preventivka po vyčištění Anti-Malware a Avastem

[KenobiCzech]

Ahoj.

Prosím o kontrolu logu.
Kamarád přinesl Notebook v zuboženém stavu.
Malwarebytes odstranilo asi 1050 položek, Avast asi 100.

Přikládám log a děkuji předem.

Logfile of random's system information tool 1.08 (written by random/random)
Run by refaski at 2010-12-09 22:49:44
Microsoft® Windows Vista™ Home Premium
System drive C: has 19 GB (21%) free of 92 GB
Total RAM: 1918 MB (45% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{51B39AA9-BCB6-4887-933E-8D569C6781BB}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll [2007-09-28 521528]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-09-01 1006264]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-29 4317184]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-02-26 153136]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-03-30 1232896]
""= []
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"BitComet"=C:\Program Files\BitComet\BitComet.exe [2007-10-08 6338872]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe -NoStart []

C:\Users\refaski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výrezy obrazovky a spuštení aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-12-09 22:38:38 ----D---- C:\Program Files\trend micro
2010-12-09 22:38:37 ----D---- C:\rsit
2010-12-09 22:19:16 ----D---- C:\Users\refaski\AppData\Roaming\Auslogics
2010-12-09 22:18:02 ----D---- C:\Program Files\Auslogics
2010-12-08 20:18:49 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2010-12-08 20:18:48 ----A---- C:\Windows\system32\drivers\aswSP.sys
2010-12-08 20:18:46 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2010-12-08 20:18:44 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2010-12-08 20:18:40 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2010-12-08 20:17:29 ----A---- C:\Windows\system32\aswBoot.exe
2010-12-08 20:16:42 ----D---- C:\ProgramData\Alwil Software
2010-12-08 20:16:42 ----D---- C:\Program Files\Alwil Software
2010-12-08 18:51:57 ----D---- C:\Users\refaski\AppData\Roaming\Malwarebytes
2010-12-08 18:51:45 ----D---- C:\ProgramData\Malwarebytes
2010-12-08 18:51:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-08 18:20:22 ----RA---- C:\Users\refaski\AppData\Roaming\idgGK7ljd7.txt
2010-11-24 08:25:03 ----RA---- C:\Users\refaski\AppData\Roaming\nK6Nk.txt
2010-11-23 06:46:55 ----RA---- C:\Users\refaski\AppData\Roaming\hDlkH.txt
2010-11-22 07:16:53 ----RA---- C:\Users\refaski\AppData\Roaming\k6jLC.txt
2010-11-15 09:44:39 ----D---- C:\Program Files\ICQ7.2
2010-11-10 16:10:12 ----A---- C:\Windows\system32\MRT.INI

