Win32/Bubnix.AU

[gengar]

Dobrý den
Mohli by jste mi poradit? Eset mi pořád vyhazuje infiltraci Win32/Bubnix.AU a nakažené soubory a já nevím jak se této havěti zbavit. Mohli by jste mi poradit. Děkuji za případnou pomoc. Zde je vypis z Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:18, on 31.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\wuaucldt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\pc\Plocha\hijackthis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [wuaucldt] c:\windows\system32\config\systemprofile\wuaucldt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: sysrda32.exe
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3518186234
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10752BE1-2DC1-4FE4-A877-89AC2FDF4606}: NameServer = 10.254.232.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{10752BE1-2DC1-4FE4-A877-89AC2FDF4606}: NameServer = 10.254.232.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{10752BE1-2DC1-4FE4-A877-89AC2FDF4606}: NameServer = 10.254.232.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{10752BE1-2DC1-4FE4-A877-89AC2FDF4606}: NameServer = 10.254.232.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 11137 bytes

[stell]

zdravim
Stiahnite si prosím TDSSKiller a uložte ho na plochu.

2x-klik na TDSSKiller.exe- spustiť aplikáciu, potom na Spustiť kontrolu-klik- Start Scan.
Ak je infikovaný súbor detekovaný, bude predvolená akcia Cure, kliknite na tlačidlo Continue.
Ak podozrivý[suspicious] súbor je detekovaný, bude predvolená akcia Skip, kliknite na Continue.
Môže vás požiadať, aby ste reštartovali počítač na dokončenie procesu. Kliknite na Reboot Now.
Ak nevyžaduje reštart, kliknite na tlačidlo Report. Log súbor by sa mal objaviť. Prosím, skopírujte a vložte obsah súboru tu.
Ak je vyžadované reštartovanie počítača, správa je k dispozícii vo vašom koreňovom adresári (zvyčajne C:\ zložka) vo forme "TDSSKiller. _log.txt". Prosím, skopírujte a vložte obsah súboru tu.

[gengar]

