Zpomalený pc,windows hlásící vir,ale nelze jej smazat..

[rolka94]

Dobrý den,
mám poměrně akutní problém. Celý počítač je pomalejší,nefunguje Správce úkolů a nereaguje na mé příkazy ani windows,když mi hlásí WindowsDefender nalezený vir. Když jej chci přesunout do truhly,tak to nelze. Vynechává mi Mozilla Firefox a to ne z důvodu výpadku internetu. Mám Windows 7 a aplikace Problémy s počítačem mi hlásí vir,ale když si chci problém s virem otevřít. Nelze to..

Zde přidávám Hijack log:


Logfile of random's system information tool 1.08 (written by random/random)
Run by Lukesh at 2011-05-04 18:02:57
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 76 GB (74%) free of 102 GB
Total RAM: 2047 MB (44% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Program Files\Internet Explorer\qipsearchbar.dll [2009-07-09 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2009-11-25 81000]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-27 85160]
"RTHDCPL"=RTHDCPL.EXE []
"SkyTel"=SkyTel.EXE []
"SoundMan"=SOUNDMAN.EXE []
"AlcWzrd"=ALCWZRD.EXE []
"Alcmtr"=ALCMTR.EXE []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"System"=C:\Users\Lukesh\Music\lst.exe [2010-05-15 10752]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-01-01 289584]
"PC Security Guardian"=C:\ProgramData\9eb0d6\PS9eb_2328.exe [2011-05-04 2403328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.2\ICQ.exe [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2009-11-09 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2010-01-01 289584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2010-01-14 37888]

C:\Users\Lukesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-05-04 17:57:50 ----D---- C:\rsit
2011-05-04 17:57:50 ----D---- C:\Program Files\trend micro
2011-05-04 16:05:24 ----SHD---- C:\Users\Lukesh\AppData\Roaming\PC Security Guardian
2011-05-04 16:05:24 ----SHD---- C:\ProgramData\PSRUFSZMOZG
2011-05-04 16:05:08 ----SHD---- C:\ProgramData\9eb0d6
2011-04-13 20:21:50 ----D---- C:\Program Files\Zrychleni Pocitace
2011-04-13 20:21:35 ----D---- C:\Users\Lukesh\AppData\Roaming\OpenCandy
2011-04-13 20:14:17 ----D---- C:\Download
2011-04-13 20:14:00 ----D---- C:\tmp
2011-04-13 20:13:56 ----D---- C:\tmpDownload
2011-04-13 20:13:51 ----D---- C:\YouTubeGet
2011-04-08 13:28:58 ----A---- C:\Windows\system32\xfcodec.dll

======List of files/folders modified in the last 1 months======

2011-05-04 18:02:58 ----D---- C:\Windows\Temp
2011-05-04 17:57:50 ----D---- C:\Program Files
2011-05-04 17:54:55 ----D---- C:\Windows\system32\config
2011-05-04 17:53:38 ----D---- C:\Users\Lukesh\AppData\Roaming\Xfire
2011-05-04 17:46:27 ----D---- C:\Windows\system32\drivers\etc
2011-05-04 17:44:50 ----D---- C:\Windows\system32\catroot
2011-05-04 17:44:44 ----D---- C:\Windows\system32\catroot2
2011-05-04 17:44:41 ----D---- C:\Windows\winsxs
2011-05-04 17:41:15 ----D---- C:\Windows\Prefetch
2011-05-04 17:39:29 ----D---- C:\Windows\System32
2011-05-04 17:39:29 ----D---- C:\Windows\inf
2011-05-04 17:39:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-05-04 17:35:43 ----D---- C:\Users\Lukesh\AppData\Roaming\uTorrent
2011-05-04 17:24:09 ----D---- C:\Windows\system32\Tasks
2011-05-04 17:16:33 ----D---- C:\Program Files\Mozilla Firefox
2011-05-04 17:14:53 ----D---- C:\Users\Lukesh\AppData\Roaming\Skype
2011-05-04 17:14:13 ----D---- C:\Users\Lukesh\AppData\Roaming\skypePM
2011-05-04 16:05:24 ----HD---- C:\ProgramData
2011-05-02 22:46:38 ----D---- C:\Users\Lukesh\AppData\Roaming\ICQ
2011-05-01 20:12:24 ----SHD---- C:\System Volume Information
2011-04-29 06:27:25 ----D---- C:\ProgramData\Xfire
2011-04-28 18:57:23 ----D---- C:\Users\Lukesh\AppData\Roaming\HLSW
2011-04-28 15:17:31 ----SHD---- C:\Windows\Installer
2011-04-16 11:09:09 ----D---- C:\Program Files\Xfire
2011-04-13 20:21:22 ----D---- C:\Program Files\DsNET Corp
2011-04-08 17:17:42 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-01-29 691696]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-11-09 59388]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-03-27 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-03-27 25888]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-23 29696]
S3 a6vjjxy4;a6vjjxy4; C:\Windows\system32\drivers\a6vjjxy4.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RtkHDAud.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-02-27 75136]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 BBSvc;Bing Bar Update Service; C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

