VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Potíž s virem

https://forum.viry.cz:443/viewtopic.php?t=111202

Stránka 1 z 1

Potíž s virem

Napsal: 19 dub 2011 19:19
od Davian
Dobrý den všem,

rád bych ještě jednou požádal o pomoc - mám tu počítač, na kterém rejdí nějaké svinstvo. Běh je neuvěřitelně zpomalený a pořád se otevírá nějaký falešný antivirus jménem Antivirus 2010 nebo tak něco... pomůžete prosím?

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by TESSA at 2011-04-19 20:14:28
Microsoft Windows XP Professional Service Pack 3
System drive C: has 454 GB (95%) free of 477 GB
Total RAM: 2047 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:14:35, on 19-4-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Documents and Settings\Tessa Geniets\Bureaublad\movie.exe
C:\program files\common files\microsoft shared\dw\1044\errorreporting.exe
C:\program files\divx\divx codec\divxwmpexttypedivxwmpexttype.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Documents and Settings\Tessa Geniets\Bureaublad\movie.exe
C:\program files\common files\microsoft shared\dw\1044\errorreporting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Documents and Settings\Tessa Geniets\Application Data\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe
C:\Documents and Settings\Tessa Geniets\Application Data\AntiVirus AntiSpyware 2011\securitymanager.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Tessa Geniets\Application Data\AntiVirus AntiSpyware 2011\securityhelper.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\MxDownloader.exe
C:\Documents and Settings\Tessa Geniets\Bureaublad\RSIT.exe
C:\Program Files\trend micro\Tessa Geniets.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [zorgtoeslagFree3.9.35.324] C:\Documents and Settings\Tessa Geniets\Bureaublad\movie.exe
O4 - HKLM\..\Run: [DWIntl20Microsoft] c:\program files\common files\microsoft shared\dw\1044\errorreporting.exe
O4 - HKLM\..\Run: [DivXWMPExtTypeDivXWMPExtTypeDivXWMPExtType] c:\program files\divx\divx codec\divxwmpexttypedivxwmpexttype.exe
O4 - HKLM\..\Run: [MicrosoftLifeCam] c:\program files\microsoft lifecam\driver32\vx6000\1040\microsoftlifecam.exe
O4 - HKLM\..\Run: [resourcesMicrosoft] c:\program files\microsoft silverlight\4.0.60129.0\lv\mscorlibresources.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
O4 - HKLM\..\Run: [hz2010winsetupDownloader] C:\Documents and Settings\Tessa Geniets\Bureaublad\movie.exe
O4 - HKLM\..\Run: [ReportingDWIntl20] C:\program files\common files\microsoft shared\dw\1044\errorreporting.exe
O4 - HKLM\..\Run: [LifeCamMicrosoft] c:\program files\microsoft lifecam\driver32\vx6000\1040\microsoftlifecam.exe
O4 - HKLM\..\Run: [DivXWMPExtTypeDivXWMPExtType] C:\program files\divx\divx codec\divxwmpexttypedivxwmpexttype.exe
O4 - HKLM\..\RunServices: [zorgtoeslagHuur1.10.1.10] C:\Documents and Settings\Tessa Geniets\Bureaublad\movie.exe
O4 - HKLM\..\RunServices: [quicktimeresourcesquicktime] c:\program files\quicktime\qtsystem\quicktime3gpp.resources\sv.lproj\quicktimeresourcesquicktime.exe
O4 - HKLM\..\RunServices: [QuickTimeWebHelperQuickTimeWebHelperQuickTime] c:\program files\quicktime\qtsystem\quicktimewebhelper.resources\nb.lproj\quicktimewebhelperquicktime.exe
O4 - HKLM\..\RunServices: [ConverterHZ2011] C:\Documents and Settings\Tessa Geniets\Bureaublad\movie.exe
O4 - HKLM\..\RunServices: [ReportingError] C:\program files\common files\microsoft shared\dw\1044\errorreporting.exe
O4 - HKLM\..\RunServices: [MicrosoftLifeCam] c:\program files\microsoft lifecam\driver32\vx6000\1040\microsoftlifecam.exe
O4 - HKLM\..\RunServices: [DivXWMPExtTypeDivXWMPExtType] C:\program files\divx\divx codec\divxwmpexttypedivxwmpexttype.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DriverFinder] C:\Program Files\DriverFinder\DriverFinder.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AntiVirus AntiSpyware 2011] "C:\Documents and Settings\Tessa Geniets\Application Data\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe" /STARTUP
O4 - HKCU\..\Run: [AntiVirus AntiSpyware 2011 Security] C:\Documents and Settings\Tessa Geniets\Application Data\AntiVirus AntiSpyware 2011\securitymanager.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Tessa Geniets\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Tessa Geniets\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.co ... .3.1.0.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

