Prosím o pomoc- podezření na vir

Zpráva

gooner · #1 Příspěvek od **gooner** » 03 čer 2011 17:41

Dobrý den, podle všeho to vypadá, že mám v PC vir, včera mi avast neustále "nutil" otevřít SpywareTerminator v Sandboxu, protože ho označil za nebezpečnou aplikaci. Následný scan, ale žádný vir nenašel a PC fungoval normálně. No, dnes po zapnutí PC nejprve naskočila modrá obrazovka s nějakým hlášením, které jsem ale nestihl přečíst, neboť jsem musel odběhnout. Poté nápis "Vítejte" nabíhal déle než obvykle, a když se Windows nakonec rozběhlo, tak byl vyplý jak Avast antivir, tak Windows defender. Avast antivir navíc nejde zapnout. SpywareTerminator jsem odinstaloval, pustil nouzový režim, a zajímalo by mě jak mám nyní postupovat.
Děkuji a omlouvám se, zas tolik tomu nerozumím

#2 Příspěvek od **vyosek** » 03 čer 2011 17:43

Zdravim a pekny vecer preji

Zustante zatim v nouzovem rezimu

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

Taktez vlozte log z RSIT - viz muj podpis

gooner · #3 Příspěvek od **gooner** » 03 čer 2011 17:59

Dobrý večer a děkuji za tak rychlou odpověď..

Mezitím co jsem sem napsal tento příspěvěk, jsem spustil Online Scanner na stránce F-Secure, výsledek je, že bylo nalezeno 10 inf.souborů a mám možnost jejich léčby /viz obr. http://screenshot.cz/F4Z73/ /. Doufám, že jsem tim nic nepokazil.

Nyní se tedy pustím do vašeho návodu. Díky

gooner · #4 Příspěvek od **gooner** » 03 čer 2011 18:11

TDSSKiller žádnou hrozbu nenašel. Zde je log z TDSSKilleru:
Log ze RSITu přidám pro přehlednost v dalším příspěvku. Děkuji