2010/08/31 10:44:53.0718 TDSS rootkit removing tool 2.4.1.3 Aug 27 2010 08:53:42
2010/08/31 10:44:53.0718 ================================================================================
2010/08/31 10:44:53.0718 SystemInfo:
2010/08/31 10:44:53.0718
2010/08/31 10:44:53.0718 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/31 10:44:53.0718 Product type: Workstation
2010/08/31 10:44:53.0718 ComputerName: SUCHY
2010/08/31 10:44:53.0718 UserName: pc
2010/08/31 10:44:53.0718 Windows directory: C:\WINDOWS
2010/08/31 10:44:53.0718 System windows directory: C:\WINDOWS
2010/08/31 10:44:53.0718 Processor architecture: Intel x86
2010/08/31 10:44:53.0718 Number of processors: 2
2010/08/31 10:44:53.0718 Page size: 0x1000
2010/08/31 10:44:53.0718 Boot type: Normal boot
2010/08/31 10:44:53.0718 ================================================================================
2010/08/31 10:44:54.0671 Initialize success
2010/08/31 10:44:56.0328 ================================================================================
2010/08/31 10:44:56.0328 Scan started
2010/08/31 10:44:56.0328 Mode: Manual;
2010/08/31 10:44:56.0328 ================================================================================
2010/08/31 10:44:58.0015 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/31 10:44:58.0062 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/31 10:44:58.0125 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/31 10:44:58.0171 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/31 10:44:58.0312 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/31 10:44:58.0421 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/31 10:44:58.0500 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/31 10:44:58.0593 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/31 10:44:58.0640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/31 10:44:58.0687 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/31 10:44:58.0765 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/31 10:44:58.0906 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/31 10:44:59.0203 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/31 10:44:59.0343 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/31 10:44:59.0390 Changer (2a5815ca6fff24b688c01f828b96819c) C:\WINDOWS\system32\drivers\Changer.sys
2010/08/31 10:44:59.0890 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/31 10:44:59.0968 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/31 10:45:00.0015 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/31 10:45:00.0078 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/31 10:45:00.0171 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/31 10:45:00.0375 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/31 10:45:00.0421 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
2010/08/31 10:45:00.0421 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12aca694b50ea53563c1e7c99e7bb27d
2010/08/31 10:45:00.0421 dtscsi - detected Locked file (1)
2010/08/31 10:45:00.0484 eamon (e31464ce787e3a0ffea55baa591897f0) C:\WINDOWS\system32\DRIVERS\eamon.sys
2010/08/31 10:45:00.0531 ehdrv (2c95a7a87e4272c1fff9baf579677db3) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2010/08/31 10:45:00.0718 epfwtdir (4699a50183b792d994be657c68f18e9e) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2010/08/31 10:45:00.0843 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/31 10:45:00.0890 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/31 10:45:00.0921 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/31 10:45:01.0000 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/31 10:45:01.0046 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/31 10:45:01.0109 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2010/08/31 10:45:01.0203 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/31 10:45:01.0218 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/31 10:45:01.0265 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/31 10:45:01.0312 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/08/31 10:45:01.0359 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/31 10:45:01.0421 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/31 10:45:01.0500 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/31 10:45:01.0578 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/08/31 10:45:01.0734 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/31 10:45:01.0921 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/08/31 10:45:02.0125 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/31 10:45:02.0281 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/08/31 10:45:02.0453 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/31 10:45:02.0500 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/31 10:45:02.0531 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/31 10:45:02.0578 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/31 10:45:02.0625 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/31 10:45:02.0656 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/31 10:45:02.0703 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/31 10:45:02.0765 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/31 10:45:02.0859 ISODrive (0ae61463adda697a6291155ce6b08aaf) C:\Program Files\UltraISO\drivers\ISODrive.sys
2010/08/31 10:45:02.0890 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/31 10:45:02.0921 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/31 10:45:02.0984 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/31 10:45:03.0000 Suspicious service (NoAccess): labisvb
2010/08/31 10:45:03.0078 labisvb (f2b181bf41eef219c075c65c81cb432e) C:\WINDOWS\system32\drivers\labisvb.sys
2010/08/31 10:45:03.0093 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\labisvb.sys. md5: f2b181bf41eef219c075c65c81cb432e
2010/08/31 10:45:03.0093 labisvb - detected Locked service (1)
2010/08/31 10:45:03.0125 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys
2010/08/31 10:45:03.0265 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/31 10:45:03.0328 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/31 10:45:03.0421 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/31 10:45:03.0500 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/31 10:45:03.0531 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/31 10:45:03.0640 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/31 10:45:03.0703 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/31 10:45:03.0796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/31 10:45:03.0843 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/31 10:45:03.0906 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/31 10:45:03.0953 MSPQM (f6a726b8832db1f88326b8be98b11981) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/31 10:45:04.0015 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/31 10:45:04.0062 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2010/08/31 10:45:04.0093 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/31 10:45:04.0156 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/31 10:45:04.0187 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/31 10:45:04.0203 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/31 10:45:04.0218 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/31 10:45:04.0234 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/31 10:45:04.0265 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/31 10:45:04.0281 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/31 10:45:04.0328 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/31 10:45:04.0359 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/31 10:45:04.0390 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/31 10:45:04.0468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/31 10:45:04.0718 nv (bf506d232c5e6f2dae80f5c11b45c60e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/31 10:45:05.0015 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/31 10:45:05.0093 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/31 10:45:05.0187 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/31 10:45:05.0234 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/31 10:45:05.0265 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/31 10:45:05.0312 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/31 10:45:05.0390 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/08/31 10:45:05.0453 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/31 10:45:05.0578 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/31 10:45:05.0625 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/31 10:45:05.0984 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/31 10:45:06.0015 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/31 10:45:06.0046 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/31 10:45:06.0312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/31 10:45:06.0375 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/31 10:45:06.0406 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/31 10:45:06.0437 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/31 10:45:06.0484 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/31 10:45:06.0515 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/31 10:45:06.0593 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/31 10:45:06.0625 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/31 10:45:06.0734 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/31 10:45:06.0796 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/31 10:45:06.0828 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/31 10:45:06.0937 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/31 10:45:07.0109 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/31 10:45:07.0187 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2010/08/31 10:45:07.0187 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/08/31 10:45:07.0203 sptd - detected Locked file (1)
2010/08/31 10:45:07.0218 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/31 10:45:07.0312 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/31 10:45:07.0375 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
2010/08/31 10:45:07.0390 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
2010/08/31 10:45:07.0406 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
2010/08/31 10:45:07.0468 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/31 10:45:07.0484 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/31 10:45:07.0625 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/31 10:45:07.0687 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/31 10:45:07.0734 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/31 10:45:07.0765 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/31 10:45:07.0812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/31 10:45:07.0875 thdudf (9d4bbd6e27b5562aea8295de7134e386) C:\WINDOWS\system32\DRIVERS\thdudf.sys
2010/08/31 10:45:07.0953 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/31 10:45:08.0031 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/31 10:45:08.0062 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/31 10:45:08.0078 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/31 10:45:08.0140 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/31 10:45:08.0187 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/31 10:45:08.0234 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/31 10:45:08.0312 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/31 10:45:08.0375 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/31 10:45:08.0437 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/31 10:45:08.0562 yukonwxp (05d48e56ea2612d39a4e7f0ecc17b917) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2010/08/31 10:45:08.0625 ================================================================================
2010/08/31 10:45:08.0625 Scan finished
2010/08/31 10:45:08.0625 ================================================================================
2010/08/31 10:45:08.0640 Detected object count: 3
2010/08/31 10:45:37.0765 Locked file(dtscsi) - User select action: Skip
2010/08/31 10:45:37.0765 Locked service(labisvb) - User select action: Skip
2010/08/31 10:45:37.0765 Locked file(sptd) - User select action: Skip

