VIRY.CZ

Dobrý večer, chtěla bych poprosit o pomoc s (jedním?) neřádem. Tváří se jako antivirus Security Shield a dělá pěknou neplechu. Nejenže mi pořád vyskakují pornostránky a upozornění, že našel několik škodlivých virů, abych si ho zaregistrovala, ale teď už mě nechce pustit ani do přidání či odebrání programů nebo do bodu obnovení systému Windows. Dokonce zřejmě zablokoval i přístup k internetu nakonec, proto musím psát ze druhého počítače. Zkoušela jsem ho najít NODem, Avastem, Spybotem, ale nic. Mohli byste mi prosím poradit? Tady je log z programu RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2011-05-25 19:15:21
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (23%) free of 76 GB
Total RAM: 1015 MB (57% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Install.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [2010-01-08 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\SearchSettings.dll [2010-01-08 1109504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [2010-01-08 700416]
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2008-11-10 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2008-11-10 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2008-11-10 118784]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-05-04 14396416]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-03-09 139264]
"SBDrvDet"=C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r []
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-01-28 2757512]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2010-01-08 974848]
"TrayServer"=C:\PROGRA~1\MAGIX\MOVIE_~1\TrayServer.exe [2008-11-13 90112]
"TWCU"=C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe [2010-06-21 561263]
"conhost"=C:\Documents and Settings\Administrator\Data aplikací\Microsoft\conhost.exe [2011-05-24 177152]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2011-05-24 949376]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Spybot - Search & Destroy"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592]
"SpybotDeletingA7185"=command.com /c del C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe_old []
"SpybotDeletingC5342"=cmd.exe /c del C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe_old []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SetDefaultMIDI"=C:\WINDOWS\system32\MIDIDef.exe [2008-11-10 28672]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]
"RemoteCenter"=C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE [2003-10-08 139264]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB6188"=command.com /c del C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe_old []
"SpybotDeletingD5594"=cmd.exe /c del C:\Documents and Settings\Administrator\Local Settings\Temp\csrss.exe_old []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-11-10 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-11-10 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutorun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2011-05-25 19:15:22 ----D---- C:\Program Files\trend micro
2011-05-25 19:15:21 ----D---- C:\rsit
2011-05-25 18:39:25 ----A---- C:\WINDOWS\wininit.ini
2011-05-25 17:55:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-05-25 17:55:49 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-05-24 20:30:22 ----A---- C:\WINDOWS\system32\imon.dll
2011-05-24 20:30:22 ----A---- C:\WINDOWS\system32\drivers\nod32drv.sys
2011-05-24 20:30:22 ----A---- C:\WINDOWS\system32\drivers\amon.sys
2011-05-24 20:30:21 ----D---- C:\Program Files\Eset
2011-05-22 11:14:57 ----RHD---- C:\AHCache
2011-05-15 18:15:00 ----RHD---- C:\Documents and Settings\All Users\Data aplikací\Atheros
2011-05-15 18:14:56 ----A---- C:\WINDOWS\system32\IPTests.dll
2011-05-15 18:14:56 ----A---- C:\WINDOWS\system32\acs.exe
2011-05-15 18:14:47 ----A---- C:\WINDOWS\system32\wsimd.dll
2011-05-15 18:14:47 ----A---- C:\WINDOWS\system32\wsfwDS.dll
2011-05-15 18:14:47 ----A---- C:\WINDOWS\system32\dsaNac.dll
2011-05-15 18:14:47 ----A---- C:\WINDOWS\system32\drivers\wsimd.sys
2011-05-15 18:14:46 ----A---- C:\WINDOWS\system32\wsimd.sys
2011-05-15 18:14:46 ----A---- C:\WINDOWS\system32\dsa.dll
2011-05-15 18:14:45 ----D---- C:\Program Files\TP-LINK
2011-05-15 18:14:45 ----A---- C:\WINDOWS\system32\wgapiloc.dll
2011-05-15 18:14:45 ----A---- C:\WINDOWS\system32\wgapi.dll
2011-05-15 18:14:45 ----A---- C:\WINDOWS\system32\wcapiU.dll
2011-05-15 18:14:45 ----A---- C:\WINDOWS\system32\wcapi.dll
2011-05-15 18:14:45 ----A---- C:\WINDOWS\system32\athcfg20U.dll
2011-05-15 18:14:45 ----A---- C:\WINDOWS\system32\athcfg20resU.dll
2011-05-15 18:14:45 ----A---- C:\WINDOWS\system32\athcfg20res.dll
2011-05-15 18:14:45 ----A---- C:\WINDOWS\system32\athcfg20.dll
2011-05-15 18:14:28 ----A---- C:\WINDOWS\system32\drivers\athuw.sys
2011-05-15 18:14:28 ----A---- C:\WINDOWS\system32\athuw.sys
2011-05-15 18:14:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\TP-LINK