--
End of file - 11554 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Tessa Geniets.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-839522115-879983540-1417001333-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-879983540-1417001333-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-02-06 381656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2010-12-08 3123072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll [2011-01-17 175912]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-09-08 421888]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2003-05-29 790528]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2003-05-30 585728]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-02-19 1089536]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-12-21 86016]
"VX3000"=C:\WINDOWS\vVX3000.exe [2010-05-20 762736]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2010-05-20 119152]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]
"DivX Download Manager"=C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe [2010-12-08 63360]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2011-02-06 273544]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"zorgtoeslagFree3.9.35.324"=C:\Documents and Settings\Tessa Geniets\Bureaublad\movie.exe [2011-04-18 140800]
"DWIntl20Microsoft"=c:\program files\common files\microsoft shared\dw\1044\errorreporting.exe [2011-04-18 140800]
"DivXWMPExtTypeDivXWMPExtTypeDivXWMPExtType"=c:\program files\divx\divx codec\divxwmpexttypedivxwmpexttype.exe [2011-04-18 140800]
"MicrosoftLifeCam"=c:\program files\microsoft lifecam\driver32\vx6000\1040\microsoftlifecam.exe [2011-04-18 140800]
"resourcesMicrosoft"=c:\program files\microsoft silverlight\4.0.60129.0\lv\mscorlibresources.exe [2011-04-18 140800]
"SpyHunter Security Suite"=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2010-11-05 4098904]
"hz2010winsetupDownloader"=C:\Documents and Settings\Tessa Geniets\Bureaublad\movie.exe [2011-04-18 140800]
"ReportingDWIntl20"=C:\program files\common files\microsoft shared\dw\1044\errorreporting.exe [2011-04-18 140800]
"LifeCamMicrosoft"=c:\program files\microsoft lifecam\driver32\vx6000\1040\microsoftlifecam.exe [2011-04-18 140800]
"DivXWMPExtTypeDivXWMPExtType"=C:\program files\divx\divx codec\divxwmpexttypedivxwmpexttype.exe [2011-04-18 140800]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]
"DriverFinder"=C:\Program Files\DriverFinder\DriverFinder.exe []
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2010-10-24 323392]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"AntiVirus AntiSpyware 2011"=C:\Documents and Settings\Tessa Geniets\Application Data\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe [2011-04-18 2664448]
"AntiVirus AntiSpyware 2011 Security"=C:\Documents and Settings\Tessa Geniets\Application Data\AntiVirus AntiSpyware 2011\securitymanager.exe [2011-04-18 105984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-01-25 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\BitTorrent.exe"="C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:*:Enabled:The Battle for Middle-earth™ II"
"C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat"="C:\Program Files\Electronic Arts\The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe"="C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Microsoft LifeCam\LifeTray.exe"="C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe"
"C:\Program Files\Electronic Arts\The Rise of the Witch-king\patchget.dat"="C:\Program Files\Electronic Arts\The Rise of the Witch-king\patchget.dat:*:Enabled:patchgrabber"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Installer voor AVG"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-04-19 20:14:29 ----D---- C:\Program Files\trend micro
2011-04-19 20:14:28 ----D---- C:\rsit
2011-04-18 23:17:51 ----D---- C:\sh4ldr
2011-04-18 23:17:51 ----D---- C:\Program Files\Enigma Software Group
2011-04-18 23:17:27 ----D---- C:\WINDOWS\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-04-18 23:17:24 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-04-18 22:50:37 ----D---- C:\Documents and Settings\Tessa Geniets\Application Data\AntiVirus AntiSpyware 2011
2011-04-15 00:58:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2011-04-15 00:58:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2506223$
2011-04-15 00:56:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2011-04-15 00:52:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2508272$
2011-04-15 00:51:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2503658$
2011-04-15 00:50:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2011-04-15 00:50:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2011-04-15 00:50:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2511455$
2011-04-15 00:49:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2011-04-15 00:46:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2011-04-06 21:59:24 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-04-06 21:59:20 ----D---- C:\WINDOWS\system32\drivers\NSS
2011-04-06 21:59:20 ----D---- C:\Program Files\Norton Security Scan
2011-04-06 21:59:20 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2011-04-06 21:59:18 ----D---- C:\Program Files\NortonInstaller
2011-04-06 21:59:18 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2011-03-26 20:03:04 ----D---- C:\Program Files\Conduit
2011-03-26 20:02:54 ----D---- C:\Program Files\ConduitEngine
2011-03-24 21:28:07 ----HD---- C:\WINDOWS\PIF
2011-03-24 12:46:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2524375$