======List of files/folders modified in the last 1 months======

2010-12-09 22:49:43 ----D---- C:\Windows\Temp
2010-12-09 22:38:38 ----RD---- C:\Program Files
2010-12-09 22:37:46 ----D---- C:\Users\refaski\AppData\Roaming\Skype
2010-12-09 22:21:50 ----D---- C:\Program Files\Mozilla Firefox
2010-12-09 21:24:19 ----SHD---- C:\Windows\Installer
2010-12-09 21:16:21 ----D---- C:\Program Files\Common Files
2010-12-09 21:15:52 ----SHD---- C:\System Volume Information
2010-12-09 21:04:11 ----D---- C:\Windows\system32\drivers
2010-12-09 21:03:57 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-09 20:54:37 ----D---- C:\Windows\system32\Samsung_USB_Drivers
2010-12-09 20:54:37 ----D---- C:\Windows
2010-12-09 20:53:27 ----D---- C:\Windows\system32\catroot
2010-12-09 20:50:33 ----DC---- C:\Windows\system32\DRVSTORE
2010-12-09 20:50:33 ----D---- C:\Windows\inf
2010-12-09 20:40:10 ----SD---- C:\Users\refaski\AppData\Roaming\Microsoft
2010-12-09 20:32:29 ----D---- C:\Program Files\OLYMPUS
2010-12-09 20:25:21 ----D---- C:\Users\refaski\AppData\Roaming\Samsung
2010-12-09 20:21:49 ----D---- C:\Windows\winsxs
2010-12-09 20:18:03 ----D---- C:\Users\refaski\AppData\Roaming\skypePM
2010-12-09 20:16:28 ----D---- C:\Windows\LiveKernelReports
2010-12-08 23:33:35 ----D---- C:\Program Files\DAEMON Tools
2010-12-08 22:02:04 ----D---- C:\Windows\Debug
2010-12-08 21:51:50 ----D---- C:\Downloads
2010-12-08 21:30:05 ----D---- C:\Windows\system32\catroot2
2010-12-08 21:23:02 ----D---- C:\Program Files\EA Sports
2010-12-08 21:16:53 ----D---- C:\Users\refaski\AppData\Roaming\BSplayer
2010-12-08 20:17:29 ----D---- C:\Windows\System32
2010-12-08 20:16:42 ----HD---- C:\ProgramData
2010-12-08 19:40:28 ----D---- C:\Program Files\VoipCheapCom
2010-12-08 19:34:29 ----D---- C:\Windows\ServiceProfiles
2010-12-08 18:56:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-08 18:45:31 ----D---- C:\Program Files\Google
2010-12-08 18:22:24 ----D---- C:\ProgramData\Google
2010-12-05 22:21:48 ----D---- C:\Users\refaski\AppData\Roaming\ICQ
2010-11-23 18:43:23 ----RSHD---- C:\RECYCLER
2010-11-15 09:45:31 ----D---- C:\Program Files\ICQ6.5
2010-11-15 09:45:28 ----D---- C:\ProgramData\ICQ
2010-11-12 18:47:31 ----D---- C:\Windows\Prefetch
2010-11-10 16:11:24 ----D---- C:\ProgramData\Microsoft Help
2010-11-10 16:08:09 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-03-16 682232]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 46672]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-02-01 690176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-02 1668456]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-08 2313216]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 a9vslcdb;a9vslcdb; C:\Windows\system32\drivers\a9vslcdb.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2006-11-02 14848]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2006-11-02 31616]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2006-05-11 247808]
S4 nvatabus;nvatabus; C:\Windows\system32\drivers\nvatabus.sys [2006-07-14 105088]
S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-03-31 100992]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-01-08 557056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-02-26 267824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

[motji]

Dobrý večer
Můžete mi napsat, co Avast a mbam smazali ?Mbam- záložka protokoly

[KenobiCzech]

Aj jaj...
Malwarebytes jsem již odinstaloval, netušil jsem že by to mohlo být důležité.
A v Avastu jsem z karantény také natrvalo odstranil nalezené potvory.
Snad jsem Vám tím moc neztížil diagnostiku.Příště se polepším....
Děkuji i tak za snahu...

[KenobiCzech]

Tak nakonec jsem našel alespoň výsledek posledního testu Avastu a hrozba v napadeném souboru byla tato:
Win32:Malware-gen,Win32:Trojan-gen,Win32:DNSChanger-ZY(trj)
Většinou soubory v adresáři local/TEMP v uživatelském profilu a i v exe souboru bsplayeru a NHL2008.

[motji]

v pořádku, chtěla jsem vědět, jestli šlo jen o adware nebo něco vážnějšího, třeba virut.

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

[KenobiCzech]

Tak tady je log z Combofixu.
Jen dodám že jsem zapoměl vypnout firewall, snad to ale proběhlo v pořádku.

ComboFix 10-12-08.04 - refaski 10.12.2010 0:02.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.354.1029.18.1918.1172 [GMT 1:00]
Running from: c:\users\refaski\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! Antivirus *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DaemonTools_WhenUSave_Installer
c:\program files\DaemonTools_WhenUSave_Installer\vvsn.cfg
c:\users\refaski\AppData\Roaming\Microsoft\dyhakoot.exe
c:\users\refaski\AppData\Roaming\Microsoft\hamy.exe
c:\users\refaski\AppData\Roaming\nK6Nk.txt
c:\windows\system32\uninstall.exe
c:\windows\system32\Update.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 )))))))))))))))))))))))))))))))
.