[stell]

http://download.bleepingcomputer.com/grinler/rkill.scr
stiahnut spustit,
Stiahnes>>Malwarebytes' Anti-Malware stiahnut-nainstalovat -aktualizovat-
sprav RYCHLY skan,co najde ZMAZAT,log vloz sem,
¨vypnut,system volume information/restore (Obnova systému):po restarte ,zapnut.
http://www.viry.cz/forum/viewtopic.php?f=11&t=47040
Stiahnes na plochu TFC
zatvor vsetko co mas otvorene a spust-po skane restart.
PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

[gengar]

Raději se vás zeptám, mám vypnout system volume information / restore -> restartovat počítač -> zapnout system volume information / restore a nasledně přejít ke kroku čtyři
nebo vypnout system volume information / restore -> krok čtyři -> restart -> zapnout system volume information / restore

Zde je log z Malware

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4513

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31.8.2010 11:09:26
mbam-log-2010-08-31 (11-09-26).txt

Typ skenu: Rychlý sken
Skenované objekty: 131479
Uplynulý čas: 7 minuta(y), 30 sekunda(y)

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 3
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 5

Infikované procesy v paměti:
c:\WINDOWS\system32\wuaucldt.exe (Trojan.Agent.Gen) -> Unloaded process successfully.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wuaucldt (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\WINDOWS\system32\config\systemprofile\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Data aplikací\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Nabídka Start\Programy\Po spuštění\sysrda32.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

[stell]

vypnout system volume information / restore -> restartovat počítač -> zapnout system volume information / restore a nasledně přejít ke kroku čtyř

[gengar]

ComboFix 10-08-30.02 - pc 31.08.2010 11:43:41.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.588 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\pc\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-28 do 2010-08-31 )))))))))))))))))))))))))))))))
.

