Prosím o kontrolu logu - vírus

[ab021]

Kontrľoval som PC MWAV, ktorý mi našiel:
Objekt "ZeroClean Adware" nalezen v souborovém systému! Provedené akce: Záznam odstraněn.
Po opätovnej kontrole (po reštarte sa tento objekt opäť objavil tzn., že ho MWAV neodstránil. THX
Logfile of random's system information tool 1.06 (written by random/random)
Run by ab021 at 2010-12-26 23:14:41
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 44 GB (80%) free of 55 GB
Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:47, on 26.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Pixart\PAC7302\PACTray.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
F:\Install 2\RSIT\RSIT\RSIT.exe
C:\Program Files\trend micro\ab021.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PACTray] C:\WINDOWS\Pixart\PAC7302\PACTray.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Kalendár.lnk = C:\WINDOWS\MENINY.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CB07AE8-E034-4060-B9CA-B7F00B567885}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5969 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2010-09-24 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-12-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-12-02 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2010-09-24 491520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2215064]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"PACTray"=C:\WINDOWS\Pixart\PAC7302\PACTray.exe [2009-03-23 327680]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2007-12-10 323584]
"RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe [2005-06-20 1056768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"WEBTRAN"= []
"OEXPRESS"= []

C:\Documents and Settings\ab021\Nabídka Start\Programy\Po spuštění
Kalendár.lnk - C:\WINDOWS\MENINY.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDrives"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Program Files\ICQ7.2\ICQ.exe"="D:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"D:\Program Files\ICQ7.2\aolload.exe"="D:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\ICQ7.2\ICQ.exe"="D:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"D:\Program Files\ICQ7.2\aolload.exe"="D:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2010-12-26 23:14:41 ----D---- C:\rsit
2010-12-26 23:14:41 ----D---- C:\Program Files\trend micro
2010-12-26 23:06:45 ----AD---- C:\WINDOWS\rundll16.exe
2010-12-26 23:06:45 ----AD---- C:\WINDOWS\logo1_.exe
2010-12-20 18:45:35 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2010-12-20 18:45:35 ----A---- C:\WINDOWS\REGEDIT.COM
2010-12-14 20:12:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2010-12-14 20:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2010-12-14 20:10:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2010-12-14 20:10:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2010-12-14 20:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2010-12-14 20:10:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2010-12-14 20:10:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2010-12-14 18:27:36 ----D---- C:\Program Files\Common Files\Apple
2010-12-08 14:13:52 ----SHD---- C:\RECYCLER
2010-12-02 16:19:14 ----D---- C:\Program Files\Common Files\Java
2010-12-02 16:19:06 ----A---- C:\WINDOWS\system32\javaws.exe
2010-12-02 16:19:06 ----A---- C:\WINDOWS\system32\javaw.exe
2010-12-02 16:19:06 ----A---- C:\WINDOWS\system32\java.exe
2010-12-02 16:18:58 ----D---- C:\Program Files\Java
2010-12-02 16:14:54 ----D---- C:\Documents and Settings\ab021\Data aplikací\Mozilla
2010-12-02 16:14:49 ----D---- C:\Program Files\Mozilla Firefox
2010-11-29 17:19:37 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-29 17:19:37 ----A---- C:\WINDOWS\system32\vuins32.dll
2010-11-29 17:19:35 ----A---- C:\WINDOWS\system32\difxapi.dll
2010-11-29 05:46:57 ----D---- C:\Program Files\Common Files\MicroWorld
2010-11-29 05:46:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-11-28 18:04:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Symantec

