Trojan:DOS/Alureon.A

[frantkurina]

tak tohle mi našel nástroj Microsoft Window Malicious (windows-kb890830)
po proskenování systému my označil výše uvedený nález a oznámil mi,že soubor byl
částečně odstraněn a že zbytek se musí odstranit ručně!!
nevíte prosím někdo jak nebo čím?
děkuji franta

[ivankrato]

Prvne sem vloz log z RSIT
http://www.viry.cz/forum/viewtopic.php?f=13&t=105895
PS: omlouvam se radcum za vstup, ale chci vam usetrit praci

[frantkurina]

Logfile of random's system information tool 1.06 (written by random/random)
Run by franta at 2011-04-15 18:41:48
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 47 GB (77%) free of 61 GB
Total RAM: 767 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:43, on 15/04/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\FinancniNerad.cz\ActivityMon WebGuard\WebGuard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FinancniNerad.cz\ActivityMon WebGuard\UpdateSvc.exe
C:\Program Files\SeaMonkey\seamonkey.exe
C:\Documents and Settings\franta\Plocha\RSIT.exe
C:\Program Files\trend micro\franta.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WebGuard] C:\Program Files\FinancniNerad.cz\ActivityMon WebGuard\WebGuard.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1417001333-1644491937-682003330-500\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Administrator')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\INSTAL~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - D:\Instalace\Verdict free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - D:\Instalace\Verdict free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - D:\Instalace\Verdict free\etnxp.dll
O9 - Extra button: Centrum.cz - {8616B3F0-5B9D-4127-AFAF-DA12BFA2A05E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Centrum.cz Turbo - {8616B3F0-5B9D-4127-AFAF-DA12BFA2A05E} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: ActivityMon WebGuard aktualizační služba (WebGuard) - Roman Svihalek, Advanced Software - C:\Program Files\FinancniNerad.cz\ActivityMon WebGuard\UpdateSvc.exe

--
End of file - 5814 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-18 4112384]
"WebGuard"=C:\Program Files\FinancniNerad.cz\ActivityMon WebGuard\WebGuard.exe [2010-12-26 209408]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-11-30 281768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2011-02-19 1783808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoStartMenuPinnedList"=0
"NoStartMenuMFUprogramsList"=0
"NoUserNameInStartMenu"=0
"NoPrinterTabs"=0
"NoDeletePrinter"=0
"NoAddPrinter"=0
"NoFavoritesMenu"=0
"NoChangeKeyboardNavigationIndicators"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-04-15 18:41:48 ----D---- C:\rsit
2011-04-15 18:35:20 ----A---- C:\TDSSKiller.2.4.21.0_15.04.2011_18.35.20_log.txt
2011-04-15 18:13:10 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-04-15 18:13:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-04-15 16:59:51 ----A---- C:\WINDOWS\ntbtlog.txt
2011-04-15 15:57:40 ----D---- C:\Program Files\xp-AntiSpy
2011-04-14 18:22:10 ----D---- C:\229c37b4bbb3e126630ea9
2011-04-14 16:33:52 ----D---- C:\e63d75ae5583bc6849da0323554868
2011-04-14 16:32:59 ----HD---- C:\WINDOWS\$NtUninstallKB2509553$
2011-04-14 16:16:43 ----D---- C:\ae08265cbd27af1a6a41c963f1ecc8
2011-04-14 16:16:35 ----HD---- C:\WINDOWS\$NtUninstallKB2507618$
2011-04-14 16:15:51 ----HD---- C:\WINDOWS\$NtUninstallKB2508272$
2011-04-14 16:15:43 ----HD---- C:\WINDOWS\$NtUninstallKB2503658$
2011-04-14 16:15:35 ----HD---- C:\WINDOWS\$NtUninstallKB2491683$
2011-04-14 16:15:27 ----HD---- C:\WINDOWS\$NtUninstallKB2511455$
2011-04-14 16:15:19 ----HD---- C:\WINDOWS\$NtUninstallKB2506223$
2011-04-14 16:15:10 ----HD---- C:\WINDOWS\$NtUninstallKB2506212$
2011-04-14 16:15:02 ----HD---- C:\WINDOWS\$NtUninstallKB2508429$
2011-04-14 16:14:55 ----A---- C:\WINDOWS\imsins.BAK
2011-04-14 16:14:51 ----HD---- C:\WINDOWS\$NtUninstallKB2485663$
2011-04-09 16:59:29 ----D---- C:\Program Files\NETGATE
2011-04-04 15:44:26 ----D---- C:\Program Files\Kerio
2011-04-01 17:19:55 ----D---- C:\WINDOWS\Internet Logs
2011-04-01 16:29:47 ----D---- C:\Documents and Settings\franta\Data aplikací\CheckPoint
2011-04-01 16:29:09 ----D---- C:\Program Files\Conduit
2011-04-01 16:28:56 ----D---- C:\Program Files\CheckPoint
2011-03-30 18:00:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2011-03-26 16:10:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-03-26 16:01:53 ----D---- C:\Program Files\Adobe
2011-03-24 19:11:39 ----HD---- C:\WINDOWS\$NtUninstallKB2524375$
2011-03-21 16:37:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2011-03-21 16:37:25 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-03-18 18:32:03 ----D---- C:\Program Files\r2 Studios
2011-03-18 12:22:00 ----D---- C:\Program Files\Dia