-Zde DDS log:


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Lukesh at 19:43:45,52 on st 04.05.2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2047.684 [GMT 2:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\ProgramData\9eb0d6\PS9eb_2328.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Lukesh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Lukesh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Users\Lukesh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Lukesh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\PING.EXE
C:\Users\Lukesh\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Users\Lukesh\Downloads\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\PING.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://search.qip.ru
uStart Page = hxxp://eu.ask.com?o=15383&l=dis
uDefault_Page_URL = hxxp://search.qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearch Bar = hxxp://search.qip.ru/ie
uInternet Settings,ProxyServer = http=127.0.0.1:25387
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
uURLSearchHooks: QIPBHO Class: {a55f9c95-2bb1-4ea2-bc77-dfaab78832ce} - c:\program files\internet explorer\qipsearchbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: QIPBHO Class: {a55f9c95-2bb1-4ea2-bc77-dfaab78832ce} - c:\program files\internet explorer\qipsearchbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [System] c:\users\lukesh\music\lst.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [PC Security Guardian] "c:\programdata\9eb0d6\PS9eb_2328.exe" /s /d
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
StartupFolder: c:\users\lukesh\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 0 = msseces.exe
uPolicies-disallowrun: 1 = MSASCui.exe
uPolicies-disallowrun: 2 = ekrn.exe
uPolicies-disallowrun: 3 = egui.exe
uPolicies-disallowrun: 4 = avgnt.exe
uPolicies-disallowrun: 5 = avcenter.exe
uPolicies-disallowrun: 6 = avscan.exe
uPolicies-disallowrun: 7 = avgfrw.exe
uPolicies-disallowrun: 8 = avgui.exe
uPolicies-disallowrun: 9 = avgtray.exe
uPolicies-disallowrun: 10 = avgscanx.exe
uPolicies-disallowrun: 11 = avgcfgex.exe
uPolicies-disallowrun: 12 = avgemc.exe
uPolicies-disallowrun: 13 = avgchsvx.exe
uPolicies-disallowrun: 14 = avgcmgr.exe
uPolicies-disallowrun: 15 = avgwdsvc.exe
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 64.27.10.43 http://www.google.com
Hosts: 178.17.165.3 http://www.google.com
Hosts: 64.27.10.43 http://www.google.com.au
Hosts: 178.17.165.3 http://www.google.com.au
Hosts: 64.27.10.43 http://www.google.be
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lukesh\appdata\roaming\mozilla\firefox\profiles\t8bg081v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz
FF - component: c:\users\lukesh\appdata\roaming\mozilla\firefox\profiles\t8bg081v.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\lukesh\appdata\roaming\mozilla\firefox\profiles\t8bg081v.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\lukesh\appdata\roaming\mozilla\firefox\profiles\t8bg081v.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\lukesh\appdata\roaming\mozilla\firefox\profiles\t8bg081v.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\lukesh\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\lukesh\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-26 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-26 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-26 53328]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-12-21 41336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-4 39272]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-19 52224]
.
=============== Created Last 30 ================
.
2011-05-04 16:58:10 -------- d-----w- c:\users\lukesh\appdata\roaming\ESET
2011-05-04 16:58:10 -------- d-----w- c:\users\lukesh\appdata\local\ESET
2011-05-04 16:57:26 -------- d-----w- c:\program files\ESET
2011-05-04 15:57:50 -------- d-----w- c:\program files\trend micro
2011-05-04 15:46:05 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-05-04 15:46:05 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-05-04 15:46:04 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-05-04 15:43:10 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{189f8dfd-8305-46df-829b-4d44b4043f0c}\mpengine.dll
2011-05-04 14:05:24 -------- d-sh--w- c:\users\lukesh\appdata\roaming\PC Security Guardian
2011-05-04 14:05:24 -------- d-sh--w- c:\progra~2\PSRUFSZMOZG
2011-05-04 14:05:08 -------- d-sh--w- c:\progra~2\9eb0d6
2011-04-14 01:39:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-04-13 18:21:50 -------- d-----w- c:\program files\Zrychleni Pocitace
2011-04-13 18:21:38 -------- d-----w- c:\users\lukesh\appdata\local\OpenCandy
2011-04-13 18:21:35 -------- d-----w- c:\users\lukesh\appdata\roaming\OpenCandy
2011-04-13 18:14:17 -------- d-----w- C:\Download
2011-04-13 18:14:00 -------- d-----w- C:\tmp
2011-04-13 18:13:56 -------- d-----w- C:\tmpDownload
2011-04-13 18:13:51 -------- d-----w- C:\YouTubeGet
2011-04-08 11:28:58 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
==================== Find3M ====================
.
2011-04-02 14:55:15 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-02 14:55:15 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-02 14:54:42 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-03-18 23:19:43 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-12 11:23:45 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- c:\windows\system32\esent.dll
2011-03-11 05:31:07 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-07 05:33:13 981504 ----a-w- c:\windows\system32\wininet.dll
2011-03-07 03:52:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-03 05:38:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:36:16 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:42:34 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-02-27 16:09:36 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-25 05:30:54 2616320 ----a-w- c:\windows\explorer.exe
2011-02-24 05:38:54 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-19 06:30:54 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30:51 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-18 05:43:28 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-18 05:39:44 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-02-12 05:35:31 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601
.
CreateFile("\\.\PHYSICALDRIVE1"): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
device: opened successfully
user: error reading MBR
.
Disk trace:
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 19:51:27,54 ===============