======List of files/folders modified in the last 1 months======

2011-04-19 20:14:29 ----RD---- C:\Program Files
2011-04-19 20:11:22 ----D---- C:\WINDOWS\Temp
2011-04-19 20:10:54 ----D---- C:\Program Files\DNA
2011-04-19 20:10:54 ----D---- C:\Documents and Settings\Tessa Geniets\Application Data\DNA
2011-04-19 20:06:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-04-19 18:58:00 ----D---- C:\WINDOWS\Prefetch
2011-04-18 23:17:55 ----SHD---- C:\WINDOWS\Installer
2011-04-18 23:17:27 ----D---- C:\WINDOWS
2011-04-18 23:17:24 ----D---- C:\Program Files\Common Files
2011-04-18 23:17:15 ----D---- C:\WINDOWS\system32\CatRoot2
2011-04-17 19:15:34 ----D---- C:\Documents and Settings\Tessa Geniets\Application Data\Belastingdienst
2011-04-15 10:14:59 ----RSD---- C:\WINDOWS\assembly
2011-04-15 10:08:52 ----D---- C:\WINDOWS\Microsoft.NET
2011-04-15 09:58:27 ----D---- C:\WINDOWS\system32
2011-04-15 09:58:26 ----HD---- C:\WINDOWS\inf
2011-04-15 01:00:24 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-04-15 00:58:20 ----HD---- C:\WINDOWS\$hf_mig$
2011-04-15 00:58:14 ----A---- C:\WINDOWS\imsins.BAK
2011-04-15 00:58:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-04-15 00:57:04 ----D---- C:\Program Files\Internet Explorer
2011-04-15 00:56:34 ----D---- C:\WINDOWS\WinSxS
2011-04-15 00:56:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-04-15 00:50:39 ----D---- C:\WINDOWS\system32\drivers
2011-04-15 00:46:59 ----A---- C:\WINDOWS\system32\MRT.exe
2011-04-09 11:01:25 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2011-04-09 11:01:19 ----D---- C:\Documents and Settings\Tessa Geniets\Application Data\DVDVideoSoftIEHelpers
2011-04-06 21:59:26 ----SD---- C:\WINDOWS\Tasks
2011-04-06 18:59:23 ----D---- C:\Documents and Settings\All Users\Application Data\DivX
2011-04-06 18:59:22 ----D---- C:\Program Files\DivX
2011-03-26 20:02:52 ----D---- C:\Program Files\DVDVideoSoftTB
2011-03-26 18:10:54 ----D---- C:\Program Files\DVDVideoSoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-12-30 691696]
R1 intelppm;Intel GV3-processorstuurprogramma; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Stuurprogramma voor toetsenbord-HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 Arp1394;1394 ARP-clientprotocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-25 1478656]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
R3 hidusb;Microsoft HID Class-stuurprogramma; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Stuurprogramma voor muis-HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12288]
R3 NIC1394;1394-stuurprogramma; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rtl8139;NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304]
R3 usbaudio;Stuurprogramma voor USB-audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft generiek hoofd-USB-stuurprogramma; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;Stuurprogramma voor USB-massaopslag; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2010-05-20 1961328]
S3 awva4q0r;awva4q0r; C:\WINDOWS\system32\drivers\awva4q0r.sys []
S3 CCDECODE;Closed Caption-decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\TESSAG~1\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video-verbinding; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 WSTCODEC;World Standard Teletext-codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-25 405504]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2010-05-20 139632]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SpyHunter 4 Service;SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-11-05 327000]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-01-26 520192]
S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-16 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Potíž s virem

Napsal: 19 dub 2011 19:23
od vyosek
Zdravim a pekny den preji :)

:arrow: Tak tohodle "fesaka" jsem uz dlouho nevidel :arcisit:

:arrow: Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

:arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: Potíž s virem

Napsal: 19 dub 2011 20:25
od Davian
Děkuji za odpověď a omlouvám se, že mi to tak trvalo - nejdříve problém s rkill.exe (nefungoval - .com ovšem ano) a poté combofix odmítl pokračovat bez deinstalace AVG. Zde je log combofixu.

Pozn.: jde o počítač přítelkyně, která je z Holandska, tak to vyjelo holandsky, nevím proč...