======List of files/folders modified in the last 1 months======

2011-04-15 16:58:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-04-07 13:52:02 ----A---- C:\WINDOWS\system32\MRT.exe
2011-04-06 19:31:50 ----A---- C:\WINDOWS\xpsyspad.ini
2011-03-25 18:24:48 ----A---- C:\WINDOWS\DCheck95.ini
2011-03-24 19:49:16 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-03-16 137656]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2003-06-18 36826]
R1 fwdrv;Kerio Personal Firewall Driver; C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 102912]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-11-30 61960]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2003-06-18 38997]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-07-24 403968]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-07-24 461312]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-07-29 41984]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-07-01 2459840]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-02 9856]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2003-06-18 138485]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2003-06-18 61568]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2003-06-18 8058]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2003-06-18 63002]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 pwdrvio;pwdrvio; \??\C:\WINDOWS\system32\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\WINDOWS\system32\pwdspio.sys []
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SQTECH905C;DualCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2006-01-26 34686]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-03-16 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-30 135336]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2003-06-18 294972]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-07-01 114755]
R2 PersFw;Kerio Personal Firewall; C:\Program Files\Kerio\Personal Firewall\persfw.exe [2002-04-29 393216]
R2 ScsiAccess;ScsiAccess; C:\WINDOWS\system32\ScsiAccess.EXE [2003-02-04 181312]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-02-19 570880]
R2 WebGuard;ActivityMon WebGuard aktualizační služba; C:\Program Files\FinancniNerad.cz\ActivityMon WebGuard\UpdateSvc.exe [2010-12-26 161280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
tak tady je

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[frantkurina]