2011/06/03 19:06:28.0552 1268 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/03 19:06:28.0606 1268 ================================================================================
2011/06/03 19:06:28.0606 1268 SystemInfo:
2011/06/03 19:06:28.0606 1268
2011/06/03 19:06:28.0606 1268 OS Version: 6.1.7601 ServicePack: 1.0
2011/06/03 19:06:28.0606 1268 Product type: Workstation
2011/06/03 19:06:28.0606 1268 ComputerName: UŽIVATEL-PC
2011/06/03 19:06:28.0606 1268 UserName: Uživatel
2011/06/03 19:06:28.0606 1268 Windows directory: C:\Windows
2011/06/03 19:06:28.0606 1268 System windows directory: C:\Windows
2011/06/03 19:06:28.0606 1268 Running under WOW64
2011/06/03 19:06:28.0606 1268 Processor architecture: Intel x64
2011/06/03 19:06:28.0606 1268 Number of processors: 4
2011/06/03 19:06:28.0606 1268 Page size: 0x1000
2011/06/03 19:06:28.0606 1268 Boot type: Safe boot with network
2011/06/03 19:06:28.0606 1268 ================================================================================
2011/06/03 19:06:29.0309 1268 Initialize success
2011/06/03 19:06:40.0591 2244 ================================================================================
2011/06/03 19:06:40.0591 2244 Scan started
2011/06/03 19:06:40.0591 2244 Mode: Manual;
2011/06/03 19:06:40.0591 2244 ================================================================================
2011/06/03 19:06:41.0212 2244 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/06/03 19:06:41.0245 2244 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/06/03 19:06:41.0299 2244 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/06/03 19:06:41.0333 2244 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/03 19:06:41.0361 2244 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/03 19:06:41.0401 2244 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/03 19:06:41.0485 2244 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/06/03 19:06:41.0526 2244 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/06/03 19:06:41.0547 2244 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/06/03 19:06:41.0580 2244 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/06/03 19:06:41.0595 2244 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/03 19:06:41.0728 2244 amdkmdag (538b0a6e89aca1929668f9eb95d3c0bc) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/03 19:06:41.0868 2244 amdkmdap (977286b382fe0920f379a69c351a7af4) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/03 19:06:41.0900 2244 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/03 19:06:41.0935 2244 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/06/03 19:06:41.0966 2244 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/03 19:06:42.0000 2244 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/06/03 19:06:42.0047 2244 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/06/03 19:06:42.0092 2244 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/03 19:06:42.0103 2244 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/03 19:06:42.0137 2244 aswFsBlk (f810e3ea3d1f3c3ba26f2f4719bdca4f) C:\Windows\system32\drivers\aswFsBlk.sys
2011/06/03 19:06:42.0165 2244 aswMonFlt (3687fd9cedf56d3b9f18923f4e14f3f9) C:\Windows\system32\drivers\aswMonFlt.sys
2011/06/03 19:06:42.0174 2244 aswRdr (e99e48596b35e5d5240104bcd61b3471) C:\Windows\system32\drivers\aswRdr.sys
2011/06/03 19:06:42.0233 2244 aswSnx (84ad8fb3fd2efa52d8599a0028bbb6fe) C:\Windows\system32\drivers\aswSnx.sys
2011/06/03 19:06:42.0266 2244 aswSP (8cba6cc5dca9e3829f1792bf98f06901) C:\Windows\system32\drivers\aswSP.sys
2011/06/03 19:06:42.0284 2244 aswTdi (184248f2ded7b1641c7f3b30381baa2a) C:\Windows\system32\drivers\aswTdi.sys
2011/06/03 19:06:42.0295 2244 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/03 19:06:42.0321 2244 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/06/03 19:06:42.0348 2244 AtiHDAudioService (cbe5f8b3e54198f5dfe403a55a95de08) C:\Windows\system32\drivers\AtihdW76.sys
2011/06/03 19:06:42.0375 2244 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
2011/06/03 19:06:42.0520 2244 atikmdag (538b0a6e89aca1929668f9eb95d3c0bc) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/03 19:06:42.0597 2244 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/03 19:06:42.0614 2244 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/03 19:06:42.0655 2244 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/03 19:06:42.0690 2244 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/03 19:06:42.0732 2244 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/03 19:06:42.0751 2244 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/03 19:06:42.0775 2244 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/03 19:06:42.0797 2244 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/03 19:06:42.0816 2244 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/03 19:06:42.0858 2244 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/03 19:06:42.0887 2244 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/03 19:06:42.0963 2244 BthAvrcp (832b121e4532919cc49f2438f1dcaa21) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2011/06/03 19:06:43.0028 2244 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/06/03 19:06:43.0051 2244 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/03 19:06:43.0106 2244 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/03 19:06:43.0148 2244 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\System32\Drivers\BTHport.sys
2011/06/03 19:06:43.0191 2244 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\System32\Drivers\BTHUSB.sys
2011/06/03 19:06:43.0210 2244 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/03 19:06:43.0233 2244 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/06/03 19:06:43.0261 2244 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/03 19:06:43.0286 2244 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/03 19:06:43.0334 2244 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/03 19:06:43.0370 2244 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/06/03 19:06:43.0420 2244 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/06/03 19:06:43.0430 2244 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/03 19:06:43.0472 2244 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/06/03 19:06:43.0483 2244 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/03 19:06:43.0543 2244 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/06/03 19:06:43.0563 2244 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/03 19:06:43.0579 2244 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/03 19:06:43.0636 2244 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/03 19:06:43.0684 2244 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/03 19:06:43.0750 2244 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/03 19:06:43.0844 2244 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/03 19:06:43.0884 2244 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/06/03 19:06:43.0914 2244 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/03 19:06:43.0939 2244 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/03 19:06:43.0957 2244 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/03 