VIRY.CZ

tak bohužel,zapnul jsem pc a vir tam byl pořád,akorát je vždy s jiným číslem CLAMAV-a48ae7f3d

Proskenujte PC pomocí AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .

Autoscan: completed 10 minutes ago (events: 6, objects: 240542, time: 05:50:01)
3.2.2010 20:43:19 Task started
4.2.2010 2:21:44 Detected: not-a-virus:AdWare.Win32.Zwangi.m C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Data aplikací\Kwinzy\kwinzy119.exe.vir
4.2.2010 2:21:44 Untreated: not-a-virus:AdWare.Win32.Zwangi.m C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Data aplikací\Kwinzy\kwinzy119.exe.vir Postponed
4.2.2010 2:28:38 Detected: not-a-virus:AdWare.Win32.Zwangi.m C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Data aplikací\Kwinzy\kwinzy119.exe.vir
4.2.2010 2:33:25 Deleted: not-a-virus:AdWare.Win32.Zwangi.m C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Data aplikací\Kwinzy\kwinzy119.exe.vir
4.2.2010 2:33:26 Task completed

AVP ho za vir nepovažuje, jinak by ho smazal. Neměl jste v PC někdy něco od ClamAntivirus? Pokud ano, budou to jeho zbytky.

to nevim,mam od začátku avast a spyware terminator,nevím,jak to najít,ten noční test ukázal kwinzy,to jsem tam měl,ale v noci se to smazalo,ten vir,ale při zapnutí nabíhá pořád pc taky neběží dobře.dřív se mi pc často při práci na ploše sekal,ted mi zrychlili internet a přestalo to,ale nevím jestli je to tím

Zkusíme ještě test na rootkit. Dejte logy Process a KernelModule z IceSword: http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 .

Kernel Module:

\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
74391972.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
isapnp.sys
sfsync04.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
jraid.sys
\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
sfhlp02.sys
sfhlp01.sys
sfdrv01a.sys
sfdrv01.sys
prosync1.sys
prohlp02.sys
Mup.sys
JGOGO.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\atl01_xp.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\System32\Drivers\kbfilter.SYS
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\system32\DRIVERS\7439197.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\UsbFltr.SYS
\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\System32\drivers\prodrv06.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\system32\DRIVERS\74391971.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\aswFsBlk.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\System32\drivers\enodpl.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\System32\drivers\tandpl.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\SystemRoot\System32\Drivers\ttjolota.sys
\WINDOWS\system32\ntdll.dll
Process:

System Idle Process
System
C:\Program Files\Media Key\MagicKey.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Media Key\OSD.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Documents and Settings\Pavel\Plocha\IceSword122en\IceSword.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pavel\Plocha\IceSword122en\IceSword.exe

Použijte znovu ComboFix s tímto skriptem:

Collect::
C:\Windows\system32\DRIVERS\7439197.sys
C:\Windows\system32\DRIVERS\74391971.sys
C:\Windows\system32\DRIVERS\74391972.sys
C:\Windows\System32\Drivers\ttjolota.sys

Driver::
74391972
7439197
74391971
ttjolota

ComboFix 10-02-01.01 - Pavel 04.02.2010 23:13:25.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1577 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100204-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: c:\windows\system32\DRIVERS\7439197.sys
file zipped: c:\windows\system32\DRIVERS\74391971.sys
file zipped: c:\windows\system32\DRIVERS\74391972.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\DRIVERS\7439197.sys
c:\windows\system32\DRIVERS\74391971.sys
c:\windows\system32\DRIVERS\74391972.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_74391971
-------\Legacy_74391972
-------\Legacy_TTJOLOTA
-------\Service_74391971
-------\Service_74391972
-------\Legacy_setup_9.0.0.722_03.02.2010_21-22drv
-------\Service_setup_9.0.0.722_03.02.2010_21-22drv


((((((((((((((((((((((((( Soubory vytvořené od 2010-01-04 do 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-03 19:19 . 2010-02-03 19:19 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-01 13:49 . 2010-02-01 13:49 -------- d-----w- C:\rsit
2010-01-27 14:42 . 2010-01-27 14:43 -------- d-----w- c:\windows\system32\NtmsData
2010-01-23 19:53 . 2010-01-23 19:56 -------- d-----w- c:\program files\JPEG Resampler
2010-01-19 14:16 . 2010-01-19 19:37 -------- d-----w- c:\program files\Vietcong

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 15:05 . 2008-10-28 10:39 -------- d-----w- c:\program files\WinClamAVShield
2010-02-04 13:48 . 2008-10-28 10:33 -------- d-----w- c:\program files\Spyware Terminator
2010-02-02 18:49 . 2009-02-20 14:38 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-02 18:48 . 2008-11-29 13:46 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-02-01 15:08 . 2008-10-28 10:24 -------- d-----w- c:\program files\Alwil Software
2010-01-28 15:55 . 2008-04-14 12:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-01-21 10:35 . 2009-03-03 16:10 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 11:57 . 2010-01-25 16:41 38848 ----a-w- c:\windows\system32\ava7.tmp
2010-01-19 11:57 . 2010-01-25 16:41 152672 ----a-w- c:\windows\system32\asw6.tmp
2010-01-18 17:25 . 2009-02-20 19:11 -------- d-----w- c:\program files\Cesta kolem světa za 80 dní
2010-01-04 17:30 . 2008-10-28 10:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 12:07 . 2009-01-22 14:39 -------- d-----w- c:\program files\Activision
2009-12-31 14:39 . 2009-12-30 12:43 -------- d-----w- c:\program files\Cesta do středu Země
2009-12-30 12:54 . 2009-12-30 12:50 -------- d-----w- c:\program files\Ankh
2009-12-29 07:27 . 2009-08-13 15:48 -------- d-----w- c:\program files\Ubisoft
2009-12-28 08:01 . 2009-12-28 07:49 -------- d-----w- c:\program files\FlatOut2
2009-12-26 18:15 . 2008-11-11 17:58 -------- d-----w- c:\program files\Google
2009-12-21 19:08 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 20:39 . 2008-10-31 19:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-15 18:30 . 2009-12-15 18:30 -------- d-----w- c:\program files\Terasoft
2009-12-14 09:32 . 2009-11-30 17:58 -------- d-----w- c:\program files\The KMPlayer
2009-12-10 11:09 . 2008-04-14 12:00 78030 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 11:09 . 2008-04-14 12:00 429018 ----a-w- c:\windows\system32\perfh005.dat
2009-12-09 20:17 . 2009-04-16 16:23 -------- d-----w- c:\program files\Hypermax
2009-12-07 14:31 . 2009-12-07 14:31 -------- d-----w- c:\program files\LucasArts
2009-11-30 17:50 . 2008-11-29 13:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-24 23:54 . 2008-10-28 10:24 1280480 ------w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-10-28 10:24 93424 ------w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-10-28 10:24 94160 ------w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-10-29 14:08 114768 ------w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-10-29 14:08 20560 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-10-28 10:24 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-10-28 10:24 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-10-28 10:24 27408 ------w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-10-28 10:24 97480 ------w- c:\windows\system32\AVASTSS.scr
2009-11-21 16:03 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-01_18.28.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-04 22:19 . 2010-02-04 22:19 16384 c:\windows\Temp\Perflib_Perfdata_5c4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-20 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-03 13508608]
"nwiz"="nwiz.exe" [2008-01-03 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-03 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-28 1783808]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Pavel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
setup_9.0.0.722_03.02.2010_21-22.lnk - c:\documents and settings\Pavel\Plocha\Virus Removal Tool\setup_9.0.0.722_03.02.2010_21-22\startup.exe [2010-2-3 72208]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Media Key.lnk - c:\program files\Media Key\MagicKey.exe [2008-12-3 159744]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29.10.2008 15:08 114768]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [3.12.2008 18:52 12856]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [28.10.2008 11:33 141312]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [3.12.2008 18:52 9291]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.10.2008 15:08 20560]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [28.10.2008 11:13 38656]
S2 gupdate1c9a3e9afe29ca;Google Update Service (gupdate1c9a3e9afe29ca);c:\program files\Google\Update\GoogleUpdate.exe [13.3.2009 15:36 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.11.2008 14:44 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 16:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 14:36]

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 14:36]

2010-02-04 c:\windows\Tasks\User_Feed_Synchronization-{5FC305F7-AF0E-4BD5-B765-136A4FE291E0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://212.158.133.188/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\1klnrolo.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage|http:// ... s:official
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 23:20
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x89D458E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba91cf28
\Driver\ACPI -> ACPI.sys @ 0xba77fcb8
\Driver\atapi -> prosync1.sys @ 0xbadae6c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller -> SendCompleteHandler -> NDIS.sys @ 0xba605bb0
PacketIndicateHandler -> NDIS.sys @ 0xba612a21
SendHandler -> NDIS.sys @ 0xba5f087b
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1792)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Media Key\OSD.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2010-02-04 23:24:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-04 22:24
ComboFix2.txt 2010-02-02 20:58
ComboFix3.txt 2010-02-01 20:07
ComboFix4.txt 2010-02-01 18:31

Před spuštěním: Volných bajtů: 169 396 137 984
Po spuštění: Volných bajtů: 169 379 880 960

- - End Of File - - D6D2AFF83C2F087A018822C14CEC9E8B

Smazáno. Ještě proveďte kontrolu MBR: http://www2.gmer.net/mbr/mbr.exe a dejte log.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

MBR je OK. PC tím pádem je čisté.

nevím co mám dělat,ale stejně mi při spuštění avast toho trojana ukázal

OK. Otestujte soubor s virem na www.virustotal.com .

já bohužel nevím,který to je soubor,co mám dát otestovat