ComboFix 11-04-19.01 - Tessa Geniets 19-04-2011 21:06:57.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1792 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Tessa Geniets\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Tessa Geniets\Application Data\AntiVirus AntiSpyware 2011
c:\documents and settings\Tessa Geniets\Application Data\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe
c:\documents and settings\Tessa Geniets\Application Data\AntiVirus AntiSpyware 2011\IcoActivate.ico
c:\documents and settings\Tessa Geniets\Application Data\AntiVirus AntiSpyware 2011\IcoHelp.ico
c:\documents and settings\Tessa Geniets\Application Data\AntiVirus AntiSpyware 2011\IcoUninstall.ico
c:\documents and settings\Tessa Geniets\Application Data\AntiVirus AntiSpyware 2011\securityhelper.exe
c:\documents and settings\Tessa Geniets\Application Data\AntiVirus AntiSpyware 2011\securitymanager.exe
c:\documents and settings\Tessa Geniets\Application Data\Local
c:\documents and settings\Tessa Geniets\Application Data\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\documents and settings\Tessa Geniets\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
c:\documents and settings\Tessa Geniets\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus AntiSpyware 2011.lnk
c:\documents and settings\Tessa Geniets\Application Data\PriceGong
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Tessa Geniets\Bureaublad\AntiVirus AntiSpyware 2011.lnk
c:\documents and settings\Tessa Geniets\Bureaublad\movie.exe
c:\documents and settings\Tessa Geniets\Menu Start\Programma's\AntiVirus AntiSpyware 2011
c:\documents and settings\Tessa Geniets\Menu Start\Programma's\AntiVirus AntiSpyware 2011.lnk
c:\documents and settings\Tessa Geniets\Menu Start\Programma's\AntiVirus AntiSpyware 2011\Activate AntiVirus AntiSpyware 2011.lnk
c:\documents and settings\Tessa Geniets\Menu Start\Programma's\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware 2011.lnk
c:\documents and settings\Tessa Geniets\Menu Start\Programma's\AntiVirus AntiSpyware 2011\Help AntiVirus AntiSpyware 2011.lnk
c:\documents and settings\Tessa Geniets\Menu Start\Programma's\AntiVirus AntiSpyware 2011\How to Activate AntiVirus AntiSpyware 2011.lnk
c:\program files\Common Files\Microsoft Shared\DW\1044\ErrorReporting.exe
c:\program files\DivX\DivX Codec\DivXWMPExtTypeDivXWMPExtType.exe
c:\program files\microsoft lifecam\driver32\vx6000\1040\microsoftlifecam.exe
c:\program files\Microsoft Silverlight\4.0.60129.0\lv\mscorlibresources.exe
c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\sv.lproj\QuickTimeResourcesQuickTime.exe
c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\nb.lproj\QuickTimeWebHelperQuickTime.exe
.
Besmet exemplaar van c:\windows\system32\userinit.exe werd aangetroffen en gedesinfecteerd
Hersteld exemplaar van - c:\windows\ServicePackFiles\i386\userinit.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-03-19 to 2011-04-19 ))))))))))))))))))))))))))))))
.
.
2011-04-19 18:14 . 2011-04-19 18:14 -------- d-----w- c:\program files\trend micro
2011-04-19 18:14 . 2011-04-19 18:14 -------- d-----w- C:\rsit
2011-04-18 21:17 . 2011-04-18 21:17 110080 ----a-r- c:\documents and settings\Tessa Geniets\Application Data\Microsoft\Installer\{41EBC322-660F-4D16-A0DF-53147210CBDB}\IconF7A21AF7.exe
2011-04-18 21:17 . 2011-04-18 21:17 110080 ----a-r- c:\documents and settings\Tessa Geniets\Application Data\Microsoft\Installer\{41EBC322-660F-4D16-A0DF-53147210CBDB}\IconD7F16134.exe
2011-04-18 21:17 . 2011-04-18 21:17 -------- d-----w- C:\sh4ldr
2011-04-18 21:17 . 2011-04-18 21:17 -------- d-----w- c:\program files\Enigma Software Group
2011-04-18 21:17 . 2011-04-18 21:17 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-04-18 21:17 . 2011-04-18 21:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-04-06 19:59 . 2011-04-16 13:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-04-06 19:59 . 2011-04-06 19:59 -------- d-----w- c:\windows\system32\drivers\NSS
2011-04-06 19:59 . 2011-04-06 19:59 -------- d-----w- c:\program files\Norton Security Scan
2011-04-06 19:59 . 2011-04-06 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-04-06 19:59 . 2011-04-06 19:59 -------- d-----w- c:\program files\NortonInstaller
2011-03-26 18:03 . 2011-03-26 18:03 -------- d-----w- c:\program files\Conduit
2011-03-26 18:02 . 2011-03-26 18:02 -------- d-----w- c:\documents and settings\Tessa Geniets\Local Settings\Application Data\ConduitEngine