19:06:43.0974 2244 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/03 19:06:43.0991 2244 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/03 19:06:44.0020 2244 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/03 19:06:44.0059 2244 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/06/03 19:06:44.0088 2244 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/03 19:06:44.0105 2244 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/03 19:06:44.0143 2244 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/03 19:06:44.0160 2244 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/03 19:06:44.0227 2244 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/03 19:06:44.0275 2244 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/06/03 19:06:44.0300 2244 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/06/03 19:06:44.0322 2244 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/03 19:06:44.0356 2244 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/03 19:06:44.0374 2244 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/03 19:06:44.0402 2244 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/06/03 19:06:44.0428 2244 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/06/03 19:06:44.0488 2244 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/06/03 19:06:44.0540 2244 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/03 19:06:44.0553 2244 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/06/03 19:06:44.0610 2244 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/06/03 19:06:44.0637 2244 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/03 19:06:44.0724 2244 IntcAzAudAddService (397af4c77e4ac1b262e4ebac2958188c) C:\Windows\system32\drivers\RTKVHD64.sys
2011/06/03 19:06:44.0763 2244 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/06/03 19:06:44.0802 2244 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/03 19:06:44.0851 2244 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/03 19:06:44.0896 2244 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/06/03 19:06:44.0913 2244 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/03 19:06:44.0929 2244 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/03 19:06:44.0955 2244 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/06/03 19:06:44.0976 2244 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/06/03 19:06:45.0033 2244 JRAID (86cfef6dc6de51aab0c10384fe98f48f) C:\Windows\system32\DRIVERS\jraid.sys
2011/06/03 19:06:45.0070 2244 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/06/03 19:06:45.0096 2244 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/06/03 19:06:45.0114 2244 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/03 19:06:45.0167 2244 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/03 19:06:45.0182 2244 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/03 19:06:45.0239 2244 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/03 19:06:45.0312 2244 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/03 19:06:45.0345 2244 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/03 19:06:45.0379 2244 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/03 19:06:45.0417 2244 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/03 19:06:45.0454 2244 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/03 19:06:45.0510 2244 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/03 19:06:45.0535 2244 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/03 19:06:45.0553 2244 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/03 19:06:45.0590 2244 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/03 19:06:45.0643 2244 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/06/03 19:06:45.0655 2244 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/03 19:06:45.0692 2244 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/06/03 19:06:45.0734 2244 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/06/03 19:06:45.0763 2244 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/03 19:06:45.0792 2244 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/06/03 19:06:45.0825 2244 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/03 19:06:45.0865 2244 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/03 19:06:45.0890 2244 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/03 19:06:45.0903 2244 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/06/03 19:06:45.0952 2244 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/06/03 19:06:45.0983 2244 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/03 19:06:46.0012 2244 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/03 19:06:46.0028 2244 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/06/03 19:06:46.0074 2244 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/03 19:06:46.0088 2244 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/03 19:06:46.0105 2244 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/03 19:06:46.0150 2244 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/06/03 19:06:46.0206 2244 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/06/03 19:06:46.0246 2244 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/03 19:06:46.0264 2244 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/03 19:06:46.0284 2244 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/03 19:06:46.0326 2244 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/03 19:06:46.0386 2244 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/06/03 19:06:46.0408 2244 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/03 19:06:46.0446 2244 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/03 19:06:46.0483 2244 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/03 19:06:46.0513 2244 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/03 19:06:46.0552 2244 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/06/03 19:06:46.0574 2244 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/03 19:06:46.0623 2244 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/03 19:06:46.0666 2244 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/03 19:06:46.0703 2244 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/03 19:06:46.0721 2244 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/03 19:06:46.0786 2244 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/06/03 19:06:46.0822 2244 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/03 19:06:46.0874 2244 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/06/03 19:06:46.0906 2244 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/06/03 19:06:46.0957 2244 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/06/03 19:06:47.0014 2244 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/06/03 19:06:47.0057 2244 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/03 19:06:47.0100 2244 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/06/03 19:06:47.0133 2244 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/06/03 19:06:47.0151 2244 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/06/03 19:06:47.0174 2244 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/03 19:06:47.0194 2244 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/03 