ComboFix 11-04-14.03 - franta 15/04/2011 19:25:12.1.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.479 [GMT 2:00]
Spuštěný z: c:\documents and settings\franta\Plocha\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-15 do 2011-04-15 )))))))))))))))))))))))))))))))
.
.
2011-04-15 16:53 . 2011-04-15 16:53 -------- d-----w- C:\8e90afbea688c9f25c10966c40240d
2011-04-15 16:41 . 2011-04-15 16:41 -------- d-----w- C:\rsit
2011-04-15 16:13 . 2011-04-15 16:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-15 16:13 . 2011-04-15 16:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-04-15 15:01 . 2011-04-15 15:01 -------- d-----w- c:\documents and settings\Administrator.KURINA-ZZ3UJ7TN\Data aplikací\Malwarebytes
2011-04-15 13:57 . 2011-04-15 13:57 -------- d-----w- c:\program files\xp-AntiSpy
2011-04-14 16:24 . 2011-04-14 16:24 -------- d-----w- c:\documents and settings\Default User\Data aplikací
2011-04-14 16:22 . 2011-04-14 16:22 -------- d-----w- C:\229c37b4bbb3e126630ea9
2011-04-14 14:33 . 2011-04-14 14:33 -------- d-----w- C:\e63d75ae5583bc6849da0323554868
2011-04-14 14:16 . 2011-04-14 14:16 -------- d-----w- C:\ae08265cbd27af1a6a41c963f1ecc8
2011-04-14 14:14 . 2008-06-20 11:51 361600 ------w- c:\windows\system32\dllcache\tcpip.sys
2011-04-09 14:59 . 2011-04-09 14:59 -------- d-----w- c:\program files\NETGATE
2011-04-04 13:44 . 2011-04-04 13:44 -------- d-----w- c:\program files\Kerio
2011-04-04 13:44 . 2002-04-15 10:18 102912 ------w- c:\windows\system32\drivers\FWDRV.SYS
2011-04-01 15:19 . 2011-04-01 15:19 -------- d-----w- c:\windows\Internet Logs
2011-04-01 14:29 . 2011-04-01 14:29 -------- d-----w- c:\documents and settings\franta\Data aplikací\CheckPoint
2011-04-01 14:29 . 2011-04-01 14:29 -------- d-----w- c:\program files\Conduit
2011-04-01 14:28 . 2011-04-01 14:28 -------- d-----w- c:\program files\CheckPoint
2011-03-30 16:00 . 2011-03-30 16:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2011-03-21 14:37 . 2011-03-21 14:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-18 16:32 . 2011-03-18 16:32 -------- d-----w- c:\program files\r2 Studios
2011-03-18 10:22 . 2011-03-18 10:22 -------- d-----w- c:\program files\Dia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 14:30 . 2010-12-14 15:57 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-07 05:33 . 2006-01-25 14:10 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2001-10-25 10:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2001-10-25 10:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:08 . 2001-10-25 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2001-10-25 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:08 . 2001-10-25 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:42 . 2006-01-25 14:29 385024 ----a-w- c:\windows\system32\html.iec
2011-02-19 15:25 . 2011-02-19 15:25 141312 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-02-17 13:18 . 2001-10-25 10:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2001-10-25 10:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2001-10-25 10:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 14:44 . 2006-01-25 14:28 232448 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 12:53 . 2006-01-25 14:29 186880 ------w- c:\windows\system32\encdec.dll
2011-02-09 12:53 . 2006-01-25 14:29 270848 ------w- c:\windows\system32\sbe.dll
2011-02-08 13:33 . 2001-10-25 10:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2001-10-25 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 06:58 . 2006-01-25 14:08 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 10:57 . 2006-01-25 14:08 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 13:44 . 2001-10-25 10:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 4112384]
"WebGuard"="c:\program files\FinancniNerad.cz\ActivityMon WebGuard\WebGuard.exe" [2010-12-26 209408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SeaMonkey Quick Launch"="c:\program files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UnlockerAssistant"="d:\instalace\Unlocker\UnlockerAssistant.exe"
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [26/11/2008 19:28 26680]
R1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [04/04/2011 15:44 102912]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [19/02/2011 17:25 141312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14/12/2010 17:57 135336]
R2 WebGuard;ActivityMon WebGuard aktualizační služba;c:\program files\FinancniNerad.cz\ActivityMon WebGuard\UpdateSvc.exe [26/12/2010 19:24 161280]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [23/09/2010 18:13 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [23/09/2010 18:13 11104]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/12/2010 16:42 136176]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-02 14:41]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-02 14:41]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = localhost
IE: E&xportovat do aplikace Microsoft Excel - d:\instal~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - d:\instalace\Verdict free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - d:\instalace\Verdict free\etnxp.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
SafeBoot-SolutoService
MSConfigStartUp-CTFMON - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-15 19:30
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="AE5B94BEBC99FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A6171C11EC38DE3D5D575E7D6A3B98083A045C20E5BA7D111FC2C827A92CA8FA6D6B0FA2A199A95C7160B9E7E190E3CD1E9C50EB67036F5ED0732AC7999F72F8A014D37E6F0514984364061D1241FBCE7DA92E259D275C16A98105CBE3E692F5C4A5B283CE07D67C148C0559C51C77FA5ACAB823AAE12E9E124FCE78639473D74AE9F103F2A679897FA6ED99283E221096F1B7ACD3058F155815FE80154EC23607FCDABEB2FECDF405D37CCC89560B01FB657600017771C72D5F13101B4F715C3850BB6D0A416329860AEE58DD2A0475B741C5CDC0B008BB260D8CC4BBE4344CF9A866BB95AD91C14D1307133D12A6465873F7BA42BECB27BC516EB06071843A4F9D2FC69A9D7112038D8C49E3794C03D33FE561DB4477F54E354158976B1F8E9E1EF0A2FDFB629EB86A493AB0E194ED813B6BCC05730D471C1413B793DD85E433E88856CC488522DFEF8C9BA75DE27D1F5166FEDB98506FCB9D74BCA8E57D8FB91358DCB314420952372914F116DD5CCBC23B6D218EC875E656F8C7D1360F13458545A40789C0F4C92E74BFD9C7F0688C9F538038C8C2945B153AB02D9587264C7E3912BD6171BC6617C9305143CB35C8CF1715AB4BCDBD7885D441FC5E78B6AA8CA2FAF16C85E72B8789E7696C6009CE0EF9FBA82FBF1375A7E8B5A4FDB7E31C16722A630D72357F6892DEDCBA675E4D686C7BFEA1AEECEBCF1A42B176DC8445539EDEF33A7215AE79CF02063C5B63D9C2674BA36578D5D7A5938B4F5F461FAA519F4D2B0106AE68CA2931658F7AFAEC54661A304EBC0E9CA4802DCF621570B86FF49BB3FE6BDA40C20D3F1D6949BA61A6E907E0465F88FD9B91B32ABDAD693DE49EE4DC68AC272D1BEF75F7120EEEF8977428964A086E25AFFB21F7C339AF68B82338190491D38BE1488FDF66541557DC0D85D6EBA499A0D8776CF65A251BD3480C987F2DA85819F70FBDE556EADF06FA429D4BD0E299E16241FD88FCA336784467FBCBD2445EF9934324BCE665B4EF4E21E0BE31B9333DEB9AB633382844B4B1C6CF5BF8FAC1B63FE9DA3EAE1A30E6833DB3A3DA5FDB6DE8476521AF6D38CAE7BEF0B237A693B858866CE3D9A6209D1EAFEF0E2FCF428EA28F521F18EE3C61956A33F6B6E41C5190A65ACE2B6685AEF61362B7234CC2A2B241B6203EEEA903BA66DD74B9985233ECD698C2F4FE9894B608CBFB41D8F20F8AAC40B9FDF2159E2CD42C9891676574C8A98E28A0D743315CB1E1DDA4BC191E6DA512254B43BF0513DACB78A53BB6925037980A299A25C7BA374D81008431FAF1064142AB6C246DEA2360C971435A6C861A871920B78F8179452A2E99816BB806"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3356)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-04-15 19:33:13
ComboFix-quarantined-files.txt 2011-04-15 17:33
.
Před spuštěním: Volných bajtů: 48 850 010 112
Po spuštění: Volných bajtů: 48 871 866 368
.
- - End Of File - - 37AFEA2CA64F4BD637F2021050954B51
tady je ten log.