2011-03-24 19:28 . 2011-03-24 19:28 -------- d--h--w- c:\windows\PIF
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2010-10-16 15:29 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2006-03-02 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-03-02 12:00 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:07 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:07 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:07 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:43 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2006-03-02 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-03-02 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-03-02 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:54 . 2006-03-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:54 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2006-03-02 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-06 16:07 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-06 16:07 . 2011-02-06 16:07 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-02 07:58 . 2010-10-16 15:28 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-10-16 15:28 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-02 12:00 441344 ----a-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 15:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 15:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-10-24 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-02-06 273544]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2010-11-05 4098904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30-12-2010 23:59 691696]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [5-11-2010 17:53 327000]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16-10-2010 18:49 136176]
.
Inhoud van de 'Gedeelde Taken' map
.
2010-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 16:49]
.
2011-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-16 16:49]
.
2011-04-17 c:\windows\Tasks\Norton Security Scan for Tessa Geniets.job
- c:\progra~1\NORTON~2\Engine\310~1.21\Nss.exe [2011-04-06 14:02]
.
2011-04-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
2011-04-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-879983540-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
2011-04-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-879983540-1417001333-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Tessa Geniets\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Tessa Geniets\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-DriverFinder - c:\program files\DriverFinder\DriverFinder.exe
HKCU-Run-AntiVirus AntiSpyware 2011 - c:\documents and settings\Tessa Geniets\Application Data\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe
HKCU-Run-AntiVirus AntiSpyware 2011 Security - c:\documents and settings\Tessa Geniets\Application Data\AntiVirus AntiSpyware 2011\securitymanager.exe
HKLM-Run-zorgtoeslagFree3.9.35.324 - c:\documents and settings\Tessa Geniets\Bureaublad\movie.exe
HKLM-Run-DWIntl20Microsoft - c:\program files\common files\microsoft shared\dw\1044\errorreporting.exe
HKLM-Run-DivXWMPExtTypeDivXWMPExtTypeDivXWMPExtType - c:\program files\divx\divx codec\divxwmpexttypedivxwmpexttype.exe
HKLM-Run-MicrosoftLifeCam - c:\program files\microsoft lifecam\driver32\vx6000\1040\microsoftlifecam.exe
HKLM-Run-resourcesMicrosoft - c:\program files\microsoft silverlight\4.0.60129.0\lv\mscorlibresources.exe
HKLM-Run-hz2010winsetupDownloader - c:\documents and settings\Tessa Geniets\Bureaublad\movie.exe
HKLM-Run-ReportingDWIntl20 - c:\program files\common files\microsoft shared\dw\1044\errorreporting.exe
HKLM-Run-LifeCamMicrosoft - c:\program files\microsoft lifecam\driver32\vx6000\1040\microsoftlifecam.exe
HKLM-Run-DivXWMPExtTypeDivXWMPExtType - c:\program files\divx\divx codec\divxwmpexttypedivxwmpexttype.exe
AddRemove-AntiVirus AntiSpyware 2011 - c:\documents and settings\Tessa Geniets\Application Data\AntiVirus AntiSpyware 2011\securityhelper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-19 21:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2916)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Voltooingstijd: 2011-04-19 21:20:14 - machine werd herstart
ComboFix-quarantined-files.txt 2011-04-19 19:20
.
Pre-Run: 478.101.106.688 bytes beschikbaar
Post-Run: 477.372.882.944 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D28CC5A79655AB6F57F2222439B2B4CB