19:06:47.0226 2244 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/03 19:06:47.0325 2244 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/03 19:06:47.0338 2244 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/03 19:06:47.0395 2244 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/03 19:06:47.0428 2244 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/03 19:06:47.0459 2244 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/03 19:06:47.0504 2244 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/03 19:06:47.0539 2244 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/03 19:06:47.0574 2244 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/03 19:06:47.0620 2244 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/03 19:06:47.0636 2244 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/03 19:06:47.0653 2244 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/03 19:06:47.0687 2244 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/03 19:06:47.0698 2244 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/03 19:06:47.0743 2244 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/03 19:06:47.0780 2244 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/03 19:06:47.0831 2244 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/03 19:06:47.0884 2244 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/06/03 19:06:47.0948 2244 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/06/03 19:06:48.0029 2244 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/03 19:06:48.0074 2244 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/03 19:06:48.0130 2244 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/06/03 19:06:48.0176 2244 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/06/03 19:06:48.0223 2244 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/03 19:06:48.0265 2244 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/03 19:06:48.0328 2244 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/03 19:06:48.0365 2244 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/03 19:06:48.0398 2244 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/03 19:06:48.0491 2244 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/06/03 19:06:48.0516 2244 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/03 19:06:48.0525 2244 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/03 19:06:48.0543 2244 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/03 19:06:48.0583 2244 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/03 19:06:48.0601 2244 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/03 19:06:48.0630 2244 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/03 19:06:48.0666 2244 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/03 19:06:48.0726 2244 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/06/03 19:06:48.0763 2244 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/06/03 19:06:48.0808 2244 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/03 19:06:48.0846 2244 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/03 19:06:48.0913 2244 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/03 19:06:48.0961 2244 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/06/03 19:06:49.0058 2244 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/06/03 19:06:49.0109 2244 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/03 19:06:49.0172 2244 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/03 19:06:49.0221 2244 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/03 19:06:49.0248 2244 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/03 19:06:49.0320 2244 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/03 19:06:49.0339 2244 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/06/03 19:06:49.0457 2244 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/03 19:06:49.0490 2244 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/06/03 19:06:49.0541 2244 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/03 19:06:49.0571 2244 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/03 19:06:49.0611 2244 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/03 19:06:49.0656 2244 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/03 19:06:49.0699 2244 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/06/03 19:06:49.0719 2244 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/03 19:06:49.0770 2244 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
2011/06/03 19:06:49.0809 2244 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/06/03 19:06:49.0841 2244 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
2011/06/03 19:06:49.0899 2244 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/03 19:06:49.0953 2244 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
2011/06/03 19:06:49.0972 2244 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/03 19:06:50.0013 2244 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
2011/06/03 19:06:50.0031 2244 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/06/03 19:06:50.0065 2244 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/06/03 19:06:50.0085 2244 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/03 19:06:50.0094 2244 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/03 19:06:50.0132 2244 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/06/03 19:06:50.0152 2244 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/06/03 19:06:50.0172 2244 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/06/03 19:06:50.0220 2244 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/06/03 19:06:50.0239 2244 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/06/03 19:06:50.0271 2244 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/03 19:06:50.0289 2244 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/06/03 19:06:50.0325 2244 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/03 19:06:50.0401 2244 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/03 19:06:50.0408 2244 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/03 19:06:50.0461 2244 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/03 19:06:50.0494 2244 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/03 19:06:50.0568 2244 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/03 19:06:50.0583 2244 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/03 19:06:50.0666 2244 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/03 19:06:50.0704 2244 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/03 19:06:50.0726 2244 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/03 19:06:50.0771 2244 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/06/03 19:06:50.0801 2244 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/03 19:06:50.0830 2244 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/03 19:06:50.0839 2244 ================================================================================
2011/06/03 19:06:50.0839 2244 Scan finished
2011/06/03 19:06:50.0839 2244 ================================================================================
2011/06/03 19:06:50.0845 2516 Detected object count: 0
2011/06/03 19:06:50.0845 2516 Actual detected object count: 0