======List of files/folders modified in the last 1 months======

2011-05-25 19:15:22 ----RD---- C:\Program Files
2011-05-25 19:14:16 ----D---- C:\WINDOWS\Temp
2011-05-25 19:14:16 ----D---- C:\WINDOWS\system32\Lang
2011-05-25 19:12:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-05-25 18:54:31 ----D---- C:\WINDOWS\Prefetch
2011-05-25 18:45:47 ----D---- C:\WINDOWS\system32\CatRoot2
2011-05-25 18:39:25 ----D---- C:\WINDOWS
2011-05-25 18:31:13 ----SH---- C:\boot.ini
2011-05-25 17:59:20 ----D---- C:\WINDOWS\system32\drivers\etc
2011-05-24 20:30:22 ----D---- C:\WINDOWS\system32\drivers
2011-05-24 20:30:22 ----D---- C:\WINDOWS\system32
2011-05-24 19:14:15 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2011-05-22 15:29:16 ----D---- C:\Program Files\Sniper Elite
2011-05-21 12:06:40 ----D---- C:\WINDOWS\system32\data
2011-05-21 12:06:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-05-21 12:06:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-05-15 18:24:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-05-15 18:15:05 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-05-15 18:15:00 ----SHD---- C:\WINDOWS\Installer
2011-05-15 18:14:50 ----HD---- C:\WINDOWS\inf
2011-05-15 18:14:27 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel RAID Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-03-09 870912]
R0 iteraid;ITERAID_Service_Install; C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-10-29 25067]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-11-10 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-28 28240]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-01-28 163280]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-28 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2011-05-24 15424]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2011-05-24 512096]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-28 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-28 100432]
R2 PfDetNT;PfDetNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-11-10 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-12-06 126720]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2008-11-10 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-11-10 524312]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2008-11-10 14360]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2008-11-10 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2008-11-10 92696]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2008-11-10 797720]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2008-11-10 1399615]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-05-04 2951680]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-11-10 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-11-10 127000]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2010-06-21 58208]
S0 qobkcpjj;qobkcpjj; C:\WINDOWS\system32\drivers\qobkcpjj.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2010-07-28 1756384]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-28 23376]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2008-11-10 98328]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2008-11-10 170520]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2008-11-10 551960]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2008-11-10 346856]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2008-11-10 174104]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2008-11-10 286232]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2008-11-10 134680]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2008-11-10 329240]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL [2008-11-10 100888]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2008-11-10 1323544]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2008-11-10 72728]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2008-11-10 566296]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2008-11-10 162840]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2008-11-10 189464]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-11-10 12160]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PAC207;VideoCAM GE111; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-11-10 104320]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-11-10 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-11-10 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;TP-LINK Configuration Service; C:\WINDOWS\system32\acs.exe [2010-06-21 499796]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 IAANTMon;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-03-09 86140]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 3576320]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2011-05-24 552064]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Předem moc moc děkuji za odpověď.

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Dobrý večer, posílám log z Combofixu:

ComboFix 11-05-25.01 - Administrator 26.05.2011 19:51:32.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.613 [GMT 2:00]
Spuštěný z: G:\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Data aplikací\Dealio
c:\documents and settings\Administrator\Data aplikací\Dealio\res\widgets.xml
c:\documents and settings\Administrator\Data aplikací\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\Administrator\Data aplikací\Microsoft\conhost.exe
c:\documents and settings\Administrator\Local Settings\Data aplikací\rstuix.exe
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\IE\4.0.2\config.ini
c:\program files\Dealio Toolbar\IE\4.0.2\deALiotoolbarie.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Search Settings
c:\program files\Search Settings\SeARchsettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\windows\system32\driVERs\qobkcpjj.sys
c:\windows\system32\fjhdyfhsn.bat
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_qobkcpjj
-------\Service_qobkcpjj
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-26 do 2011-05-26 )))))))))))))))))))))))))))))))
.
.
2011-05-25 17:15 . 2011-05-25 17:15 -------- d-----w- c:\program files\trend micro
2011-05-25 17:15 . 2011-05-25 17:15 -------- d-----w- C:\rsit
2011-05-25 15:55 . 2011-05-26 17:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-05-24 18:30 . 2011-05-26 17:27 -------- d-----w- c:\program files\Eset
2011-05-22 18:08 . 2011-05-22 18:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-22 09:14 . 2011-05-22 09:14 -------- d-----r- C:\AHCache
2011-05-15 16:15 . 2011-05-15 16:15 -------- d--h--r- c:\documents and settings\All Users\Data aplikací\Atheros
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
[-] 2008-11-10 . E9046FF3850218360A150A58C57A0223 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
c:\windows\System32\wuauclt.exe ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 15:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2008-11-10 28672]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2008-11-10 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2008-11-10 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2008-11-10 118784]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 14396416]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-03-09 139264]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-28 2757512]
"TrayServer"="c:\progra~1\MAGIX\MOVIE_~1\TrayServer.exe" [2008-11-13 90112]
"TWCU"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2010-06-21 561263]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2008-11-10 123904]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [10.11.2008 22:45 25067]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4.4.2010 11:13 163280]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.4.2010 11:13 19024]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [17.7.2009 15:32 3576320]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [10.11.2008 22:48 15896]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [15.5.2011 18:14 1756384]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [6.6.2010 20:23 1527900]
S3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [8.4.2005 10:46 162176]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-05-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 15:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ask.com?o=15187&l=dis
uInternet Settings,ProxyServer = http=127.0.0.1:55273
TCP: {A81ABA1E-41D8-439C-898A-BFED96D12050} = 10.0.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-SBDrvDet - c:\program files\Creative\SB Drive Det\SBDrvDet.exe
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
HKLM-Run-nod32kui - c:\program files\Eset\nod32kui.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-26 19:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-179605362-1177238915-500\Software\SecuROM\License information*]
"datasecu"=hex:9b,eb,83,d9,f6,ef,1e,a0,ec,61,6d,ad,19,1f,31,3d,f6,7e,62,f4,91,
39,03,83,fd,cf,89,53,75,8f,de,b9,f1,20,d7,11,a2,18,bc,cc,d5,3b,60,f6,5c,d7,\
"rkeysecu"=hex:31,49,d7,e2,10,45,57,43,89,4a,3c,f3,9d,df,44,c6
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3880)
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\acs.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-05-26 19:59:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-26 17:59
.
Před spuštěním: Volných bajtů: 18 463 006 720
Po spuštění: Volných bajtů: 20 563 283 968
.
- - End Of File - - 0B7F088021CAD4C26DA51DD1A35DB223

