VIRY.CZ

Dobry den den takze situace je podle meho naprosto kriticka... Zaclo to zhruba pred tydnem kdy jsem do pocitace vlozil flashku ze skoly jak jinak dostala se mi tam vselijaka havet po tom co jsem zjistil ze mi nesly defakto vsechny stranky na internetu me bylo jasny ze je to conficker takze jsem stahnul zaplatu od windows-kb890830-v3.12 nasel mi 51 confickeru krasne cislo vsechno jsem smaznul apod.. chvilku slo vsechno v pohode jenze pak to prislo zase net nesel vubec jen icq a podobny sluzby.. jenze zaplata nenasla nic divny nechapal jsem to tak jsem to projel cely avastem naslo mi to opet hodne viru smaznul jsem to vsechno ale za par dni to tam bylo opet zpatky a takhle furt dokola tak mi kamarad poradil ze avast jde spustit jeste testne pred startem OS takze havet se nema jakym zpusobem spustit provedl jsem to hodne veci to smazalo hodne PUPu apod. hlavne to smazalo veci ktery me pri beznem provozu smazat nesly ,ale za par dni vsechna havet opet zpatky uz si nevim rady je to cim dal horsi nemuzu se toho zbavit... Format si nemuzu dovolit hrozne moc dulezitych dat... Navic kdyz jsem kouka pres avast na sitove spojeni tak tam mam naky podezrely soubory s ip adresama ktery neznam a prijmany a odesilany data takze tak se mi ta havet dostava do PC porad zpatky muj nazor... Navic bamital mi napadl winlogon.exe a explorer.exe a ten nesel smazat ani pred tim nastartovanim OS coz ani nejde pac je to systemovej soubor... Prosim vas o pomoc strasne moc jsem bezradny vyzkousel jsem vce co jsem znal mazal jsem i cookies ale nepomohlo zde davam log z RSIT:




Logfile of random's system information tool 1.08 (written by random/random)
Run by Zbyněk Juroš at 2010-11-14 16:25:40
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 509 MB (0%) free of 111 GB
Total RAM: 1279 MB (63% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQToolbar\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-11 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Documents and Settings\Zbyněk Juroš\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2010-03-03 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} -
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-05-29 790528]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2003-05-30 585728]
"IMONTRAY"=C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe [2003-01-10 32768]
"FastTVSync"=C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe [2003-06-04 241664]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"WinFoxV2"=C:\WINDOWS\system32\WF2K.EXE [2009-03-30 1490944]
"WinFast2KLoadDefault"=C:\WINDOWS\system32\wf2kcpl.dll [2009-03-30 668672]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"RivaTunerStartupDaemon"=C:\Program Files\RivaTuner v2.23\RivaTuner.exe [2009-02-15 2777088]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-10-28 96816]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"svchost"=C:\Documents and Settings\Zbyněk Juroš\Data aplikací\Microsoft\svchost.exe [2010-11-13 120320]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files\steam\steam.exe [2010-08-23 1242448]
"Registry Cleaner Scheduler"=C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe [2009-11-28 1401096]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"nvdisplay"=C:\Documents and Settings\Zbyněk Juroš\Data aplikací\csrss.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
InterVideo Scheduler server.lnk - C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
REALTEK RTL8187 Wireless LAN Utility.lnk - C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe

C:\Documents and Settings\Zbyněk Juroš\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27 2210608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispAppearancePage"=0
"NoColorChoice"=0
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0
"NoVisualStyleChoice"=0
"NoSizeChoice"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"LegalNoticeText"=
"LegalNoticeCaption"=
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSMBalloonTip"=1
"NoDriveTypeAutoRun"=149
"MemCheckBoxInRunDlg"=0
"NoClose"=0
"NoAutoTrayNotify"=0
"NoResolveTrack"=0
"NoResolveSearch"=1
"NoWelcomeScreen"=1
"NoRecentDocsNetHood"=1
"NoDesktopCleanupWizard"=1
"NoSharedDocuments"=1
"NoThemesTab"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoStrCmpLogical"=1
"NoClose"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Andrea\ud32.exe"="C:\Documents and Settings\Andrea\ud32.exeud32.exe:*:Enabled:BNDMSS"
"C:\Documents and Settings\Mamka\ud32.exe"="C:\Documents and Settings\Mamka\ud32.exeud32.exe:*:Enabled:BNDMSS"
"C:\Documents and Settings\Mamka\sedi32.exe"="C:\Documents and Settings\Mamka\sedi32.exesedi32.exe:*:Enabled:BNDMSS"
"C:\DOCUME~1\ZBYNKJ~1\LOCALS~1\Temp\866.exe"="C:\DOCUME~1\ZBYNKJ~1\LOCALS~1\Temp\866.exe:*:Enabled:BNDMSS"
"C:\DOCUME~1\ZBYNKJ~1\LOCALS~1\Temp\936.exe"="C:\DOCUME~1\ZBYNKJ~1\LOCALS~1\Temp\936.exe:*:Enabled:BNDMSS"
"C:\DOCUME~1\Andrea\LOCALS~1\Temp\986.exe"="C:\DOCUME~1\Andrea\LOCALS~1\Temp\986.exe:*:Enabled:BNDMSS"
"C:\DOCUME~1\ZBYNKJ~1\LOCALS~1\Temp\572.exe"="C:\DOCUME~1\ZBYNKJ~1\LOCALS~1\Temp\572.exe:*:Enabled:BNDMSS"
"C:\DOCUME~1\ZBYNKJ~1\LOCALS~1\Temp\639.exe"="C:\DOCUME~1\ZBYNKJ~1\LOCALS~1\Temp\639.exe:*:Enabled:BNDMSS"
"C:\DOCUME~1\ZBYNKJ~1\LOCALS~1\Temp\888.exe"="C:\DOCUME~1\ZBYNKJ~1\LOCALS~1\Temp\888.exe:*:Enabled:BNDMSS"
"C:\DOCUME~1\ZBYNKJ~1\LOCALS~1\Temp\714.exe"="C:\DOCUME~1\ZBYNKJ~1\LOCALS~1\Temp\714.exe:*:Enabled:BNDMSS"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe"="C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan"
"C:\Program Files\ALFA\AWUS036H Wireless LAN Utility\RtWLan.exe"="C:\Program Files\ALFA\AWUS036H Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan"
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe"="C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Zbyněk Juroš\Local Settings\Temp\900411.exe"="C:\Documents and Settings\Zbyněk Juroš\Local Settings\Temp\900411.exe:*:Enabled:Windows Messanger"
"C:\Documents and Settings\Zbyněk Juroš\Data aplikací\csrss.exe"="C:\Documents and Settings\Zbyněk Juroš\Data aplikací\csrss.exe:*:Enabled:Windows Messanger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Steam\steamapps\onndra\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\onndra\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2010-11-14 16:25:40 ----D---- C:\rsit
2010-11-14 16:25:40 ----D---- C:\Program Files\trend micro
2010-11-13 23:16:17 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-11-13 23:16:16 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-11-13 23:16:15 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2010-11-13 23:15:55 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-11-13 23:15:54 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-11-13 23:15:53 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-11-13 23:15:53 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-11-13 23:15:52 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-11-13 23:15:20 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-11-13 17:29:08 ----D---- C:\50cfb7d96da3dae3d7
2010-11-13 16:37:55 ----A---- C:\Documents and Settings\Zbyněk Juroš\Data aplikací\sdghzxfg.bat
2010-11-05 14:13:45 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-04 23:52:01 ----A---- C:\WINDOWS\system32\javaws.exe
2010-11-04 23:52:01 ----A---- C:\WINDOWS\system32\javaw.exe
2010-11-04 23:52:01 ----A---- C:\WINDOWS\system32\java.exe
2010-11-04 22:24:13 ----D---- C:\Program Files\ICQ6Toolbar
2010-11-04 22:24:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-11-04 22:23:25 ----D---- C:\Documents and Settings\Zbyněk Juroš\Data aplikací\ICQ
2010-11-04 22:23:01 ----D---- C:\Program Files\ICQ6.5
2010-11-04 22:19:10 ----D---- C:\Program Files\ICQToolbar
2010-11-04 17:06:07 ----A---- C:\WINDOWS\Sysvxd.exe
2010-11-03 23:38:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2010-11-03 14:32:39 ----A---- C:\WINDOWS\system32\drivers\aswFW.sys
2010-11-03 14:32:09 ----A---- C:\WINDOWS\system32\drivers\aswNdis2.sys
2010-11-03 14:31:48 ----D---- C:\Program Files\Alwil Software
2010-11-03 14:31:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-11-03 02:04:49 ----D---- C:\Program Files\CCleaner
2010-10-25 23:22:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Macromedia
2010-10-25 23:21:48 ----D---- C:\Program Files\Macromedia
2010-10-25 23:21:48 ----D---- C:\Program Files\Common Files\Macromedia
2010-10-25 23:19:25 ----A---- C:\WINDOWS\unlite3.exe
2010-10-25 23:19:24 ----D---- C:\Program Files\Bradbury