2010-08-31 08:58:19 . 2010-04-29 13:39:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-31 08:58:17 . 2010-08-31 08:58:22 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-31 08:58:17 . 2010-04-29 13:39:26 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-30 09:48:31 . 2010-08-31 09:47:53 758272 ----a-w- C:\WINDOWS\system32\drivers\labisvb.sys
2010-08-30 09:48:25 . 2008-04-13 18:40:26 34688 -c--a-w- C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2010-08-30 09:48:25 . 2008-04-13 18:40:26 34688 ----a-w- C:\WINDOWS\system32\drivers\lbrtfdc.sys
2010-08-30 09:48:17 . 2008-04-13 18:41:22 8576 -c--a-w- C:\WINDOWS\system32\dllcache\i2omgmt.sys
2010-08-30 09:48:17 . 2008-04-13 18:41:22 8576 ----a-w- C:\WINDOWS\system32\drivers\i2omgmt.sys
2010-08-30 09:48:12 . 2008-04-13 18:40:58 8192 -c--a-w- C:\WINDOWS\system32\dllcache\changer.sys
2010-08-30 09:48:12 . 2008-04-13 18:40:58 8192 ----a-w- C:\WINDOWS\system32\drivers\Changer.sys
2010-08-30 08:58:46 . 2010-08-30 08:58:47 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2010-08-26 07:08:56 . 2010-08-26 07:47:50 -------- d-----w- C:\Program Files\Empire Total War
2010-08-23 07:23:52 . 1998-09-02 08:28:18 38160 ----a-w- C:\WINDOWS\system32\LMRTREND.dll
2010-08-23 07:23:50 . 1998-08-27 04:51:44 182032 ----a-w- C:\WINDOWS\system32\dxtmsft3.dll
2010-08-23 07:23:45 . 1998-09-02 08:28:48 63488 ----a-w- C:\WINDOWS\system32\unam4ie.exe
2010-08-23 07:23:41 . 1998-09-02 08:02:02 194320 ----a-w- C:\WINDOWS\system32\qcut.dll
2010-08-23 07:23:41 . 1998-08-17 09:21:56 10240 ----a-w- C:\WINDOWS\system32\vidx16.dll
2010-08-23 07:23:41 . 1998-08-17 09:21:54 11776 ----a-w- C:\WINDOWS\system32\mciqtz.drv
2010-08-23 07:23:38 . 2010-08-23 07:23:37 4608 ----a-w- C:\WINDOWS\system32\w95inf32.dll
2010-08-23 07:23:38 . 2010-08-23 07:23:37 2272 ----a-w- C:\WINDOWS\system32\w95inf16.dll
2010-08-23 07:18:37 . 2010-08-23 07:18:37 -------- d-----w- C:\Program Files\Eidos Interactive
2010-08-23 07:18:25 . 1996-01-09 08:38:54 283648 ----a-w- C:\WINDOWS\uninst.exe
2010-08-16 10:50:23 . 1999-04-02 14:37:00 33792 ----a-r- C:\WINDOWS\NPSExec.exe
2010-08-16 10:50:22 . 2010-08-16 10:50:22 -------- d-----w- C:\Program Files\Electronic Arts
2010-08-16 10:48:26 . 2010-08-16 10:48:26 -------- d-----w- C:\Program Files\Maxis
2010-08-16 10:47:21 . 2010-08-16 10:47:21 -------- d-----w- C:\Documents and Settings\pc\WINDOWS
2010-08-13 10:27:53 . 2010-08-13 10:27:53 -------- d-----w- C:\Program Files\uTorrent
2010-08-04 12:16:19 . 2010-08-04 12:17:44 -------- d-----w- C:\Program Files\PokerStove