Re: Potíž s virem

Napsal: 19 dub 2011 20:33
od vyosek
:arrow: Je to holandsky, jelikoz CF ma holandsky preklad, tudiz to tak je :wink: Nevadi, ja se v tom nejak vyznam :D

:arrow: AVG bohuzel blokuje nektere funkce CFka, proto to chtelo uninstal, jeste to prozente Removerem AVG at tam nic neni
http://download.avg.com/filedir/util/su ... 1_1184.exe

:arrow: Doporucil bych tam dat Avast nebo Aviru - AVG nepatri mezi nase oblibence - vyssi zatez systemu, slabsi detekce

:arrow: A dejte mi chvili nez tu holandstinu prelouskam :wink:

Re: Potíž s virem

Napsal: 19 dub 2011 20:36
od Davian
Děkuji moc :D Zatím zlikviduju to AVG

Re: Potíž s virem

Napsal: 19 dub 2011 20:38
od vyosek
:arrow: Odinstalujte SpyHunter, neni to vhodne zabezpeceni

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

File::
c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Tessa Geniets.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-839522115-879983540-1417001333-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-879983540-1417001333-1003.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=-
"BitTorrent DNA"=-
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"DivX Download Manager"=-
"TkBellExe"=-
"DivXUpdate"=-
"SpyHunter Security Suite"=-

Driver::
gupdate

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: Potíž s virem

Napsal: 19 dub 2011 20:58
od Davian
Spyhunter byl odinstalován, ale toho AVG se snad ani zbavit nejde... pořád tam straší i přes použití Vašeho programu.

Zde je log, děkuji :)

ComboFix 11-04-19.01 - Tessa Geniets 19-04-2011 21:47:15.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1398 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Tessa Geniets\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Tessa Geniets\Bureaublad\CFScript.txt
AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP"
"c:\windows\tasks\AppleSoftwareUpdate.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\Norton Security Scan for Tessa Geniets.job"
"c:\windows\tasks\OGALogon.job"
"c:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-839522115-879983540-1417001333-1003.job"
"c:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-879983540-1417001333-1003.job"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Tessa Geniets\Application Data\PriceGong
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Tessa Geniets\Application Data\PriceGong\Data\z.xml
c:\windows\tasks\AppleSoftwareUpdate.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\OGALogon.job
c:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-839522115-879983540-1417001333-1003.job
c:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-879983540-1417001333-1003.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Service_gupdate
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-03-19 to 2011-04-19 ))))))))))))))))))))))))))))))
.
.
2011-04-19 18:14 . 2011-04-19 18:14 -------- d-----w- c:\program files\trend micro
2011-04-19 18:14 . 2011-04-19 18:14 -------- d-----w- C:\rsit
2011-04-18 21:17 . 2011-04-18 21:17 -------- d-----w- c:\program files\Enigma Software Group
2011-04-18 21:17 . 2011-04-19 19:24 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-04-18 21:17 . 2011-04-18 21:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-04-06 19:59 . 2011-04-19 19:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-04-06 19:59 . 2011-04-19 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-03-26 18:03 . 2011-03-26 18:03 -------- d-----w- c:\program files\Conduit
2011-03-26 18:02 . 2011-04-19 19:24 -------- d-----w- c:\documents and settings\Tessa Geniets\Local Settings\Application Data\ConduitEngine
2011-03-24 19:28 . 2011-03-24 19:28 -------- d--h--w- c:\windows\PIF
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2010-10-16 15:29 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2006-03-02 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2006-03-02 12:00 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:07 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:07 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:07 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:43 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2006-03-02 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2006-03-02 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-03-02 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:54 . 2006-03-02 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:54 . 2006-03-02 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2006-03-02 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-06 16:07 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-06 16:07 . 2011-02-06 16:07 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-02 07:58 . 2010-10-16 15:28 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-10-16 15:28 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-02 12:00 441344 ----a-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-19_19.16.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 19:53 . 2011-04-19 19:53 16384 c:\windows\temp\Perflib_Perfdata_d4.dat
+ 2011-04-19 19:53 . 2011-04-19 19:53 16384 c:\windows\temp\Perflib_Perfdata_1a0.dat
+ 2011-04-19 19:24 . 2011-04-19 19:24 27499 c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCall.dll
+ 2011-04-19 19:24 . 2011-04-19 19:24 133775 c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla21.dll
+ 2011-04-19 19:24 . 2011-04-19 19:24 130254 c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla20.dll
+ 2011-04-19 19:24 . 2011-04-19 19:24 130283 c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla2.dll
+ 2011-04-19 19:24 . 2011-04-19 19:24 130283 c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla19.dll
+ 2011-04-19 19:24 . 2011-04-19 19:24 133000 c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla18.exe
+ 2011-04-19 19:24 . 2011-04-19 19:24 130808 c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla17.dll
+ 2011-04-19 19:24 . 2011-04-19 19:24 133000 c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 15:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 15:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30-12-2010 23:59 691696]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Tessa Geniets\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\Tessa Geniets\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-19 21:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2204)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
.
**************************************************************************
.
Voltooingstijd: 2011-04-19 21:55:50 - machine werd herstart
ComboFix-quarantined-files.txt 2011-04-19 19:55
ComboFix2.txt 2011-04-19 19:20
.
Pre-Run: 477.552.910.336 bytes beschikbaar
Post-Run: 477.500.850.176 bytes beschikbaar
.
- - End Of File - - C6E40414B25416249D95FBFEF7794E91