gooner · #5 Příspěvek od **gooner** » 03 čer 2011 18:26

Zde je log ze RSITu, případně mohu přidat i info.txt.

Chtěl bych se zeptat zda mohu potvrdit léčbu OnlineScannerem F-Secure kliknutím na tlačítko "Další"
(viz http://screenshot.cz/F4Z73/).
Děkuji moc

Logfile of random's system information tool 1.08 (written by random/random)
Run by Uživatel at 2011-06-03 19:12:46
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 276 GB (58%) free of 477 GB
Total RAM: 4091 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:13:17, on 3.6.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Users\Uživatel\AppData\Local\Temp\fsonlinescanner.exe
C:\Users\Uživatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Uživatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Uživatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Uživatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Uživatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Uživatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Uživatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Uživatel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\UIVATE~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\Users\UIVATE~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Users\Uživatel\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Uživatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\ctbr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\ctbr.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Uživatel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D26BBD60-3CE6-427A-AA95-472CF9775200}: NameServer = 77.48.100.254,77.48.254.254
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\ctbr.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8339 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1302410419-408322867-4161758609-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1302410419-408322867-4161758609-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~2\Crawler\ctbr.dll [2010-08-09 1241960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~2\Crawler\ctbr.dll [2010-08-09 1241960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-02-23 3451496]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-25 98304]
"ATICustomerCare"=C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"BCU"=C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2009-08-04 346320]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Uživatel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2010-11-17 1242448]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-06-03 19:12:46 ----D---- C:\rsit
2011-06-03 19:12:46 ----D---- C:\Program Files (x86)\trend micro
2011-06-03 19:06:28 ----A---- C:\TDSSKiller.2.5.3.0_03.06.2011_19.06.28_log.txt
2011-06-03 18:49:40 ----D---- C:\Users\Uživatel\AppData\Roaming\f-secure
2011-06-03 18:49:35 ----D---- C:\ProgramData\F-Secure
2011-06-03 18:01:50 ----D---- C:\Windows\Sun
2011-05-10 23:18:12 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2011-05-10 23:18:12 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2011-05-10 23:17:54 ----A---- C:\Windows\SysWOW64\poqexec.exe

======List of files/folders modified in the last 1 months======

2011-06-03 19:12:50 ----D---- C:\Windows\Temp
2011-06-03 19:12:46 ----RD---- C:\Program Files (x86)
2011-06-03 19:06:29 ----A---- C:\Windows\ntbtlog.txt
2011-06-03 18:49:35 ----HD---- C:\ProgramData
2011-06-03 18:01:50 ----D---- C:\Windows
2011-06-03 17:06:51 ----SHD---- C:\System Volume Information
2011-06-03 16:58:19 ----D---- C:\Windows\Prefetch
2011-06-03 16:56:42 ----D---- C:\Windows\SysWOW64\drivers
2011-06-03 16:51:28 ----D---- C:\Program Files (x86)\Steam
2011-06-03 16:49:48 ----D---- C:\Program Files (x86)\Common Files\Steam
2011-06-03 16:15:42 ----D---- C:\Windows\Minidump
2011-06-02 13:38:58 ----D---- C:\Windows\System32
2011-06-02 13:38:58 ----D---- C:\Windows\inf
2011-05-25 08:56:11 ----D---- C:\Windows\winsxs
2011-05-10 23:32:23 ----D---- C:\Windows\SysWOW64
2011-05-10 23:22:52 ----SHD---- C:\Windows\Installer
2011-05-10 23:22:52 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys []
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
S1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []
S1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
S1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
S2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
S2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys []
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-02-23 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-06 136176]
S2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-03-23 75136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-06 136176]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-06-02 403240]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 BCUService;Browser Configuration Utility Service; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]

-----------------EOF-----------------

#6 Příspěvek od **vyosek** » 03 čer 2011 21:02

Jelikoz nevim, co F-Secure oznacilo za havet, tak nevim, ale moc bych mu neveril - udelame kontrolu kavlitnejsim skenerem

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

gooner · #7 Příspěvek od **gooner** » 03 čer 2011 22:36

F-Secure označil samé trackingcookies, které jsem dal "vyléčit". Ovšem Avast stále nefunkční, neměl bych ho přeinstalovat?