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 10:22:33 . 2009-09-21 06:30:58 -------- d-----w- C:\Program Files\ESET
2010-08-28 20:56:28 . 2010-06-27 09:13:00 -------- d-----w- C:\Program Files\ICQ7.2
2010-08-28 18:14:39 . 2009-10-11 16:26:07 -------- d-----w- C:\Program Files\Full Tilt Poker
2010-08-21 15:18:22 . 2010-03-20 16:21:29 959 ----a-w- C:\WINDOWS\eReg.dat
2010-08-21 15:18:22 . 2010-03-15 14:24:52 -------- d-----w- C:\Program Files\EA Sports
2010-08-10 10:32:54 . 2009-10-23 18:52:36 -------- d-----w- C:\Program Files\The KMPlayer
2010-07-29 18:49:00 . 2010-07-29 18:48:37 -------- d-----w- C:\Program Files\Governor of Poker 2 Premium Edition
2010-07-20 17:26:59 . 2004-08-18 12:00:00 87956 ----a-w- C:\WINDOWS\system32\perfc005.dat
2010-07-20 17:26:59 . 2004-08-18 12:00:00 450826 ----a-w- C:\WINDOWS\system32\perfh005.dat
2010-07-20 02:44:32 . 2010-07-20 02:44:32 -------- d-----w- C:\Program Files\Common Files\Skype
2010-07-10 14:55:29 . 2009-09-21 07:24:34 -------- d-----w- C:\Program Files\Microsoft.NET
2010-07-05 14:55:48 . 2009-09-22 09:54:16 -------- d-----w- C:\Program Files\Opera
2010-07-02 12:41:03 . 2009-10-21 11:50:07 -------- d-----w- C:\Program Files\QuickMediaConverter
2010-06-30 12:33:04 . 2004-08-18 12:00:00 149504 ----a-w- C:\WINDOWS\system32\schannel.dll
2010-06-24 12:27:28 . 2004-08-18 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-06-24 09:02:48 . 2004-08-18 12:00:00 1851904 ----a-w- C:\WINDOWS\system32\win32k.sys
2010-06-21 15:27:11 . 2004-08-18 12:00:00 354304 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2010-06-17 14:03:52 . 2004-08-18 12:00:00 80384 ----a-w- C:\WINDOWS\system32\iccvid.dll
2010-06-14 14:31:20 . 2009-09-21 06:23:58 744448 ----a-w- C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43:17 . 2004-08-18 12:00:00 1172480 ----a-w- C:\WINDOWS\system32\msxml3.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2010-05-26 13:23:06 1385864]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "C:\Program Files\BS_Player\tbBS_0.dll" [2010-08-19 18:14:26 2734688]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23:06 1385864 ----a-w- C:\Program Files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-08-19 18:14:26 2734688 ----a-w- C:\Program Files\BS_Player\tbBS_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "C:\Program Files\BS_Player\tbBS_0.dll" [2010-08-19 18:14:26 2734688]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2010-05-26 13:23:06 1385864]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "C:\Program Files\BS_Player\tbBS_0.dll" [2010-08-19 18:14:26 2734688]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2010-05-26 13:23:06 1385864]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\\Phone\Skype.exe" [2010-05-13 15:57:20 26192168]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-14 17:31:50 39408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 17:10:56 1688872]
"Advanced SystemCare 3"="C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-20 12:51:34 2335880]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 11:57:08 369200]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 17:05:22 102400]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 09:42:00 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 13:47:08 2029640]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16:54:36 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 16:04:26 2879488]
"nwiz"="nwiz.exe" [2009-06-10 06:29:34 1657376]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2009-06-10 06:28:50 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-06-10 06:28:50 13758464]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 20:16:00 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-10-22 15:03:18 149280]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 12:57:24 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 12:21:24 2213160]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 14:57:19 133016]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-20 05:57:36 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-20 05:57:20 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-20 05:57:30 138008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:22:17 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"C:\\Program Files\\Counter-Strike 1.6 Patch Version 26\\hltv.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"C:\\Program Files\\ICQ7.2\\ICQ.exe"=
"C:\\Program Files\\ICQ7.2\\aolload.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Valve\\Condition Zero\\czero.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\All Users\\Dokumenty\\RS66\\utorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [14.5.2009 15:47:14 107256]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [14.5.2009 15:49:32 94360]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47:54 731840]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [15.1.2010 17:00:14 233472]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [22.9.2009 13:34:12 246520]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;C:\WINDOWS\system32\drivers\thdudf.sys [5.3.2010 16:21:30 66944]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [15.1.2010 17:00:14 36608]
S0 wryeatwa;wryeatwa;C:\WINDOWS\system32\drivers\ivvwmc.sys --> C:\WINDOWS\system32\drivers\ivvwmc.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16:28 130384]
S2 gupdate;Služba Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [11.2.2010 16:37:56 135664]
S3 cpuz130;cpuz130;\??\C:\DOCUME~1\pc\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> C:\DOCUME~1\pc\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [15.1.2010 17:00:34 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [15.1.2010 17:00:34 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [15.1.2010 17:00:34 121856]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16:28 753504]
S4 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [29.9.2009 18:40:42 691696]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - FSUSBEXDISK
*Deregistered* - labisvb
.
Obsah adresáře 'Naplánované úlohy'

2010-08-31 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-11 14:37:56 . 2010-02-11 14:37:54]

2010-08-31 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-11 14:37:56 . 2010-02-11 14:37:54]

2010-08-31 C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
- C:\Program Files\Ask.com\UpdateTask.exe [2010-05-26 13:23:08 . 2010-05-26 13:23:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {10752BE1-2DC1-4FE4-A877-89AC2FDF4606} = 10.254.232.1
FF - ProfilePath - C:\Documents and Settings\pc\Data aplikací\Mozilla\Firefox\Profiles\t58mi5br.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&apn_uid=9F8772A0-5511-480C-BF3F-59AC2A1BF093&apn_ptnrs=RY&apn_sauid=D716DF15-1FE2-4E11-86DE-06E042B397BE&apn_dtid=&q=
FF - component: C:\Documents and Settings\pc\Data aplikací\Mozilla\Firefox\Profiles\t58mi5br.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
FF - component: C:\Documents and Settings\pc\Data aplikací\Mozilla\Firefox\Profiles\t58mi5br.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll
FF - component: C:\Documents and Settings\pc\Data aplikací\Mozilla\Firefox\Profiles\t58mi5br.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\RadioWMPCore.dll
FF - component: C:\Documents and Settings\pc\Data aplikací\Mozilla\Firefox\Profiles\t58mi5br.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
BHO-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
AddRemove-ComandoMPDDeinstKey - C:\Program Files\Eidos Interactive\Pyro\Commandos
AddRemove-free-downloads.net Toolbar - C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE
AddRemove-Mafia II_is1 - C:\Program Files\2K Games\Mafia II\unins000.exe
AddRemove-Magic ISO Maker v5.5 (build 0281) - C:\PROGRA~1\MagicISO\UNWISE.EXE
AddRemove-Medieval Total War (Demo Version) - C:\Program Files\Total War\Medieval - Total War (Demo Version)\Uninst.isu