Předem děkuji za radu.

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Posílám nový log z Combofixu po provedení korekcí. Prosím o kontrolu. Děkuji.

ComboFix 11-05-27.02 - Administrator 28.05.2011 7:50.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.559 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-28 do 2011-05-28 )))))))))))))))))))))))))))))))
.
.
2011-05-25 17:15 . 2011-05-25 17:15 -------- d-----w- c:\program files\trend micro
2011-05-25 17:15 . 2011-05-25 17:15 -------- d-----w- C:\rsit
2011-05-25 15:55 . 2011-05-26 17:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-05-24 18:30 . 2011-05-26 17:27 -------- d-----w- c:\program files\Eset
2011-05-22 18:08 . 2011-05-22 18:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-22 09:14 . 2011-05-22 09:14 -------- d-----r- C:\AHCache
2011-05-15 16:15 . 2011-05-15 16:15 -------- d--h--r- c:\documents and settings\All Users\Data aplikací\Atheros
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
[-] 2008-11-10 . E9046FF3850218360A150A58C57A0223 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
c:\windows\System32\wuauclt.exe ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2008-11-10 28672]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2008-11-10 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2008-11-10 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2008-11-10 118784]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 14396416]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-03-09 139264]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-28 2757512]
"TrayServer"="c:\progra~1\MAGIX\MOVIE_~1\TrayServer.exe" [2008-11-13 90112]
"TWCU"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2010-06-21 561263]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2008-11-10 123904]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [10.11.2008 22:45 25067]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4.4.2010 11:13 163280]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [8.1.2010 0:51 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.4.2010 11:13 19024]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [17.7.2009 15:32 3576320]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [10.11.2008 22:48 15896]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [15.5.2011 18:14 1756384]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [6.6.2010 20:23 1527900]
S3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [8.4.2005 10:46 162176]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ask.com?o=15187&l=dis
uInternet Settings,ProxyServer = http=127.0.0.1:55273
TCP: DhcpNameServer = 192.168.10.1 0.0.0.0 0.0.0.0
TCP: Interfaces\{A81ABA1E-41D8-439C-898A-BFED96D12050}: NameServer = 10.0.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-28 07:53
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-179605362-1177238915-500\Software\SecuROM\License information*]
"datasecu"=hex:9b,eb,83,d9,f6,ef,1e,a0,ec,61,6d,ad,19,1f,31,3d,f6,7e,62,f4,91,
39,03,83,fd,cf,89,53,75,8f,de,b9,f1,20,d7,11,a2,18,bc,cc,d5,3b,60,f6,5c,d7,\
"rkeysecu"=hex:31,49,d7,e2,10,45,57,43,89,4a,3c,f3,9d,df,44,c6
.
Celkový čas: 2011-05-28 07:55:23
ComboFix-quarantined-files.txt 2011-05-28 05:55
ComboFix2.txt 2011-05-26 17:59
.
Před spuštěním: Volných bajtů: 21 862 096 896
Po spuštění: Volných bajtů: 21 858 451 456
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff
[spybotsd]
timeout.old=30
.
- - End Of File - - 204C93BC7A9292E5F2FF3B7624200399

Log již vypadá čistý. Nastala nějaká změna?

Dobrý den,

mockrát Vám děkuji za pomoc. Zdá se, že už všechno jede tak, jak má. Ještě jednou vřelé díky. Ať se Vám daří.

Nemáte zač a já děkuji za přání!

VIRY.CZ

Prosba o pomoc

Prosba o pomoc

Re: Prosba o pomoc

Re: Prosba o pomoc

Re: Prosba o pomoc

Re: Prosba o pomoc

Re: Prosba o pomoc

Re: Prosba o pomoc

Re: Prosba o pomoc