MBAM také žádný malware nenašel

, zde je log, díky:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Verze databáze: 6766

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

3.6.2011 23:31:26
mbam-log-2011-06-03 (23-31-26).txt

Typ: Úplná kontrola (C:\|)
Kontrolované objekty: 342904
Uplynulý čas: 31 minut, 47 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

#8 Příspěvek od **vyosek** » 04 čer 2011 06:34

Tracking cookies jsou neskodne...

Zkuste Avast preinstalovate na nejnovejsi verzi (6) a pak napiste

gooner · #9 Příspěvek od **gooner** » 05 čer 2011 14:11

Tak jsem AVAST reinstaloval, ale stále nefunguje.. jakoby ho něco blokovalo. Tlačítko "Opravit" nereaguje a když jsem se chtěl znova zaregistrovat, tak to hodilo tuhle informaci o modulu AAVM:
http://screenshot.cz/O5IE6/

Mimoto nejde spustit ani Centrum zabezpečení systému Windows, ale to je možná nouzovým režimem.

Nápověda Windows mi nabízí bod obnovení, ale to jsem nikdy nedělal..

Nějaké nápady? díky

#10 Příspěvek od **vyosek** » 05 čer 2011 14:30

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

gooner · #11 Příspěvek od **gooner** » 05 čer 2011 16:32

Zde je log z ComboFixu, snad jsem to udělal podle návodu správně :