Na požádání přidám další potřebné logy. Prosím a děkuji za pomoc!

[MPu 3000]

Vš co to je PC Security Guardian, nebo jsi to někdy instaloval?
EDIT: Zrychleni Pocitace bych doporučil odinstalovat, působí to na mě divným dojmem a PC to asi moc nepomůže...
EDIT2: Prosim, nepoužívejte více jak jeden antivirus! Pak se dívíte, že máte pomalé PC...

[vyosek]

Zdravim a pekny vecer preji

MPu 3000 prectete si prosim PMku

Zbytek pokynu je pro uzivatele rolka94

Odinstalujte ten NOD - pripadne navod je zde http://www.viry.cz/forum/viewtopic.php?p=889437#p889437 - jak bylo receno, dva antiviry v PC zpusobuji zpomaleni a nestabilitu. Avast je kvalitni resnei zabezpeceni, navic zdarma

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Pokud nemate, tak presunte Combofix na plochu

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  C:\ProgramData\PSRUFSZMOZG
  C:\ProgramData\9eb0d6
  C:\Program Files\Zrychleni Pocitace
  C:\Users\Lukesh\AppData\Roaming\PC Security Guardian
  C:\Program Files\Microsoft\BingBar
  
  File::
  C:\Program Files\Internet Explorer\qipsearchbar.dll
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{8dcb7100-df86-4384-8842-8fa844297b3f}"=-
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "RTHDCPL"=-
  "SkyTel"=-
  "SoundMan"=-
  "AlcWzrd"=-
  "Alcmtr"=-
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  "SunJavaUpdateSched"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "EA Core"=-
  "uTorrent"=-
  "PC Security Guardian"=-
  "System"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[rolka94]

Dobře,všechno jsem provedl dle instrukcí a zde je výsledný log:


ComboFix 11-05-05.04 - Lukesh 06.05.2011 16:33:26.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2047.1377 [GMT 2:00]
Spuštěný z: c:\users\Lukesh\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Lukesh\Desktop\CFScript.txt
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lukesh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PC Security Guardian.lnk
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Start Menu\PC Security Guardian.lnk
c:\users\Lukesh\AppData\Roaming\PC Security Guardian
c:\users\Lukesh\AppData\Roaming\PC Security Guardian\Instructions.ini
c:\youtubeget\YouTubeGet.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-06 do 2011-05-06 )))))))))))))))))))))))))))))))
.
.
2011-05-06 14:38 . 2011-05-06 14:40 -------- d-----w- c:\users\Lukesh\AppData\Local\temp
2011-05-06 14:38 . 2011-05-06 14:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-06 13:57 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9843BB84-72C1-4CF3-B78B-520BA9A24D5F}\mpengine.dll
2011-05-04 16:58 . 2011-05-04 16:58 -------- d-----w- c:\users\Lukesh\AppData\Local\ESET
2011-05-04 15:57 . 2011-05-04 15:57 -------- d-----w- C:\rsit
2011-05-04 15:57 . 2011-05-04 15:57 -------- d-----w- c:\program files\trend micro
2011-05-04 15:46 . 2011-02-23 04:48 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-05-04 15:46 . 2011-02-23 04:48 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-05-04 15:46 . 2011-02-23 04:47 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-05-04 15:12 . 2011-04-14 16:38 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-04 14:05 . 2011-05-04 14:05 -------- d-sh--w- c:\programdata\PSRUFSZMOZG
2011-05-04 14:05 . 2011-05-04 19:01 -------- d-sh--w- c:\programdata\9eb0d6
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-13 18:21 . 2011-05-04 15:38 -------- d-----w- c:\program files\Zrychleni Pocitace
2011-04-13 18:21 . 2011-04-14 13:15 -------- d-----w- c:\users\Lukesh\AppData\Local\OpenCandy
2011-04-13 18:21 . 2011-04-13 18:21 -------- d-----w- c:\users\Lukesh\AppData\Roaming\OpenCandy
2011-04-13 18:14 . 2011-04-13 18:14 -------- d-----w- C:\Download
2011-04-13 18:14 . 2011-04-13 18:14 -------- d-----w- C:\tmp
2011-04-13 18:13 . 2011-05-06 14:38 -------- d-----w- C:\YouTubeGet
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-08 11:28 . 2011-04-08 11:28 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-02 14:55 . 2009-12-31 13:04 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-02 14:55 . 2009-12-31 17:42 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-02 14:55 . 2009-12-31 13:04 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-02 14:54 . 2009-12-31 13:04 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-03-18 23:19 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-12 13:40 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-27 16:09 . 2009-12-31 13:04 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-19 06:30 . 2011-03-18 23:03 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30 . 2011-03-18 23:03 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30 . 2011-03-18 23:03 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-14 16:38 . 2011-05-04 15:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-08-31 16:55 . 2009-12-31 10:34 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
.
c:\users\Lukesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-4-8 3510160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-01-01 21:10 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-29 691696]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
.
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=15383&l=dis
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyServer = http=127.0.0.1:25387
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Lukesh\AppData\Roaming\Mozilla\Firefox\Profiles\t8bg081v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-QIP 2005 - d:\qip\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2645705051-3475436260-4188310941-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:55,aa,0c,87,bd,92,72,66,33,91,22,83,2c,e7,d1,6c,67,a7,a0,8c,62,07,6a,
a1,18,6b,6b,95,76,2d,93,b3,4d,46,88,67,7b,2c,87,7c,97,74,8a,bf,26,d3,b5,97,\
"??"=hex:bb,99,5b,35,b3,c4,e2,c3,e3,ec,87,c5,4f,94,0a,09
.
[HKEY_USERS\S-1-5-21-2645705051-3475436260-4188310941-1000\Software\SecuROM\License information*]
"datasecu"=hex:5e,06,18,5f,a5,ec,5a,4f,fc,e2,dc,c6,ac,b6,89,05,a3,97,0f,08,09,
bb,f0,b5,b2,74,8d,50,3d,f4,47,b2,3d,29,e3,e8,a1,4d,03,14,dd,c3,4b,41,30,53,\
"rkeysecu"=hex:9d,02,ab,96,d1,1a,88,d2,e7,bb,36,52,04,ca,16,c7
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2011-05-06 16:42:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-06 14:42
.
Před spuštěním: Volných bajtů: 78 981 427 200
Po spuštění: Volných bajtů: 80 631 377 920
.
- - End Of File - - 4D2F8B87C845BBCBEDA2348ABEE0AA22

[vyosek]

Jeste jeden skript pro ComboFix - postup je stejny

Kód: Vybrat vše

KillAll::

Folder::
c:\programdata\PSRUFSZMOZG
c:\programdata\9eb0d6
c:\program files\Zrychleni Pocitace

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

DDS::
uStart Page = hxxp://eu.ask.com?o=15383&l=dis
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyServer = http=127.0.0.1:25387
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip

Firefox::
FF - ProfilePath - c:\users\Lukesh\AppData\Roaming\Mozilla\Firefox\Profiles\t8bg081v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=

Reboot::