======List of files/folders modified in the last 1 months======

2010-12-26 23:14:42 ----D---- C:\WINDOWS\Temp
2010-12-26 23:14:41 ----RD---- C:\Program Files
2010-12-26 23:14:25 ----D---- C:\WINDOWS
2010-12-26 23:14:25 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-12-26 23:00:58 ----A---- C:\WINDOWS\win.ini
2010-12-26 23:00:03 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-12-26 22:37:52 ----D---- C:\WINDOWS\Prefetch
2010-12-26 22:29:25 ----D---- C:\Documents and Settings\ab021\Data aplikací\ICQ
2010-12-26 19:24:37 ----A---- C:\WINDOWS\TRNCOM.INI
2010-12-26 18:59:41 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-24 12:00:04 ----D---- C:\Documents and Settings\ab021\Data aplikací\Skype
2010-12-24 11:32:58 ----D---- C:\Documents and Settings\ab021\Data aplikací\skypePM
2010-12-23 14:04:00 ----D---- C:\WINDOWS\Help
2010-12-23 11:06:39 ----SHD---- C:\System Volume Information
2010-12-23 11:06:39 ----D---- C:\WINDOWS\system32\Restore
2010-12-23 00:46:03 ----D---- C:\WINDOWS\system32\drivers
2010-12-23 00:44:13 ----A---- C:\WINDOWS\WTRAN32.INI
2010-12-22 12:29:15 ----A---- C:\WINDOWS\NeroDigital.ini
2010-12-22 12:28:47 ----HD---- C:\WINDOWS\inf
2010-12-20 19:49:21 ----D---- C:\Documents and Settings\ab021\Data aplikací\Download Manager
2010-12-20 18:45:35 ----D---- C:\WINDOWS\system32
2010-12-20 01:16:59 ----D---- C:\Documents and Settings\ab021\Data aplikací\Vso
2010-12-20 01:07:44 ----D---- C:\WINDOWS\system32\config
2010-12-20 00:23:39 ----RSD---- C:\WINDOWS\Fonts
2010-12-15 10:02:04 ----A---- C:\WINDOWS\system32\AutoPartNt.exe
2010-12-14 23:33:32 ----SHD---- C:\WINDOWS\Installer
2010-12-14 21:24:22 ----D---- C:\WINDOWS\Debug
2010-12-14 21:18:16 ----D---- C:\Program Files\Internet Explorer
2010-12-14 21:17:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-14 21:16:01 ----A---- C:\WINDOWS\system32\MRT.exe
2010-12-14 21:15:06 ----D---- C:\Program Files\Outlook Express
2010-12-14 21:14:59 ----D---- C:\WINDOWS\system32\CatRoot
2010-12-14 21:11:14 ----D---- C:\WINDOWS\system32\wbem
2010-12-14 21:11:12 ----D---- C:\WINDOWS\Registration
2010-12-14 20:10:49 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-14 18:31:18 ----SD---- C:\WINDOWS\Tasks
2010-12-14 18:27:36 ----D---- C:\Program Files\Common Files
2010-12-08 14:45:42 ----RASH---- C:\boot.ini
2010-12-08 14:45:42 ----A---- C:\WINDOWS\system.ini
2010-12-08 14:13:33 ----D---- C:\WINDOWS\ERDNT
2010-12-08 14:09:11 ----D---- C:\WINDOWS\AppPatch
2010-12-05 08:12:20 ----SD---- C:\Documents and Settings\ab021\Data aplikací\Microsoft
2010-12-05 08:12:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-12-02 16:19:00 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-12-01 19:06:35 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-12-01 11:28:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-29 17:26:42 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-11-29 11:41:01 ----D---- C:\WINDOWS\pss
2010-11-29 08:14:29 ----D---- C:\Documents and Settings\ab021\Data aplikací\BSplayer PRO
2010-11-29 05:46:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-11-29 05:46:47 ----D---- C:\Program Files\DivX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-08-03 55256]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2010-10-11 39264]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-05-12 1332544]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-07-29 32608]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2010-06-25 47104]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 PAC7302;Trust Webcam 16175; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2008-11-10 461312]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-09-24 47360]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\WINDOWS\System32\DRIVERS\irstusb.sys [2001-08-17 26624]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-11-11 41984]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\System32\ntsim.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-10-17 230944]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-08-12 810144]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-12-02 153376]
R2 MBAMService;MBAMService; D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[cernohous13]

Zdravím,

v logu není nic nebezpečného.

nalezen v souborovém systému - tímto způsobem MWAV označuje záznam v registrech po dříve odstraněném malware
- nic čím by ses musel zabývat

Udělej scan MBAM - máš ho tam

[ab021]

Urobil som scan MBAM, ale ten nič nenašiel. Poraďte, ako túto hlášku z MWAV zlikvidovať? Po každom reštarte systému a kontrole MWAV sa to objaví. Po druhej kontrole bez reštartu je to čisté.