ComboFix 11-06-05.01 - Uživatel 05.06.2011 17:12:36.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4091.3124 [GMT 2:00]
Spuštěný z: c:\users\Uživatel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-05 do 2011-06-05 )))))))))))))))))))))))))))))))
.
.
2011-06-05 15:16 . 2011-06-05 15:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-05 13:12 . 2011-06-05 13:12 -------- d-----w- c:\program files (x86)\ESET
2011-06-05 12:59 . 2011-05-10 12:04 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-05 12:59 . 2011-05-10 11:59 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-05 12:59 . 2011-05-10 12:04 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-05 12:59 . 2011-05-10 12:02 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-05 12:59 . 2011-05-10 11:59 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-05 12:59 . 2011-05-10 11:59 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-05 12:59 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-05 12:59 . 2011-05-10 12:10 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-06-05 12:59 . 2011-06-05 12:59 -------- d-----w- c:\programdata\AVAST Software
2011-06-05 12:59 . 2011-06-05 12:59 -------- d-----w- c:\program files\AVAST Software
2011-06-03 20:56 . 2011-06-03 20:56 -------- d-----w- c:\users\Uživatel\AppData\Roaming\Malwarebytes
2011-06-03 20:56 . 2011-06-03 20:56 -------- d-----w- c:\programdata\Malwarebytes
2011-06-03 20:56 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-03 20:56 . 2011-06-03 20:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-03 20:56 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-03 17:12 . 2011-06-03 17:13 -------- d-----w- C:\rsit
2011-06-03 17:12 . 2011-06-03 17:13 -------- d-----w- c:\program files (x86)\trend micro
2011-06-03 16:49 . 2011-06-03 16:49 -------- d-----w- c:\users\Uživatel\AppData\Roaming\f-secure
2011-06-03 16:49 . 2011-06-03 16:49 -------- d-----w- c:\programdata\F-Secure
2011-06-03 16:01 . 2011-06-03 16:01 -------- d-----w- c:\windows\Sun
2011-06-03 15:06 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D1F2897-424F-4A0A-A0D1-CC537EA70C67}\mpengine.dll
2011-05-25 06:46 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-10 21:18 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-10 21:18 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-10 21:18 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-10 21:17 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-10 21:17 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-10 21:17 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-10 21:17 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-10 21:17 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-10 21:17 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-10 21:17 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-10 21:17 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-10 21:17 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2011-01-13 14:08 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-30 12:10 . 2010-01-04 15:39 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-04-30 12:10 . 2009-12-29 10:50 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-17 16:08 . 2009-12-29 10:50 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-04-13 18:50 . 2011-04-13 18:50 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-13 18:50 . 2011-04-13 18:50 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-13 18:50 . 2011-04-13 18:50 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-13 18:50 . 2011-04-13 18:50 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-13 18:50 . 2011-04-13 18:50 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-13 18:50 . 2011-04-13 18:50 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-13 18:50 . 2011-04-13 18:50 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-13 18:50 . 2011-04-13 18:50 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-13 18:50 . 2011-04-13 18:50 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-13 18:50 . 2011-04-13 18:50 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-13 18:50 . 2011-04-13 18:50 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-13 18:50 . 2011-04-13 18:50 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-13 18:50 . 2011-04-13 18:50 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 18:50 . 2011-04-13 18:50 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-13 18:50 . 2011-04-13 18:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-13 18:50 . 2011-04-13 18:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-13 18:50 . 2011-04-13 18:50 448512 ----a-w- c:\windows\system32\html.iec
2011-04-13 18:50 . 2011-04-13 18:50 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-13 18:50 . 2011-04-13 18:50 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-13 18:50 . 2011-04-13 18:50 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-13 18:50 . 2011-04-13 18:50 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-13 18:50 . 2011-04-13 18:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-13 18:50 . 2011-04-13 18:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-13 18:50 . 2011-04-13 18:50 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-13 18:50 . 2011-04-13 18:50 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-13 18:50 . 2011-04-13 18:50 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-13 18:50 . 2011-04-13 18:50 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-13 18:50 . 2011-04-13 18:50 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-13 18:50 . 2011-04-13 18:50 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-13 18:50 . 2011-04-13 18:50 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-13 18:50 . 2011-04-13 18:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-13 18:50 . 2011-04-13 18:50 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-13 18:50 . 2011-04-13 18:50 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-13 18:50 . 2011-04-13 18:50 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-13 18:50 . 2011-04-13 18:50 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-13 18:50 . 2011-04-13 18:50 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-13 18:50 . 2011-04-13 18:50 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-13 18:50 . 2011-04-13 18:50 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-13 18:50 . 2011-04-13 18:50 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-13 18:50 . 2011-04-13 18:50 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-13 18:50 . 2011-04-13 18:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-13 18:50 . 2011-04-13 18:50 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-13 17:11 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-13 17:11 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-28 11:53 . 2010-01-04 15:39 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-23 14:02 . 2011-03-23 14:02 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-03-23 14:02 . 2011-03-23 14:02 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-03-12 12:08 . 2011-04-27 12:26 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 11:23 . 2011-04-27 12:26 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:41 . 2011-04-27 12:12 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 06:41 . 2011-04-27 12:12 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 06:41 . 2011-04-27 12:12 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 06:41 . 2011-04-27 12:12 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 06:41 . 2011-04-27 12:12 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 06:41 . 2011-04-27 12:12 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 06:41 . 2011-04-27 12:12 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 06:34 . 2011-04-13 12:14 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-13 12:14 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:33 . 2011-04-27 12:12 2565632 ----a-w- c:\windows\system32\esent.dll
2011-03-11 06:30 . 2011-04-27 12:12 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-03-11 05:33 . 2011-04-13 12:14 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:33 . 2011-04-13 12:14 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:33 . 2011-04-27 12:12 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2011-03-11 05:31 . 2011-04-27 12:12 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-03-08 06:29 . 2011-04-13 12:13 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-13 12:13 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2010-11-17 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-06 136176]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-06 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-06 16:20]
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-06 16:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-25 8084000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{D26BBD60-3CE6-427A-AA95-472CF9775200}: NameServer = 77.48.100.254,77.48.254.254
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EAX Unified - c:\program files (x86)\Creative\EAX Unified\Uninst.isu
AddRemove-Totalcmd - c:\totalcmd\tcuninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0f,84,ac,89,77,49,1f,40,a1,1f,c1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0f,84,ac,89,77,49,1f,40,a1,1f,c1,\
.
[HKEY_USERS\S-1-5-21-1302410419-408322867-4161758609-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:7c,dc,bd,94,b2,ef,ce,02,e3,c0,9a,e2,9c,02,7b,26,45,b3,e2,8f,af,58,da,
8d,cf,06,3e,6c,99,cd,2d,cb,1b,14,2f,76,bb,b0,3d,73,a3,e3,8b,b8,78,13,0c,5c,\
"??"=hex:7d,c1,0b,62,6f,fe,5a,9e,7f,c2,73,63,37,c0,4b,a7
.
[HKEY_USERS\S-1-5-21-1302410419-408322867-4161758609-1000\Software\SecuROM\License information*]
"datasecu"=hex:78,6f,2e,08,71,fd,e5,f9,18,8f,90,3b,f4,4d,9b,88,ae,0e,3a,d1,e5,
3d,64,05,b0,9d,5e,f5,9c,a3,ab,84,cc,1d,2b,34,98,49,d0,a3,56,01,66,e4,0a,90,\
"rkeysecu"=hex:fe,ad,d9,98,c5,71,87,ea,fd,79,9a,6c,85,fd,ff,ab
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-06-05 17:17:42
ComboFix-quarantined-files.txt 2011-06-05 15:17
.
Před spuštěním: Volných bajtů: 289 535 610 880
Po spuštění: Volných bajtů: 289 999 110 144
.
- - End Of File - - 7B5825EAC5BD3950F76C7AD8A340B43B