Re: Potíž s virem

Napsal: 19 dub 2011 21:05
od vyosek
:arrow: Je to uz jen pozustatek v logu, v PC jiz neni - takze si dame jeste jeden skript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-

SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

File::
c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP

Reboot::

Re: Potíž s virem

Napsal: 19 dub 2011 21:20
od Davian
Hotovo :) Děkuji Vám za pomoc!




ComboFix 11-04-19.01 - Tessa Geniets 19-04-2011 22:11:11.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2047.1444 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Tessa Geniets\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: C:\Documents and Settings\Tessa Geniets\Bureaublad\CFScript.txt

FILE ::
"c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP"


(((((((((((((((((((( Bestanden Gemaakt van 2011-03-19 to 2011-04-19 ))))))))))))))))))))))))))))))


2011-04-19 18:14:29 . 2011-04-19 18:14:35 -------- d-----w- C:\Program Files\trend micro
2011-04-19 18:14:28 . 2011-04-19 18:14:38 -------- d-----w- C:\rsit
2011-04-18 21:17:51 . 2011-04-18 21:17:51 -------- d-----w- C:\Program Files\Enigma Software Group
2011-04-18 21:17:27 . 2011-04-19 19:24:24 -------- d-----w- C:\WINDOWS\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-04-18 21:17:24 . 2011-04-18 21:17:25 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2011-04-06 19:59:24 . 2011-04-19 19:23:38 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-04-06 19:59:20 . 2011-04-19 19:23:40 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Norton
2011-03-26 18:03:04 . 2011-03-26 18:03:04 -------- d-----w- C:\Program Files\Conduit
2011-03-26 18:02:54 . 2011-04-19 19:24:16 -------- d-----w- C:\Documents and Settings\Tessa Geniets\Local Settings\Application Data\ConduitEngine
2011-03-24 19:28:07 . 2011-03-24 19:28:07 -------- d--h--w- C:\WINDOWS\PIF
.


((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-03-07 05:33:45 . 2010-10-16 15:29:55 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-03-04 06:36:55 . 2006-03-02 12:00:00 420864 ----a-w- C:\WINDOWS\system32\vbscript.dll
2011-03-03 13:53:36 . 2006-03-02 12:00:00 1858048 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-02-22 23:07:58 . 2006-03-02 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-02-22 23:07:58 . 2006-03-02 12:00:00 43520 ------w- C:\WINDOWS\system32\licmgr10.dll
2011-02-22 23:07:58 . 2006-03-02 12:00:00 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-02-22 11:43:15 . 2006-03-02 12:00:00 385024 ------w- C:\WINDOWS\system32\html.iec
2011-02-17 13:18:24 . 2006-03-02 12:00:00 455936 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-02-17 13:18:03 . 2006-03-02 12:00:00 357888 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2011-02-17 12:54:07 . 2008-05-05 05:25:24 5632 ----a-w- C:\WINDOWS\system32\xpsp4res.dll
2011-02-15 12:56:39 . 2006-03-02 12:00:00 290432 ----a-w- C:\WINDOWS\system32\atmfd.dll
2011-02-09 13:54:04 . 2006-03-02 12:00:00 270848 ----a-w- C:\WINDOWS\system32\sbe.dll
2011-02-09 13:54:04 . 2006-03-02 12:00:00 186880 ----a-w- C:\WINDOWS\system32\encdec.dll
2011-02-08 13:33:59 . 2006-03-02 12:00:00 978944 ----a-w- C:\WINDOWS\system32\mfc42.dll
2011-02-08 13:33:59 . 2006-03-02 12:00:00 974848 ----a-w- C:\WINDOWS\system32\mfc42u.dll
2011-02-06 16:07:58 . 2003-02-21 02:42:00 348160 ----a-w- C:\WINDOWS\system32\msvcr71.dll
2011-02-06 16:07:57 . 2011-02-06 16:07:57 499712 ----a-w- C:\WINDOWS\system32\msvcp71.dll
2011-02-02 07:58:57 . 2010-10-16 15:28:30 2067456 ----a-w- C:\WINDOWS\system32\mstscax.dll
2011-01-27 11:57:06 . 2010-10-16 15:28:30 677888 ----a-w- C:\WINDOWS\system32\mstsc.exe
2011-01-21 14:44:07 . 2006-03-02 12:00:00 441344 ----a-w- C:\WINDOWS\system32\shimgvw.dll