2010-12-09 23:08 . 2010-12-09 23:08 -------- d-----w- c:\users\refaski\AppData\Local\temp
2010-12-09 23:08 . 2010-12-09 23:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-09 21:38 . 2010-12-09 21:38 -------- d-----w- c:\program files\trend micro
2010-12-09 21:38 . 2010-12-09 21:38 -------- d-----w- C:\rsit
2010-12-09 21:19 . 2010-12-09 21:19 -------- d-----w- c:\users\refaski\AppData\Roaming\Auslogics
2010-12-09 21:18 . 2010-12-09 21:18 -------- d-----w- c:\program files\Auslogics
2010-12-08 20:39 . 2010-12-08 20:39 -------- d-----w- c:\users\refaski\AppData\Local\MigWiz
2010-12-08 19:18 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-08 19:18 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-08 19:18 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-08 19:18 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-08 19:18 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-08 19:17 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-08 19:17 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-08 19:16 . 2010-12-08 19:16 -------- d-----w- c:\programdata\Alwil Software
2010-12-08 19:16 . 2010-12-08 19:16 -------- d-----w- c:\program files\Alwil Software
2010-12-08 18:51 . 2010-12-08 18:51 -------- d-----w- c:\users\refaski\AppData\Local\GHISLER
2010-12-08 18:11 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{894BAE83-DF0E-4F8F-AED8-6DE703686A81}\mpengine.dll
2010-12-08 17:51 . 2010-12-08 17:51 -------- d-----w- c:\users\refaski\AppData\Roaming\Malwarebytes
2010-12-08 17:51 . 2010-12-08 17:51 -------- d-----w- c:\programdata\Malwarebytes
2010-12-08 17:51 . 2010-12-09 20:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-15 08:45 . 2010-11-15 08:45 -------- d-----w- c:\users\refaski\AppData\Local\AOL
2010-11-15 08:44 . 2010-11-15 08:46 -------- d-----w- c:\program files\ICQ7.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-03 04:24 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-30 1232896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2007-10-08 6338872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-03-16 682232]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{51B39AA9-BCB6-4887-933E-8D569C6781BB}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\users\refaski\AppData\Roaming\Mozilla\Firefox\Profiles\kbttf75c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\refaski\AppData\Roaming\Mozilla\Firefox\Profiles\kbttf75c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\users\refaski\AppData\Roaming\Mozilla\Firefox\Profiles\kbttf75c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-OM2_Monitor - c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
ActiveSetup-ccc-core-static - msiexec



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-10 00:08
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-12-10 00:12:32
ComboFix-quarantined-files.txt 2010-12-09 23:12

Pre-Run: Volných bajtu: 19 570 810 880
Post-Run: Volných bajtu: 19 415 035 904

- - End Of File - - 7320927E51D636822CA08BB525393116

[motji]

Co počítač?

[KenobiCzech]

Počítač se chová celkem normálně.
Nějaké dramatické zrychlení se neprojevilo, ale co bych od Vist také čekal...
Hlavní je, že už tam má konečně antivirák.
Děkuji moc za Váš čas a pomoc, a přeji klidné a nestresované Vánoce.

[motji]

Ještě jsme neskončili

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?


--------------------------
Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

[KenobiCzech]

CCleaner jsem použil již před použitím Malwarebytes a Avastu.Nevím jestli to není chyba, ale myslím že alespoň u Avastu jsem tím ušetřil nějaký čas při kontrole.Ostatní prográmky z Vašeho podpisu neznám, ale určitě vše vyzkouším.Bohužel, dnes to již nestihnu, budu se snažit zítra odpoledne sem hodit výsledky.
Zatím děkuji za pomoc.

[motji]

CClenaer použijte znovu, není to na škodu . A jinak stačí ten Avptool. Je to louda

[KenobiCzech]

Tak pc běhá celkem uspokojivě.
přikládám log rsit a avptool

Logfile of random's system information tool 1.08 (written by random/random)
Run by refaski at 2010-12-11 20:43:24
Microsoft® Windows Vista™ Home Premium
System drive C: has 18 GB (20%) free of 92 GB
Total RAM: 1918 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:43:27, on 11.12.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\refaski\Desktop\RSIT.exe
C:\Program Files\trend micro\refaski.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Výrezy obrazovky a spuštení aplikace OneNote 2007.lnk
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 5201 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{51B39AA9-BCB6-4887-933E-8D569C6781BB}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll [2007-09-28 521528]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-29 4317184]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-02-26 153136]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-03-30 1232896]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"BitComet"=C:\Program Files\BitComet\BitComet.exe [2007-10-08 6338872]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]