[cernohous13]

Jsi tak dobrý, že si dovolíš jít do Editoru registru? - už jsem ti napsal, že to není nic závadného

[ab021]

Môžem ísť aj do editoru registru.

[cernohous13]

Start -> Spustit... -> napiš regedit -> OK

označ "Tento počítač" -> Soubor -> Exportovat... -> uložíš zálohu registru
označ "Tento počítač" -> Úpravy -> Najít - do okna napiš hledaný výraz -> Najít další -> při nálezu klik pravým -> Odstranit
Pak F3 - najít další atd.

[ab021]

To som už skúšal, ale v registroch som nič nenašiel. Potreboval by som vedieť, čo ho asi načítava pri štarte PC, pretože po opätovnom skene bez reštartu tam nie je.

[cernohous13]

restartuj a pak proveď následující:

Stáhni "System Look" - http://jpshortstuff.247fixes.com/SystemLook.exe
Spusť jej a do okna zkopíruj

Kód: Vybrat vše

:filefind
ZeroClean
:regfind
ZeroClean

Klik na Look a po scanu sem zkopíruj výsledek hledání

musel jsi ho tam mít v minulosti nainstalovaný

[ab021]

SystemLook 04.09.10 by jpshortstuff
Log created at 19:12 on 27/12/2010 by ab021
Administrator - Elevation successful

========== filefind ==========

Searching for "ZeroClean"
No files found.

========== regfind ==========

Searching for "ZeroClean"
No data found.

-= EOF =-

[cernohous13]

V tuto chvíli není co řešit

[ab021]

Myslel som si, že je to zapísané v protokole ESS, ale vymazal som protokoly a problém sa objavil opäť.
27 XII 2010 19:46:25 - ***** Testování služeb *****

27 XII 2010 19:46:27 - ***** Prohledávání registrů a souborů na přítomnost Adware/Spyware *****
27 XII 2010 19:46:27 - Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\ab021\LOCALS~1\temp\spydb.avs, Size: 961941]...
27 XII 2010 19:46:27 - Indexed Spyware Databases Successfully Created...

27 XII 2010 19:46:31 - Offending Registry Entry found: HKCU\Software\Local AppWizard-Generated Applications
27 XII 2010 19:46:31 - System found infected with ZeroClean Adware (HKCU\Software\Local AppWizard-Generated Applications)! Action taken: Záznam odstraněn.
27 XII 2010 19:46:31 - Objekt "ZeroClean Adware" nalezen v souborovém systému! Provedené akce: Záznam odstraněn.


27 XII 2010 19:46:31 - Testování MountPoints2 RegKey...
27 XII 2010 19:46:31 - Testování CLSID RegKey...
27 XII 2010 19:46:31 - Testování ModuleUsage RegKey...

[cernohous13]

co se tyce tohohle C:\DOCUME~1\janci\LOCALS~1\Temp\spydb.avs -je docasna databaze anti/anti spy produktu, kdyz vymazes obsah slozky temp - vymazes i "problem"

v regeditu smaž klíč HKCU\Software\Local AppWizard-Generated Applications

[ab021]

Taký kľúč v registroch nie je. Nedalo mi, aby som sa nepokúsil vyriešiť tento problém a tak som vymazal všetky súbory a registre týkajúcich sa microworldu a na prekvapenie sa už problém neobjavil. MWAV musel mať niekde túto položku zapísanú. Ďakujem za ochotu a stratený čas pri riešení. Prajem príjemný zvyšok večera, veselé prežitie konca roka 2010 a v roku 2011 veľa osobných a pracovných úspechov.
P.S. Mimo témy - SZ

[cernohous13]

I tobě a tvým blízkým přeji úspěšný rok 2011 v plném zdraví.

Nemáš zač - rádo se stalo a jsme tady i příště