064]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-01 405672]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-06-09 153376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [2010-05-20 88176]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[motji]

Dobré ranko

Dejte soubor otestovat na http://www.virustotal.com

C:\Program Files\Avira\AntiVir Desktop\usrreq.exe

-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače

[EvilZone]

http://www.virustotal.com/cs/analisis/0 ... 1279360441

Čisto v jiních logs tenhle soubor nebyl protože se jedná o novou Aviru verze 10 .

[motji]

Tak to pak jo
Log vypadá v pořádku, jsou s počítačem ještě nějaké problémy? Pokud ano, uděláme důkladnější sken.

[EvilZone]

Nejsou asi sem tu potvoru zničil sám
Jen mám delší dobu problém když naistaluju Zone alarm tak ten při intenetové aktivitě vytěžuje CPU v rozmezí 50-100 % .
Ničemu jinemu nevěřím ale jiná možnost než formát asi není skoušel jsem spoustu návodu a pokaždé vsmon.exe vytěžoval cpu .

Ještě k tomu dočištění jdu projet CCleaner .

[motji]

Asi ano, ale pokud by jste chtěl, můžeme to pro jistotu projet combofixem.
ZA mám taky, ale ještě osmičkovou verzi. Devítková řada měla nějaký bug, že na některých počítačích vytěžovala nadměrně pc. Zkuste si bud nainstalovat starší verzi , nebo je dobrý a ZA podobný firewal Pc tools.

[EvilZone]

Kombo nerad používám ale projistotu udělám scan .

[motji]

Pokud nejsou problémy, tak je to zbytečné

[EvilZone]

Ok kdyby neco napíšu ale myslím že to bude v pohodě moc dík za kontrolu logu a přeju pěknej zbytek dne i když je takové horko

[motji]

Není zač, kdyby něco, tak se ozvěte