C:\Users\refaski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výrezy obrazovky a spuštení aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-12-11 20:39:12 ----D---- C:\rsit
2010-12-11 20:32:12 ----D---- C:\Program Files\CCleaner
2010-12-10 00:12:38 ----SHD---- C:\$RECYCLE.BIN
2010-12-09 23:51:46 ----D---- C:\Windows\ERDNT
2010-12-09 22:38:38 ----D---- C:\Program Files\trend micro
2010-12-09 22:19:16 ----D---- C:\Users\refaski\AppData\Roaming\Auslogics
2010-12-09 22:18:02 ----D---- C:\Program Files\Auslogics
2010-12-08 20:18:49 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2010-12-08 20:18:48 ----A---- C:\Windows\system32\drivers\aswSP.sys
2010-12-08 20:18:46 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2010-12-08 20:18:44 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2010-12-08 20:18:40 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2010-12-08 20:17:29 ----A---- C:\Windows\system32\aswBoot.exe
2010-12-08 20:16:42 ----D---- C:\ProgramData\Alwil Software
2010-12-08 20:16:42 ----D---- C:\Program Files\Alwil Software
2010-12-08 18:51:57 ----D---- C:\Users\refaski\AppData\Roaming\Malwarebytes
2010-12-08 18:51:45 ----D---- C:\ProgramData\Malwarebytes
2010-12-08 18:51:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-08 18:20:22 ----RA---- C:\Users\refaski\AppData\Roaming\idgGK7ljd7.txt
2010-11-23 06:46:55 ----RA---- C:\Users\refaski\AppData\Roaming\hDlkH.txt
2010-11-22 07:16:53 ----RA---- C:\Users\refaski\AppData\Roaming\k6jLC.txt
2010-11-15 09:44:39 ----D---- C:\Program Files\ICQ7.2

======List of files/folders modified in the last 1 months======

2010-12-11 20:43:26 ----D---- C:\Windows\Temp
2010-12-11 20:42:35 ----D---- C:\Users\refaski\AppData\Roaming\Skype
2010-12-11 20:33:48 ----D---- C:\Windows
2010-12-11 20:32:12 ----RD---- C:\Program Files
2010-12-11 20:24:20 ----SHD---- C:\System Volume Information
2010-12-11 20:09:05 ----D---- C:\Users\refaski\AppData\Roaming\skypePM
2010-12-10 00:09:00 ----A---- C:\Windows\system.ini
2010-12-10 00:08:52 ----D---- C:\Windows\system32\drivers\etc
2010-12-10 00:08:14 ----D---- C:\Windows\System32
2010-12-10 00:08:13 ----SD---- C:\Users\refaski\AppData\Roaming\Microsoft
2010-12-10 00:06:00 ----D---- C:\Windows\system32\drivers
2010-12-10 00:06:00 ----D---- C:\Windows\AppPatch
2010-12-10 00:05:59 ----D---- C:\Program Files\Common Files
2010-12-09 22:21:50 ----D---- C:\Program Files\Mozilla Firefox
2010-12-09 21:24:19 ----SHD---- C:\Windows\Installer
2010-12-09 21:03:57 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-09 20:54:37 ----D---- C:\Windows\system32\Samsung_USB_Drivers
2010-12-09 20:53:27 ----D---- C:\Windows\system32\catroot
2010-12-09 20:50:33 ----DC---- C:\Windows\system32\DRVSTORE
2010-12-09 20:50:33 ----D---- C:\Windows\inf
2010-12-09 20:32:29 ----D---- C:\Program Files\OLYMPUS
2010-12-09 20:25:21 ----D---- C:\Users\refaski\AppData\Roaming\Samsung
2010-12-09 20:21:49 ----D---- C:\Windows\winsxs
2010-12-09 20:16:28 ----D---- C:\Windows\LiveKernelReports
2010-12-08 23:33:35 ----D---- C:\Program Files\DAEMON Tools
2010-12-08 22:02:04 ----D---- C:\Windows\Debug
2010-12-08 21:51:50 ----D---- C:\Downloads
2010-12-08 21:30:05 ----D---- C:\Windows\system32\catroot2
2010-12-08 21:23:02 ----D---- C:\Program Files\EA Sports
2010-12-08 21:16:53 ----D---- C:\Users\refaski\AppData\Roaming\BSplayer
2010-12-08 20:16:42 ----D---- C:\ProgramData
2010-12-08 19:40:28 ----D---- C:\Program Files\VoipCheapCom
2010-12-08 19:34:29 ----D---- C:\Windows\ServiceProfiles
2010-12-08 18:56:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-08 18:45:31 ----D---- C:\Program Files\Google
2010-12-08 18:22:24 ----D---- C:\ProgramData\Google
2010-12-05 22:21:48 ----D---- C:\Users\refaski\AppData\Roaming\ICQ
2010-11-15 09:45:31 ----D---- C:\Program Files\ICQ6.5
2010-11-15 09:45:28 ----D---- C:\ProgramData\ICQ
2010-11-12 18:47:31 ----D---- C:\Windows\Prefetch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 46672]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-02-01 690176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-02 1668456]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-08 2313216]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2006-11-02 14848]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2006-11-02 31616]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2006-05-11 247808]
S4 nvatabus;nvatabus; C:\Windows\system32\drivers\nvatabus.sys [2006-07-14 105088]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-03-16 682232]
S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-03-31 100992]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-01-08 557056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-02-26 267824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------