((((((((((((((((((((((((((((( SnapShot@2011-04-19_19.16.24 )))))))))))))))))))))))))))))))))))))))))

+ 2011-04-19 20:16:17 . 2011-04-19 20:16:17 16384 C:\WINDOWS\temp\Perflib_Perfdata_dc.dat
+ 2011-04-19 20:16:16 . 2011-04-19 20:16:16 16384 C:\WINDOWS\temp\Perflib_Perfdata_694.dat
+ 2011-04-19 19:24:07 . 2011-04-19 19:24:07 27499 C:\WINDOWS\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCall.dll
+ 2011-04-19 19:24:07 . 2011-04-19 19:24:07 133775 C:\WINDOWS\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla21.dll
+ 2011-04-19 19:24:07 . 2011-04-19 19:24:07 130254 C:\WINDOWS\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla20.dll
+ 2011-04-19 19:24:07 . 2011-04-19 19:24:07 130283 C:\WINDOWS\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla2.dll
+ 2011-04-19 19:24:07 . 2011-04-19 19:24:07 130283 C:\WINDOWS\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla19.dll
+ 2011-04-19 19:24:07 . 2011-04-19 19:24:07 133000 C:\WINDOWS\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla18.exe
+ 2011-04-19 19:24:07 . 2011-04-19 19:24:07 130808 C:\WINDOWS\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla17.dll
+ 2011-04-19 19:24:07 . 2011-04-19 19:24:07 133000 C:\WINDOWS\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla.dll

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 15:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 15:54:02 175912 ----a-w- C:\Program Files\ConduitEngine\prxConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 15:54:02 175912 ----a-w- C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 15:54:02 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 15:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 15:54:02 175912]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 20:12:38 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 14:28:32 790528]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 07:22:08 1089536]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 16:57:24 86016]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2010-05-20 14:27:26 762736]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 14:27:24 119152]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43:58 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 17:02:53 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=

R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [30-12-2010 23:59:10 691696]


------- Bijkomende Scan -------

uStart Page = about:blank
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Documents and Settings\Tessa Geniets\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - C:\Documents and Settings\Tessa Geniets\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Re: Potíž s virem

Napsal: 19 dub 2011 21:23
od vyosek
:arrow: No jeste udelame jeden test, tyhle mrchy se rozlezou vsude mozne...

:arrow: Odinstalujte Combofix
  • Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
  • Napiste ComboFix /Uninstall
  • Stisknete Enter
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)
  • Provedte aktualizaci - treti zalozka
  • Provedte uplny sken - nic nemazte :!:
  • MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

Re: Potíž s virem

Napsal: 19 dub 2011 21:53
od Davian
Hotovo :) Log opět "vtipně" holandsky - za to se omlouvám, s přítelkyní se tak dorozumíváme a automaticky jsem to odklepl...

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Databaseversie: 6400

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19-4-2011 22:51:30
mbam-log-2011-04-19 (22-51-28).txt

Scantype: Volledige scan (C:\|D:\|)
Objecten gescand: 175732
Verstreken tijd: 14 minuut/minuten, 59 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 2
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.
HKEY_CURRENT_USER\Software\AntiVirus AntiSpyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> No action taken.

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Re: Potíž s virem

Napsal: 19 dub 2011 22:02
od vyosek
:arrow: V pohode, ja vim co na tech radkach ma byt v cestine (pripadne anglictine), takze mi to nejak nevadi :D

:arrow: nalezy MBAMu smazte

:arrow: Jak se chova PC :???:

Re: Potíž s virem

Napsal: 19 dub 2011 22:29
od Davian
Smazáno. Vše se zdá v pořádku, zaznamenávám zrychlení o sto procent. Díky moc :)

Re: Potíž s virem

Napsal: 19 dub 2011 22:32
od vyosek
Tak jeste pouklizime :James008:

:arrow: MBAM muzete odinstalovat nebo nechat na obcasny sken - v pripade nalezu velmi doporucuji dat sem log na posouzeni, at si neodstrelite neco legitimniho

:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Nainstalujte zabezpeceni PC, pokud jste tak neucinil - nami doporucene zabezpeceni je zde http://www.viry.cz/forum/viewtopic.php?f=29&t=6152

:arrow: Stahnete Ccleaner (viz muj podpis)
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za 14 dni

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :turned:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz