opravuji problemy po ave.exe, bojim se zatim restartu
Napsal: 29 dub 2010 17:51
Zdravim, dostal jsem se k problemum s XP security tools , nejspise sledovanim simpsnu na nejakem ruskem webu ( snotri nebo tak ), mea maxima culpa...pak to zustalo zaple a nabihalo to stale apod., pak to zkrz registry prestalo spoustet exe soubory, ale nastesti chromium slo, nicmene pomalu, tak jsem to nejak poresil...
Hledal jsem co s tim ostatni a nemel jsem zaden antivir, jen cistim ccleanerem a davam si pozor. Pak jsem nainstaloval Avast ( zrejme blbost ) a neco malo tam poresil (myslim ze presun nebo del. cdrom.sys), proces jsem zrusil i odstranil z registru hledanim ave.exe, ALE:
1. nevim ale zdali jsem v nejakem pripade nesmazal cely radek, jen misto smazani cesty k haveti, projizdim to ted malwarebytes a neco jsem opravil.
(edit: tady me napada, ze jsem daval i import ze zalohy registru a mazal jsem to v registru znova, tak snad jsem to timto nasel a tak tam neni prazdny radek, ale kdovi)
2. nevim zdali se nenakazil i avast, jednou delal i test po restartu, neco nasel a winy mi nastesti nabehly, chci to odinstalovat...a otestovat necim poradnym...
3. Nez se do toho vrhnu, chtel bych udelat maximum pro to, abych neriskoval, ze se mi system nerozjede, nebo prehazi mbr tabulku apod., jak jsem take v souvislosti s ave cetl a setkal jsem se s tim pri posledni infekci pred rokem
Takze prosim o radu, ci pomoc, zatim se zda ze nejedou nektere prohlizece, ale to bude asi tim ze par svchostu padlo...
mbam po me zada restart take, ale predtim potrebuji udelat misto a pro jistotu zalohovat spoustu dat, hlavne vypalit fotky, ze...snad nekde nechybi to cdrom.sys, nebo jak to bylo O:l
Peace
edit: ccleaner ted hlasi ze neni program regedit.exe v system32, ale to byl ten spatny, ktary jsem presunul, nebo tam patri nejaky?
take se mi opet zmenilo v prog. po spusteni spustit regedit32, tak jsem dal zas NE, muzu to smazat?je tam toho vic a zakazoval jsem ty spatne, ted maj ano zrejme jen ty co maj...
chtel bych take odstranit soubory softwaru, neco je v tom ad. system32, neco jako security myslim apod., ale nevim presne a nechci aby pak neco chybelo...diky
Logfile of random's system information tool 1.06 (written by random/random)
Run by jaa at 2010-04-29 18:24:33
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 358 MB (7%) free of 5 GB
Total RAM: 1007 MB (40% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:55, on 29.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
F:\f\opera964int\opera964int\op.com
C:\DOCUME~1\jaa\LOCALS~1\Temp\opera\opcache4\temporary_download\RSIT.exe
C:\Program Files\trend micro\jaa.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.play.cz/listen/listen.php?sh ... &stype=MP3
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{137156CD-7D39-464F-9647-67F9F9AA6D48}: NameServer = 195.146.100.100,195.146.100.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{137156CD-7D39-464F-9647-67F9F9AA6D48}: NameServer = 195.146.100.100,195.146.100.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{137156CD-7D39-464F-9647-67F9F9AA6D48}: NameServer = 195.146.100.100,195.146.100.5
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 4235 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-22 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-22 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-04-06 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-04-06 114688]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-04-14 2790472]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-30 437584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2002-12-25 159744]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iasmapDraw]
C:\Documents and Settings\jaa\Local Settings\Data aplikací\iasmapDraw\iasmapDraw.dll, DllInit []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PmProxy]
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe [2003-02-28 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-22 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xmlie64]
C:\Documents and Settings\jaa\Local Settings\Data aplikací\xmlie64\xmlie64.dll [2010-04-28 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^RAMASST.lnk]
C:\WINDOWS\system32\RAMASST.exe [2003-03-14 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jaa^Nabídka Start^Programy^Po spuštění^srvaju32.exe]
C:\Documents and Settings\jaa\Nabídka Start\Programy\Po spuštění\srvaju32.exe []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-06 315392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE"="C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE:*:Enabled:Microsoft® Motocross Madness 2"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"F:\blobby\volley.exe"="F:\blobby\volley.exe:*:Enabled:volley"
"C:\QIP Infium JadrisPack\infium.exe"="C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-04-29 18:24:34 ----D---- C:\Program Files\trend micro
2010-04-29 18:24:33 ----D---- C:\rsit
2010-04-28 20:02:31 ----D---- C:\Documents and Settings\jaa\Data aplikací\Malwarebytes
2010-04-28 20:02:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-04-28 20:02:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-28 13:45:21 ----D---- C:\WINDOWS\pss
2010-04-28 12:12:47 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-04-28 12:12:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-04-28 10:46:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\avG
======List of files/folders modified in the last 1 months======
2010-04-29 18:24:34 ----RD---- C:\Program Files
2010-04-29 18:24:16 ----D---- C:\WINDOWS\Prefetch
2010-04-29 18:14:00 ----D---- C:\WINDOWS\system32\drivers
2010-04-29 17:58:28 ----D---- C:\WINDOWS\Temp
2010-04-29 17:12:45 ----D---- C:\WINDOWS\system32
2010-04-29 16:59:23 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-04-28 19:07:44 ----D---- C:\WINDOWS\system32\config
2010-04-28 17:56:58 ----D---- C:\WINDOWS\Help
2010-04-28 15:39:52 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-28 15:38:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-28 15:34:46 ----D---- C:\WINDOWS
2010-04-28 12:17:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-28 12:13:10 ----SHD---- C:\WINDOWS\Installer
2010-04-28 12:13:08 ----D---- C:\WINDOWS\WinSxS
2010-04-28 12:13:05 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-04-28 12:12:19 ----D---- C:\Program Files\Alwil Software
2010-04-28 12:10:17 ----D---- C:\Documents and Settings\jaa\Data aplikací\vlc
2010-04-28 10:46:25 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-04-14 09:34:40 ----D---- C:\Documents and Settings\jaa\Data aplikací\Facebook
2010-04-14 05:11:47 ----D---- C:\UK Bass Radio - 128k
2010-04-13 02:54:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-04-14 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-04-14 162768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-04-14 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-01-31 90416]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-04-14 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-04-14 100432]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-23 113504]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-23 78752]
R3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-04-23 33335]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-01-10 98912]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2002-12-12 99577]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-04-14 23376]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-04-23 90907]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-01-28 541376]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2009-07-28 9856]
S3 wlluc48;Wireless LAN PC Card Driver; C:\WINDOWS\system32\DRIVERS\wlluc48.sys [2004-08-04 154624]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-03-13 49152]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-22 152984]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
Hledal jsem co s tim ostatni a nemel jsem zaden antivir, jen cistim ccleanerem a davam si pozor. Pak jsem nainstaloval Avast ( zrejme blbost ) a neco malo tam poresil (myslim ze presun nebo del. cdrom.sys), proces jsem zrusil i odstranil z registru hledanim ave.exe, ALE:
1. nevim ale zdali jsem v nejakem pripade nesmazal cely radek, jen misto smazani cesty k haveti, projizdim to ted malwarebytes a neco jsem opravil.
(edit: tady me napada, ze jsem daval i import ze zalohy registru a mazal jsem to v registru znova, tak snad jsem to timto nasel a tak tam neni prazdny radek, ale kdovi)
2. nevim zdali se nenakazil i avast, jednou delal i test po restartu, neco nasel a winy mi nastesti nabehly, chci to odinstalovat...a otestovat necim poradnym...
3. Nez se do toho vrhnu, chtel bych udelat maximum pro to, abych neriskoval, ze se mi system nerozjede, nebo prehazi mbr tabulku apod., jak jsem take v souvislosti s ave cetl a setkal jsem se s tim pri posledni infekci pred rokem
Takze prosim o radu, ci pomoc, zatim se zda ze nejedou nektere prohlizece, ale to bude asi tim ze par svchostu padlo...
mbam po me zada restart take, ale predtim potrebuji udelat misto a pro jistotu zalohovat spoustu dat, hlavne vypalit fotky, ze...snad nekde nechybi to cdrom.sys, nebo jak to bylo O:l
Peace
edit: ccleaner ted hlasi ze neni program regedit.exe v system32, ale to byl ten spatny, ktary jsem presunul, nebo tam patri nejaky?
take se mi opet zmenilo v prog. po spusteni spustit regedit32, tak jsem dal zas NE, muzu to smazat?je tam toho vic a zakazoval jsem ty spatne, ted maj ano zrejme jen ty co maj...
chtel bych take odstranit soubory softwaru, neco je v tom ad. system32, neco jako security myslim apod., ale nevim presne a nechci aby pak neco chybelo...diky
Logfile of random's system information tool 1.06 (written by random/random)
Run by jaa at 2010-04-29 18:24:33
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 358 MB (7%) free of 5 GB
Total RAM: 1007 MB (40% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:55, on 29.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
F:\f\opera964int\opera964int\op.com
C:\DOCUME~1\jaa\LOCALS~1\Temp\opera\opcache4\temporary_download\RSIT.exe
C:\Program Files\trend micro\jaa.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.play.cz/listen/listen.php?sh ... &stype=MP3
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{137156CD-7D39-464F-9647-67F9F9AA6D48}: NameServer = 195.146.100.100,195.146.100.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{137156CD-7D39-464F-9647-67F9F9AA6D48}: NameServer = 195.146.100.100,195.146.100.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{137156CD-7D39-464F-9647-67F9F9AA6D48}: NameServer = 195.146.100.100,195.146.100.5
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 4235 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-22 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-22 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-04-06 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-04-06 114688]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-04-14 2790472]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-30 437584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2002-12-25 159744]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iasmapDraw]
C:\Documents and Settings\jaa\Local Settings\Data aplikací\iasmapDraw\iasmapDraw.dll, DllInit []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PmProxy]
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe [2003-02-28 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-22 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xmlie64]
C:\Documents and Settings\jaa\Local Settings\Data aplikací\xmlie64\xmlie64.dll [2010-04-28 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^RAMASST.lnk]
C:\WINDOWS\system32\RAMASST.exe [2003-03-14 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jaa^Nabídka Start^Programy^Po spuštění^srvaju32.exe]
C:\Documents and Settings\jaa\Nabídka Start\Programy\Po spuštění\srvaju32.exe []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-06 315392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE"="C:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE:*:Enabled:Microsoft® Motocross Madness 2"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"F:\blobby\volley.exe"="F:\blobby\volley.exe:*:Enabled:volley"
"C:\QIP Infium JadrisPack\infium.exe"="C:\QIP Infium JadrisPack\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-04-29 18:24:34 ----D---- C:\Program Files\trend micro
2010-04-29 18:24:33 ----D---- C:\rsit
2010-04-28 20:02:31 ----D---- C:\Documents and Settings\jaa\Data aplikací\Malwarebytes
2010-04-28 20:02:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-04-28 20:02:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-28 13:45:21 ----D---- C:\WINDOWS\pss
2010-04-28 12:12:47 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-04-28 12:12:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-04-28 10:46:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\avG
======List of files/folders modified in the last 1 months======
2010-04-29 18:24:34 ----RD---- C:\Program Files
2010-04-29 18:24:16 ----D---- C:\WINDOWS\Prefetch
2010-04-29 18:14:00 ----D---- C:\WINDOWS\system32\drivers
2010-04-29 17:58:28 ----D---- C:\WINDOWS\Temp
2010-04-29 17:12:45 ----D---- C:\WINDOWS\system32
2010-04-29 16:59:23 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-04-28 19:07:44 ----D---- C:\WINDOWS\system32\config
2010-04-28 17:56:58 ----D---- C:\WINDOWS\Help
2010-04-28 15:39:52 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-28 15:38:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-28 15:34:46 ----D---- C:\WINDOWS
2010-04-28 12:17:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-28 12:13:10 ----SHD---- C:\WINDOWS\Installer
2010-04-28 12:13:08 ----D---- C:\WINDOWS\WinSxS
2010-04-28 12:13:05 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-04-28 12:12:19 ----D---- C:\Program Files\Alwil Software
2010-04-28 12:10:17 ----D---- C:\Documents and Settings\jaa\Data aplikací\vlc
2010-04-28 10:46:25 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-04-14 09:34:40 ----D---- C:\Documents and Settings\jaa\Data aplikací\Facebook
2010-04-14 05:11:47 ----D---- C:\UK Bass Radio - 128k
2010-04-13 02:54:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-04-14 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-04-14 162768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-04-14 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-01-31 90416]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-04-14 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-04-14 100432]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-23 113504]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-23 78752]
R3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-04-23 33335]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-01-10 98912]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2002-12-12 99577]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-04-14 23376]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-04-23 90907]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-01-28 541376]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2009-07-28 9856]
S3 wlluc48;Wireless LAN PC Card Driver; C:\WINDOWS\system32\DRIVERS\wlluc48.sys [2004-08-04 154624]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-03-13 49152]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-22 152984]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
Mohl bych vidět log z MBAM (smazané položky) 
Příště nedoporučuji mazat v MBAM bez předchozí kontroly logu.