Autoscan: completed 2 minutes ago (events: 10, objects: 247243, time: 01:05:48)
11.12.2010 20:57:56 Task started
11.12.2010 21:03:15 Detected: Trojan.Win32.DelFiles.mj C:\$RECYCLE.BIN\S-1-5-21-3562709975-1648204048-875381300-1000\$RGWNS9E.exe
11.12.2010 21:03:15 Deleted: Trojan.Win32.DelFiles.mj C:\$RECYCLE.BIN\S-1-5-21-3562709975-1648204048-875381300-1000\$RGWNS9E.exe
11.12.2010 21:03:28 Detected: Trojan.Win32.Agent.ftsk C:\$RECYCLE.BIN\S-1-5-21-3562709975-1648204048-875381300-1000\$RWIQK5Z.exe
11.12.2010 21:03:36 Deleted: Trojan.Win32.Agent.ftsk C:\$RECYCLE.BIN\S-1-5-21-3562709975-1648204048-875381300-1000\$RWIQK5Z.exe
11.12.2010 21:03:36 Detected: Trojan.Win32.DelFiles.mj C:\$RECYCLE.BIN\S-1-5-21-3562709975-1648204048-875381300-1000\$RYKWZBC.exe
11.12.2010 21:03:42 Deleted: Trojan.Win32.DelFiles.mj C:\$RECYCLE.BIN\S-1-5-21-3562709975-1648204048-875381300-1000\$RYKWZBC.exe
11.12.2010 21:04:35 Detected: Backdoor.Win32.Cetorp.p C:\Documents and Settings\refaski\AppData\Local\VirtualStore\Windows\System32\secupdat.dat/PE-Crypt.XorPE
11.12.2010 21:04:47 Deleted: Backdoor.Win32.Cetorp.p C:\Documents and Settings\refaski\AppData\Local\VirtualStore\Windows\System32\secupdat.dat
11.12.2010 22:03:44 Task completed

[motji]

Zapojte do pc všechny usb klíče, flashky...co používáte

Použijte USB fix
http://www.viry.cz/forum/viewtopic.php?f=24&t=102308


Před stažením vypněte rezidentní štít antiviru, má na Usbfix falešnou detekci
-spusťte
-klikněte na volbu research , potvrdte enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt

[KenobiCzech]

Zde je log

############################## | UsbFix 7.014 | [Research]

User: refaski (Administrator) # ANGEL-SEBASTIEN [FUJITSU SIEMENS AMILO Li 1718]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 23:34:52 | 11/12/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Genuine Intel(R) CPU T2130 @ 1.86GHz
CPU 2: Genuine Intel(R) CPU T2130 @ 1.86GHz
Microsoft® Windows Vista™ Home Premium (6.0.6000 32-Bit) #
Internet Explorer 7.0.6000.17037

Windows Firewall: Enabled
Antivirus: avast! Antivirus 5.0.83886757 [(!) Disabled | Updated]
RAM -> 1918 Mb
C:\ (%systemdrive%) -> Fixed drive # 90 Gb (29 Mb free - 32%) [System] # NTFS
D:\ -> Fixed drive # 45 Gb (19 Mb free - 42%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 976 Mb (820 Mb free - 84%) [] # FAT

################## | Files # Infected Folders |


################## | Registry |

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |


################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |

[motji]

Tak USBfix je ok, chtěla jsem to raději ověřit . Spustte ho znovu a zvolte Uninstall.
Co počítač?