[stell]

odinstaluj C:\Program Files\IObit\Advanced SystemCare 3=smejd
otestuj na www.virustotal.com
C:\WINDOWS\system32\drivers\labisvb.sys
C:\WINDOWS\system32\drivers\ivvwmc.sys
vysledok vloz sem

[gengar]

soubor C:\WINDOWS\system32\drivers\labisvb.sys nejde odeslat na uvedenou adresu, piše to : Bad Request
Your browser sent a request that this server could not understand.

soubor C:\WINDOWS\system32\drivers\ivvwmc.sys nemůžu najít (ani jako skrytý)

[stell]

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
Collect::
C:\WINDOWS\system32\drivers\labisvb.sys
C:\WINDOWS\system32\drivers\ivvwmc.sys
Driver::
labisvb
wryeatwa
File::
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder::
C:\Program Files\Ask.com
FireFox::
FF - ProfilePath - C:\Documents and Settings\pc\Data aplikací\Mozilla\Firefox\Profiles\t58mi5br.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... n_dtid=&q=

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

[gengar]

provedl jsem, ale Combofix mi nevytvořil žádný log a ani žádný log nemohu najít. Navíc v C:/Combofix má ikonu jako Tento počítač a stejně se i chová (po 2x poklikání mi otevře Tento počítač)

[stell]

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir.
Stáhni, nainstaluj program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- PravyKlik na kos-spustit ccleaner ->>>Cakas>>na cistenie,,
PravyKlik na kos-otvorit ccleaner-záložka Windows a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na záložku Aplikace a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na Registry, stiskni Hledej problémy, po dokončení skenování klikni na Opravit vybrané problémy,
-zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Opravit všechny problémy,
PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

[gengar]

ComboFix 10-08-30.02 - pc 31.08.2010 13:45:49.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.509 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\pc\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-28 do 2010-08-31 )))))))))))))))))))))))))))))))
.

2010-08-31 10:50:40 . 2010-08-31 10:50:42 -------- d-----w- C:\Program Files\CCleaner
2010-08-31 08:58:19 . 2010-04-29 13:39:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-31 08:58:17 . 2010-08-31 08:58:22 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-31 08:58:17 . 2010-04-29 13:39:26 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-30 09:48:31 . 2010-08-31 11:51:22 758272 ----a-w- C:\WINDOWS\system32\drivers\labisvb.sys
2010-08-30 09:48:25 . 2008-04-13 18:40:26 34688 -c--a-w- C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2010-08-30 09:48:25 . 2008-04-13 18:40:26 34688 ----a-w- C:\WINDOWS\system32\drivers\lbrtfdc.sys
2010-08-30 09:48:17 . 2008-04-13 18:41:22 8576 -c--a-w- C:\WINDOWS\system32\dllcache\i2omgmt.sys
2010-08-30 09:48:17 . 2008-04-13 18:41:22 8576 ----a-w- C:\WINDOWS\system32\drivers\i2omgmt.sys
2010-08-30 09:48:12 . 2008-04-13 18:40:58 8192 -c--a-w- C:\WINDOWS\system32\dllcache\changer.sys
2010-08-30 09:48:12 . 2008-04-13 18:40:58 8192 ----a-w- C:\WINDOWS\system32\drivers\Changer.sys
2010-08-30 08:58:46 . 2010-08-30 08:58:47 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2010-08-26 07:08:56 . 2010-08-26 07:47:50 -------- d-----w- C:\Program Files\Empire Total War
2010-08-23 07:23:52 . 1998-09-02 08:28:18 38160 ----a-w- C:\WINDOWS\system32\LMRTREND.dll
2010-08-23 07:23:50 . 1998-08-27 04:51:44 182032 ----a-w- C:\WINDOWS\system32\dxtmsft3.dll
2010-08-23 07:23:45 . 1998-09-02 08:28:48 63488 ----a-w- C:\WINDOWS\system32\unam4ie.exe
2010-08-23 07:23:41 . 1998-09-02 08:02:02 194320 ----a-w- C:\WINDOWS\system32\qcut.dll
2010-08-23 07:23:41 . 1998-08-17 09:21:56 10240 ----a-w- C:\WINDOWS\system32\vidx16.dll
2010-08-23 07:23:41 . 1998-08-17 09:21:54 11776 ----a-w- C:\WINDOWS\system32\mciqtz.drv
2010-08-23 07:23:38 . 2010-08-23 07:23:37 4608 ----a-w- C:\WINDOWS\system32\w95inf32.dll
2010-08-23 07:23:38 . 2010-08-23 07:23:37 2272 ----a-w- C:\WINDOWS\system32\w95inf16.dll
2010-08-23 07:18:37 . 2010-08-23 07:18:37 -------- d-----w- C:\Program Files\Eidos Interactive
2010-08-23 07:18:25 . 1996-01-09 08:38:54 283648 ----a-w- C:\WINDOWS\uninst.exe
2010-08-16 10:50:23 . 1999-04-02 14:37:00 33792 ----a-r- C:\WINDOWS\NPSExec.exe
2010-08-16 10:50:22 . 2010-08-16 10:50:22 -------- d-----w- C:\Program Files\Electronic Arts
2010-08-16 10:48:26 . 2010-08-16 10:48:26 -------- d-----w- C:\Program Files\Maxis
2010-08-16 10:47:21 . 2010-08-16 10:47:21 -------- d-----w- C:\Documents and Settings\pc\WINDOWS
2010-08-13 10:27:53 . 2010-08-13 10:27:53 -------- d-----w- C:\Program Files\uTorrent
2010-08-04 12:16:19 . 2010-08-04 12:17:44 -------- d-----w- C:\Program Files\PokerStove