======List of files/folders modified in the last 1 months======

2010-11-14 16:25:40 ----RD---- C:\Program Files
2010-11-14 16:01:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-14 15:58:02 ----D---- C:\WINDOWS\Temp
2010-11-14 15:53:11 ----D---- C:\Program Files\Steam
2010-11-14 15:53:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\VMware
2010-11-14 15:52:35 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-11-14 15:52:29 ----A---- C:\WINDOWS\RTacDbg.txt
2010-11-14 15:52:23 ----D---- C:\WINDOWS
2010-11-14 12:38:37 ----D---- C:\Documents and Settings
2010-11-14 00:31:33 ----HD---- C:\WINDOWS\inf
2010-11-14 00:31:26 ----D---- C:\WINDOWS\system32\drivers
2010-11-14 00:31:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-14 00:00:53 ----D---- C:\Documents and Settings\Zbyněk Juroš\Data aplikací\ChessBase
2010-11-13 23:18:03 ----D---- C:\WINDOWS\system32\CatRoot
2010-11-13 23:15:36 ----SHD---- C:\WINDOWS\Installer
2010-11-13 23:15:34 ----D---- C:\WINDOWS\WinSxS
2010-11-13 23:15:20 ----D---- C:\WINDOWS\system32
2010-11-13 21:09:41 ----AC---- C:\WINDOWS\wincmd.ini
2010-11-13 20:56:39 ----AC---- C:\WINDOWS\wcx_ftp.ini
2010-11-13 20:42:34 ----D---- C:\Program Files\Google
2010-11-13 16:37:57 ----SD---- C:\Documents and Settings\Zbyněk Juroš\Data aplikací\Microsoft
2010-11-10 20:12:16 ----D---- C:\Documents and Settings\Zbyněk Juroš\Data aplikací\Skype
2010-11-10 14:19:01 ----D---- C:\WINDOWS\system32\Com
2010-11-06 16:26:21 ----D---- C:\Documents and Settings\Zbyněk Juroš\Data aplikací\uTorrent
2010-11-05 18:03:44 ----D---- C:\WINDOWS\Debug
2010-11-05 16:38:41 ----D---- C:\Program Files\mIRC
2010-11-04 23:51:59 ----D---- C:\Program Files\Java
2010-11-04 22:27:56 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-04 20:15:59 ----D---- C:\WINDOWS\system32\inetsrv
2010-11-03 02:11:14 ----D---- C:\Documents and Settings\Zbyněk Juroš\Data aplikací\Media Player Classic
2010-11-03 02:09:50 ----D---- C:\WINDOWS\Minidump
2010-11-02 20:53:44 ----D---- C:\Program Files\Mozilla Firefox
2010-11-02 18:25:06 ----SD---- C:\WINDOWS\Tasks
2010-11-02 14:20:37 ----SHD---- C:\System Volume Information
2010-11-02 14:20:37 ----D---- C:\WINDOWS\system32\Restore
2010-10-31 13:21:40 ----SD---- C:\Program Files\HLSW
2010-10-31 06:22:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-30 07:45:52 ----D---- C:\Program Files\Microsoft Silverlight
2010-10-29 20:39:07 ----D---- C:\Documents and Settings\Zbyněk Juroš\Data aplikací\dvdcss
2010-10-25 23:21:48 ----D---- C:\Program Files\Common Files
2010-10-25 23:21:08 ----D---- C:\WINDOWS\Downloaded Installations
2010-10-23 13:14:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-10-20 19:13:44 ----AC---- C:\WINDOWS\win.ini
2010-10-16 19:01:14 ----D---- C:\Program Files\Ask.com

