Zamrzání, virus dle Avastu?

[stell]

Stiahnes>>OTMoveIt3 by OldTimer >.podla navodu vloz text a klik-Moveit>>log po restarte vloz sem

Kód: Vybrat vše

:processes
explorer.exe

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=-
"SpybotSD TeaTimer"=-

:commands
[emptytemp]
[emptyflash]
[ClearAllRestorePoints]
[resethosts]
[start explorer]
[Reboot]

[mantisa]

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 198656 bytes
->Temporary Internet Files folder emptied: 2535791 bytes
->FireFox cache emptied: 3413408 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: dan

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: TEMP

User: Vit
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1990525 bytes
->Java cache emptied: 33523218 bytes
->FireFox cache emptied: 96276662 bytes
->Flash cache emptied: 1710684 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 10667128 bytes
%systemroot%\System32 .tmp files removed: 4096 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49152 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34306 bytes
RecycleBin emptied: 3039120 bytes

Total Files Cleaned = 146,00 mb


Restore points cleared and new OTM Restore Point set!
G:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.15.0 log created on 07222010_215445

Files moved on Reboot...
File move failed. G:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File G:\WINDOWS\temp\Perflib_Perfdata_5a0.dat not found!

Registry entries deleted on Reboot...

[stell]

ok
odinstaluj program G:\Program Files\Spybot - Search & Destroy
nakolko nie som si isty ze posledny script pre combofix prebehol v poriadku,hoc subory tam nevidim,,,spustis este raz combofix,a log vloz sem,nakolko bol tam este 1-nebezpecny smejd,,zajtra sa na log pozriem sa,,dnes uz koncim
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[mantisa]

ComboFix 10-07-22.01 - Vit 22.07.2010 22:23:42.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.547 [GMT 2:00]
Spuštěný z: g:\documents and settings\Vit\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100722-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-22 do 2010-07-22 )))))))))))))))))))))))))))))))
.

2010-07-22 19:54 . 2010-07-22 19:54 -------- d-----w- G:\_OTM
2010-07-21 12:13 . 2010-07-21 12:13 -------- d-sh--w- g:\documents and settings\Administrator\PrivacIE
2010-06-30 09:17 . 2010-06-30 09:17 -------- d-----w- g:\program files\HIP GAMES

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 19:34 . 2009-06-23 11:24 -------- d-----w- g:\program files\trend micro
2010-07-19 12:41 . 2006-06-29 06:01 -------- d-----w- g:\program files\Common Files\Adobe
2010-07-07 12:16 . 2007-01-31 11:41 -------- d-----w- g:\program files\Google
2010-07-05 12:02 . 2009-07-14 15:53 -------- d-----w- g:\program files\ICQ6.5
2010-06-30 09:17 . 2006-06-29 05:58 -------- d--h--w- g:\program files\InstallShield Installation Information
2010-06-28 08:41 . 2010-02-12 12:56 -------- d-----w- g:\program files\Stroj na poklady
2010-06-23 15:40 . 2009-08-06 09:07 -------- d-----w- g:\program files\Playrix Games
2004-10-01 13:00 . 2006-06-29 05:58 40960 ----a-w- g:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="g:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-08 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd"="g:\windows\vsnpstd.exe" [2004-06-10 286720]
"StartCCC"="g:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"g:\\WINDOWS\\system32\\dpvsetup.exe"=
"g:\\Program Files\\EA SPORTS\\FIFA 07\\fifa07.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Program Files\\ICQ6.5\\ICQ.exe"=
"g:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8174:TCP"= 8174:TCP:BitComet 8174 TCP
"8174:UDP"= 8174:UDP:BitComet 8174 UDP

R1 aswSP;avast! Self Protection;g:\windows\system32\drivers\aswSP.sys [31.3.2008 20:07 114768]
R2 aswFsBlk;aswFsBlk;g:\windows\system32\drivers\aswFsBlk.sys [31.3.2008 20:07 20560]
S2 gupdate;Služba Google Update (gupdate);g:\program files\Google\Update\GoogleUpdate.exe [7.7.2010 14:14 136176]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-22 g:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- g:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 12:14]

2010-07-22 g:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- g:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 12:14]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mWindow Title = Microsoft Internet Explorer
IE: &ICQ Toolbar Search - g:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
TCP: {B298EE45-5066-4BC7-A88D-8DB104BDD928} = 192.168.29.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - g:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp01.photoprintit.de/microsite/4860/defaults/activex/IPSUploader.cab
FF - ProfilePath - g:\documents and settings\Vit\Data aplikací\Mozilla\Firefox\Profiles\n19xuzxt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: g:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: g:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: g:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: g:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: g:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: g:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
g:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
g:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-SpybotSD TeaTimer - g:\program files\Spybot - Search & Destroy\TeaTimer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-22 22:28
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(612)
g:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3840)
g:\progra~1\WINDOW~2\wmpband.dll
g:\windows\system32\msi.dll
g:\windows\system32\ieframe.dll
g:\windows\system32\webcheck.dll
g:\windows\system32\WPDShServiceObj.dll
g:\windows\system32\PortableDeviceTypes.dll
g:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-07-22 22:31:43
ComboFix-quarantined-files.txt 2010-07-22 20:31

Před spuštěním: Volných bajtů: 94 092 709 888
Po spuštění: Volných bajtů: 94 087 610 368

- - End Of File - - DD4A20174E5014219961238025CF0B1C

[stell]

ok,je v poriadku,
odinstaluj combofix
Nainstaluj Firewall
PC Tools Firewall Pro
http://www.viry.cz/forum/viewtopic.php?f=41&t=101985
a ak vsetko bude ok ,tot vse.

[mantisa]

Běží normálně Ještě jednou díky moc!!

[stell]

Nemas zaco.