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 10:22:33 . 2009-09-21 06:30:58 -------- d-----w- C:\Program Files\ESET
2010-08-28 20:56:28 . 2010-06-27 09:13:00 -------- d-----w- C:\Program Files\ICQ7.2
2010-08-28 18:14:39 . 2009-10-11 16:26:07 -------- d-----w- C:\Program Files\Full Tilt Poker
2010-08-21 15:18:22 . 2010-03-20 16:21:29 959 ----a-w- C:\WINDOWS\eReg.dat
2010-08-21 15:18:22 . 2010-03-15 14:24:52 -------- d-----w- C:\Program Files\EA Sports
2010-08-10 10:32:54 . 2009-10-23 18:52:36 -------- d-----w- C:\Program Files\The KMPlayer
2010-07-29 18:49:00 . 2010-07-29 18:48:37 -------- d-----w- C:\Program Files\Governor of Poker 2 Premium Edition
2010-07-20 17:26:59 . 2004-08-18 12:00:00 87956 ----a-w- C:\WINDOWS\system32\perfc005.dat
2010-07-20 17:26:59 . 2004-08-18 12:00:00 450826 ----a-w- C:\WINDOWS\system32\perfh005.dat
2010-07-20 02:44:32 . 2010-07-20 02:44:32 -------- d-----w- C:\Program Files\Common Files\Skype
2010-07-10 14:55:29 . 2009-09-21 07:24:34 -------- d-----w- C:\Program Files\Microsoft.NET
2010-07-05 14:55:48 . 2009-09-22 09:54:16 -------- d-----w- C:\Program Files\Opera
2010-07-02 12:41:03 . 2009-10-21 11:50:07 -------- d-----w- C:\Program Files\QuickMediaConverter
2010-06-30 12:33:04 . 2004-08-18 12:00:00 149504 ----a-w- C:\WINDOWS\system32\schannel.dll
2010-06-24 12:27:28 . 2004-08-18 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-06-24 09:02:48 . 2004-08-18 12:00:00 1851904 ----a-w- C:\WINDOWS\system32\win32k.sys
2010-06-21 15:27:11 . 2004-08-18 12:00:00 354304 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2010-06-17 14:03:52 . 2004-08-18 12:00:00 80384 ----a-w- C:\WINDOWS\system32\iccvid.dll
2010-06-14 14:31:20 . 2009-09-21 06:23:58 744448 ----a-w- C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43:17 . 2004-08-18 12:00:00 1172480 ----a-w- C:\WINDOWS\system32\msxml3.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2010-05-26 13:23:06 1385864]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "C:\Program Files\BS_Player\tbBS_0.dll" [2010-08-19 18:14:26 2734688]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23:06 1385864 ----a-w- C:\Program Files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-08-19 18:14:26 2734688 ----a-w- C:\Program Files\BS_Player\tbBS_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "C:\Program Files\BS_Player\tbBS_0.dll" [2010-08-19 18:14:26 2734688]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2010-05-26 13:23:06 1385864]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "C:\Program Files\BS_Player\tbBS_0.dll" [2010-08-19 18:14:26 2734688]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2010-05-26 13:23:06 1385864]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\\Phone\Skype.exe" [2010-05-13 15:57:20 26192168]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-14 17:31:50 39408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 17:10:56 1688872]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 11:57:08 369200]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 17:05:22 102400]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 09:42:00 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 13:47:08 2029640]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16:54:36 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 16:04:26 2879488]
"nwiz"="nwiz.exe" [2009-06-10 06:29:34 1657376]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2009-06-10 06:28:50 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2009-06-10 06:28:50 13758464]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 20:16:00 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-10-22 15:03:18 149280]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 12:57:24 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 12:21:24 2213160]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 14:57:19 133016]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-20 05:57:36 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-20 05:57:20 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-20 05:57:30 138008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:22:17 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"C:\\Program Files\\Counter-Strike 1.6 Patch Version 26\\hltv.exe"=
"C:\\Program Files\\Valve\\hlds.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"C:\\Program Files\\ICQ7.2\\ICQ.exe"=
"C:\\Program Files\\ICQ7.2\\aolload.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Valve\\Condition Zero\\czero.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\All Users\\Dokumenty\\RS66\\utorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [14.5.2009 15:47:14 107256]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [14.5.2009 15:49:32 94360]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47:54 731840]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [15.1.2010 17:00:14 233472]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [22.9.2009 13:34:12 246520]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;C:\WINDOWS\system32\drivers\thdudf.sys [5.3.2010 16:21:30 66944]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [15.1.2010 17:00:14 36608]
S0 wryeatwa;wryeatwa;C:\WINDOWS\system32\drivers\ivvwmc.sys --> C:\WINDOWS\system32\drivers\ivvwmc.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16:28 130384]
S2 gupdate;Služba Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [11.2.2010 16:37:56 135664]
S3 cpuz130;cpuz130;\??\C:\DOCUME~1\pc\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> C:\DOCUME~1\pc\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [15.1.2010 17:00:34 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [15.1.2010 17:00:34 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [15.1.2010 17:00:34 121856]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16:28 753504]
S4 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [29.9.2009 18:40:42 691696]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - FSUSBEXDISK
*Deregistered* - labisvb
.
Obsah adresáře 'Naplánované úlohy'