#12 Příspěvek od **vyosek** » 05 čer 2011 20:22

Omlouvam se za zdrzeni, pracovni povinnosti

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"=-
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"=-
"Malwarebytes' Anti-Malware"=-

Driver::
gupdate
gupdatem

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

DDS::
uStart Page = hxxp://vshare.toolbarhome.com/?hp=df

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-1302410419-408322867-4161758609-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-1302410419-408322867-4161758609-1000\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

gooner · #13 Příspěvek od **gooner** » 05 čer 2011 20:50

Provádím to v nouzovém režimu a po přetažení "CFScript.txt" na "ComboFix.exe" na mě vypadla informace, že je k dispozici nová verze ComboFixu, jestli si prý přeju aktualizovat.. mám to nejprve aktualizovat, nebo to není důležité? Díky

#14 Příspěvek od **vyosek** » 06 čer 2011 09:44

Ano aktualizujte, pripadne ten ComboFix nejprve smazte, stahnete novy z odkazu co jsem Vam daval a aplikujte skript - v nove verzi budou pridany nove typy haveti apod...

gooner · #15 Příspěvek od **gooner** » 06 čer 2011 14:04

Předtím, než jsem spustil CFScript.txt v Combofixu, tak jsem vypl firewall i avast (v procesech i v msconfigu), ale stejně to na mě plivlo tuto hlášku: http://screenshot.cz/PPJI3/, mám ji ignorovat?

Mám ještě před ComboFixem spustit RKILL? Dík

VIRY.CZ

Prosím o pomoc- podezření na vir

Prosím o pomoc- podezření na vir

Re: Prosím o pomoc- podezření na vir

Re: Prosím o pomoc- podezření na vir

Re: Prosím o pomoc- podezření na vir

Re: Prosím o pomoc- podezření na vir

Re: Prosím o pomoc- podezření na vir

Re: Prosím o pomoc- podezření na vir

Re: Prosím o pomoc- podezření na vir

Re: Prosím o pomoc- podezření na vir

Re: Prosím o pomoc- podezření na vir

Re: Prosím o pomoc- podezření na vir

Re: Prosím o pomoc- podezření na vir

Re: Prosím o pomoc- podezření na vir

Re: Prosím o pomoc- podezření na vir

Re: Prosím o pomoc- podezření na vir