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 aswNdis2;avast! Firewall Core Firewall Service; C:\WINDOWS\system32\drivers\aswNdis2.sys [2010-09-07 190416]
R0 d347bus;d347bus; C:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-09 691696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 aswFW;avast! TDI Firewall driver; C:\WINDOWS\system32\drivers\aswFW.sys [2010-09-07 99792]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2010-09-07 340048]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2003-05-09 33248]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-05-26 21361]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R2 cdenable;cdenable; C:\WINDOWS\System32\Drivers\cdenable.sys [1999-06-10 6112]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys []
R2 iSMBIOS;iSMBIOS; \??\C:\WINDOWS\system32\drivers\iSMBIOS.SYS []
R2 SIODRV;SIODRV; \??\C:\WINDOWS\system32\drivers\SIODRV.SYS []
R2 vmci;VMware vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-10-28 31280]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-14 100224]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-09-27 9856]
R3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.23\RivaTuner32.sys []
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SMBios;Intel (R) System Management BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2003-10-14 36484]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vmkbd2;VMware kbd2; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-10-28 16560]
R3 WFsys;WinFox Control I/O Driver; C:\WINDOWS\system32\DRIVERS\wfsys.sys [2002-04-22 13692]
R4 WINFOXIO;WINFOXIO; \??\C:\WINDOWS\system32\Drivers\WINFOXIO.SYS []
S3 AMDPCI;AMDPCI; \??\C:\DOCUME~1\ZBYNKJ~1\LOCALS~1\Temp\AMDPCI.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\ZBYNKJ~1\LOCALS~1\Temp\ECV7.tmp []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-06-05 25280]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-01-27 50704]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2008-06-27 332928]
S3 smbusp;Intel(R) SMBus 2.0 Driver; C:\WINDOWS\system32\DRIVERS\smb.sys [2002-10-23 21963]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Via4in1;Via4in1; \??\D:\DATA\fscommand\Via4in1.sys []
S3 vmusb;VMware USB Client Driver; C:\WINDOWS\System32\Drivers\vmusb.sys [2008-10-28 31280]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba; C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2009-05-14 759048]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-03-19 731840]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-30 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-10-24 215104]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2008-10-28 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-10-28 326192]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-10-28 399920]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 avast! Firewall;avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe []
S2 BNDMSS;Windows Network Data Management System Service; C:\WINDOWS\system32\bndmss.exe []
S2 gupdate1c9f8e0db4527b8;Služba Google Update (gupdate1c9f8e0db4527b8); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-29 133104]
S2 imonNT;Intel(R) Active Monitor; C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe [2003-01-10 102400]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 svchost32;Windows Service Manager; C:\WINDOWS\system32\Com\svchost.exe /service []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2008-10-02 191024]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Zdravim, pekny podvecer preji a vitam Vas u nas na foru

Uprimne, zaliskane je to jak jetel

Dulezita data je nutne mit zalohovana - viz muj podpis

Pri ukladani combofixu - navod nize - jej ulozte jako Beruska.com

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Staci kdyz to spustim jako spravce pocitace ? pres spustit jako administrator ve winXP mi to nejde nevim proc... Ten ucet na kterym jsem je plny Spravce pocitace... a odhlasit a prihlasit se jako administrator mi nejde...

Pokud jste na ucte kde muzete normalne instalovat programy, tak je to ucet s pravy admina, takze muzete...

uz dobry nez jste mi napsal tak jsem si zmenil heslo administratora pres net usera ale nemam nainstalovanou konzoli pro zotaveni bude vyhledavani uspesne ?

Ta konzola byla vhodna, jelikoz CF jinak nebude moct obnovovat nakazene soubory...zatim to tak nechte a nechame ji nainstalovat pri dalsim spusteni CF se skriptem ktery Vam napisu jak uvidim log...

tak dobry ja jsem si myslel ze kdyz mi nejde internet tak to nepude stahnout ale ono mi vlastne nejde jenom pres virtualizovany prohlizece jinak ping v cmd jde v pohode a combofix uz jede

Fajn, pockam na log a budem cistit dale...

Prosim vas kdepak najdu ten log ? vubec se mi to nedari zkousel jsem C:/beruska.com a asi jsem slepy

Log by se mel vytvorit jako C:\combofix.txt

nebo se mi vytvori nekde specialni soubor ?

Log by mel byt ulozen jako C:\Combofix.txt

Pokud jej tam nemate, tak se podivejte ci mate vytvorenou slozku C:\Qoobox - pokud ano, tak mi ji zabalte a uploadnete napr na LP http://leteckaposta.cz/

Prohledal jsem cely Tento Pocitac pres start-> hledat a naslo mi to jediny tento soubor s nazvem Combofix nemelo by jste to spis jmenovat Beruska.com.txt ?

ComboFix 10-11-13.01 - Administrator 14.11.2010 17:53:26.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1279.587 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Zbyněk Juroš\Plocha\Beruska.com.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: avast! Antivirus *enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

ano Qoobox tady mam ! hned to bude

zde to je http://www.uloz.to/6557787/qooboxaproblemysvirama-rar