2010-08-31 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-11 14:37:56 . 2010-02-11 14:37:54]

2010-08-31 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-11 14:37:56 . 2010-02-11 14:37:54]

2010-08-31 C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
- C:\Program Files\Ask.com\UpdateTask.exe [2010-05-26 13:23:08 . 2010-05-26 13:23:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {10752BE1-2DC1-4FE4-A877-89AC2FDF4606} = 10.254.232.1
FF - ProfilePath - C:\Documents and Settings\pc\Data aplikací\Mozilla\Firefox\Profiles\t58mi5br.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&apn_uid=9F8772A0-5511-480C-BF3F-59AC2A1BF093&apn_ptnrs=RY&apn_sauid=D716DF15-1FE2-4E11-86DE-06E042B397BE&apn_dtid=&q=
FF - component: C:\Documents and Settings\pc\Data aplikací\Mozilla\Firefox\Profiles\t58mi5br.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
FF - component: C:\Documents and Settings\pc\Data aplikací\Mozilla\Firefox\Profiles\t58mi5br.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll
FF - component: C:\Documents and Settings\pc\Data aplikací\Mozilla\Firefox\Profiles\t58mi5br.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\RadioWMPCore.dll
FF - component: C:\Documents and Settings\pc\Data aplikací\Mozilla\Firefox\Profiles\t58mi5br.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
BHO-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
AddRemove-ComandoMPDDeinstKey - C:\Program Files\Eidos Interactive\Pyro\Commandos
AddRemove-Medieval Total War (Demo Version) - C:\Program Files\Total War\Medieval - Total War (Demo Version)\Uninst.isu

[stell]

Stiahnes>>AVANGER
podla navodu vloz zeleny text, log po restarte vloz sem

Kód: Vybrat vše

drivers to delete:
wryeatwa
labisvb

[gengar]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "wryeatwa" deleted successfully.
Driver "labisvb" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.