[Rudy]

Ještě poprosím o sken IceSword: http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 . Dejte logy Process a KernelModule.

[frantkurina]

Kernel Module:

\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
viaide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
pxark.sys
\WINDOWS\System32\drivers\FLTMGR.SYS
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
sr.sys
Fastfat.sys
KSecDD.sys
NDIS.sys
viaagp.sys
viaagp1.sys
Mup.sys
giveio.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\nv4_mini.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\HSFBS2S2.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\DRIVERS\HSFDPSP2.sys
\SystemRoot\System32\DRIVERS\HSFCXTS2.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ALCXSENS.SYS
\SystemRoot\system32\DRIVERS\fetnd5b.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\system32\DRIVERS\DcCam.sys
\SystemRoot\system32\DRIVERS\EXPORTIT.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\Drivers\fwdrv.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\dcfs2k.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\HSF_FALL.sys
\SystemRoot\System32\DRIVERS\HSF_FSKS.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\HSF_K56K.sys
\SystemRoot\System32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\DRIVERS\HSF_FAXX.sys
\SystemRoot\System32\DRIVERS\HSF_TONE.sys
\SystemRoot\System32\DRIVERS\HSF_V124.sys
\??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
\??\C:\DOCUME~1\franta\LOCALS~1\Temp\catchme.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\System32\ntdll.dll
C:\WINDOWS\system32\giveio.sys


Process:

System Idle Process
System
C:\Program Files\Spyware Terminator\SP_RSSER.EXE
C:\WINDOWS\System32\SVCHOST.EXE
C:\Program Files\FinancniNerad.cz\ActivityMon WebGuard\UpdateSvc.exe
C:\WINDOWS\System32\SMSS.EXE
C:\WINDOWS\System32\CSRSS.EXE
C:\WINDOWS\System32\WINLOGON.EXE
C:\WINDOWS\System32\SERVICES.EXE
C:\WINDOWS\System32\LSASS.EXE
C:\WINDOWS\System32\SVCHOST.EXE
C:\WINDOWS\System32\SVCHOST.EXE
C:\WINDOWS\System32\SVCHOST.EXE
C:\Program Files\Kerio\Personal Firewall\PERSFW.EXE
C:\WINDOWS\System32\SVCHOST.EXE
C:\WINDOWS\System32\SVCHOST.EXE
C:\WINDOWS\System32\SPOOLSV.EXE
C:\Program Files\Avira\AntiVir Desktop\SCHED.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\FinancniNerad.cz\ActivityMon WebGuard\WebGuard.exe
C:\Program Files\Avira\AntiVir Desktop\AVGNT.EXE
C:\WINDOWS\System32\CTFMON.EXE
C:\Program Files\Avira\AntiVir Desktop\AVGUARD.EXE
C:\WINDOWS\System32\NVSVC32.EXE
C:\Program Files\Avira\AntiVir Desktop\AVSHADOW.EXE
D:\stahnut‚ soubory\IceSword122en\IceSword.exe
C:\WINDOWS\System32\ALG.EXE
C:\WINDOWS\EXPLORER.EXE
C:\Program Files\FinancniNerad.cz\ActivityMon WebGua

tady jsou logy

[Rudy]

Ani zde Alureon nevidím. Pro jistotu ještě proveďte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

[frantkurina]

provedl jsem sken kasperským removalem dle doporučení-zdá se že nenašel nic
a když jsem ctěl poslat log tak toho bylo tolik,že to nejde odeslat
nevím jestli jsem postupoval správně ,spustil jsem sken ta jak byl program nastaven
byly označeny první 3 položky tak dejte prosím vědět co dál.-franta-díky

[Rudy]

Koukněte do logu, zda jsou tam nějaké nalezené soubory a zda byly smazány. Měl by vypadat nějak takto:

Automatická kontrola: dokončeno před 15 min. (události: 646, objekty: 2243197, čas: 06:22:10)
7.4.2011 3:08:23 Úloha byla dokončena
7.4.2011 3:02:45 Dezinfikováno: Virus.Win32.Neshta.a D:\ZAXIC\Věci z internetu\zuma_deluxe_setup.exe
7.4.2011 3:02:35 Dezinfikováno: Virus.Win32.Neshta.a D:\ZAXIC\Věci z internetu\zuma_deluxe_setup.exe
7.4.2011 3:02:33 Zjištěno: Virus.Win32.Neshta.a D:\ZAXIC\Věci z internetu\zuma_deluxe_setup.exe
7.4.2011 3:02:31 Dezinfikováno: Virus.Win32.Neshta.a D:\ZAXIC\Věci z internetu\zsetup.exe
7.4.2011 3:02:30 Dezinfikováno: Virus.Win32.Neshta.a D:\ZAXIC\Věci z internetu\zsetup.exe
7.4.2011 3:02:26 Dezinfikováno: Virus.Win32.Neshta.a D:\ZAXIC\Věci z internetu\zoomopen.exe
7.4.2011 3:02:26 Zjištěno: Virus.Win32.Neshta.a D:\ZAXIC\Věci z internetu\zsetup.exe
7.4.2011 3:02:26 Dezinfikováno: Virus.Win32.Neshta.a D:\ZAXIC\Věci z internetu\zg603std.exe ......

[frantkurina]

není tam nic takového jenom samé OK a zelené fajky
takže zatím dobrou noc mnohokrát díky a dejte vědět svoje stanovisko
franta

[Rudy]

V tom případě je to jiný log. Tento by měl AVP vytvořit rovněž. Ten mne zajímá.

[frantkurina]

bohužel nevím jak na to s tímto programem jsem se ještě nesetkal
pokud by byl nějaký návod tak dík

[tuvok07]

Návod je v tom topicu ve kterém jste ho stáhnul.

[frantkurina]

jo už mi to došlo jsem tak trochu postarší a již mi to hůř pálí