VIRY.CZ

Prosím, prosím, potřebovala bych pomoct. V PC se moc nevyznám, ale potřebovala bych radu, co s tím.
Po provedení kontroly počítače v protokolu napíše, že byl nalezen vir v operační paměti, který nelze vyléčit. Je nějaká možnost se toho zbavit?
Děkuju za pomoc.

Zdravim a pekny vecer preji

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Doufám, že jsem vše udělala jak jsem měla, vysledek předávám:

22:55:22.0250 3648 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
22:55:22.0312 3648 ============================================================
22:55:22.0312 3648 Current date / time: 2012/02/09 22:55:22.0312
22:55:22.0312 3648 SystemInfo:
22:55:22.0312 3648
22:55:22.0312 3648 OS Version: 5.1.2600 ServicePack: 3.0
22:55:22.0312 3648 Product type: Workstation
22:55:22.0312 3648 ComputerName: INTELCELERONDUA
22:55:22.0312 3648 UserName: Windows XP
22:55:22.0312 3648 Windows directory: C:\WINDOWS
22:55:22.0312 3648 System windows directory: C:\WINDOWS
22:55:22.0312 3648 Processor architecture: Intel x86
22:55:22.0312 3648 Number of processors: 2
22:55:22.0312 3648 Page size: 0x1000
22:55:22.0312 3648 Boot type: Normal boot
22:55:22.0312 3648 ============================================================
22:55:24.0281 3648 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:55:24.0281 3648 \Device\Harddisk0\DR0:
22:55:24.0281 3648 MBR used
22:55:24.0281 3648 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
22:55:24.0281 3648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x190DA4F5
22:55:24.0359 3648 Initialize success
22:55:24.0359 3648 ============================================================
22:56:06.0812 1560 ============================================================
22:56:06.0812 1560 Scan started
22:56:06.0812 1560 Mode: Manual; SigCheck; TDLFS;
22:56:06.0812 1560 ============================================================
22:56:06.0968 1560 Abiosdsk - ok
22:56:06.0984 1560 abp480n5 - ok
22:56:07.0015 1560 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:56:08.0015 1560 ACPI - ok
22:56:08.0093 1560 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:56:08.0218 1560 ACPIEC - ok
22:56:08.0234 1560 adpu160m - ok
22:56:08.0281 1560 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:56:08.0390 1560 aec - ok
22:56:08.0421 1560 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:56:08.0484 1560 AFD - ok
22:56:08.0500 1560 Aha154x - ok
22:56:08.0500 1560 aic78u2 - ok
22:56:08.0531 1560 aic78xx - ok
22:56:08.0546 1560 AliIde - ok
22:56:08.0546 1560 amsint - ok
22:56:08.0562 1560 asc - ok
22:56:08.0562 1560 asc3350p - ok
22:56:08.0578 1560 asc3550 - ok
22:56:08.0609 1560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:56:08.0718 1560 AsyncMac - ok
22:56:08.0750 1560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:56:08.0859 1560 atapi - ok
22:56:08.0875 1560 Atdisk - ok
22:56:08.0937 1560 ati2mtag (b2580f3de6a4e84060f8073df2ca0951) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:56:09.0031 1560 ati2mtag - ok
22:56:09.0078 1560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:56:09.0171 1560 Atmarpc - ok
22:56:09.0187 1560 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:56:09.0296 1560 audstub - ok
22:56:09.0328 1560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:56:09.0437 1560 Beep - ok
22:56:09.0468 1560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:56:09.0593 1560 cbidf2k - ok
22:56:09.0609 1560 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:56:09.0703 1560 CCDECODE - ok
22:56:09.0703 1560 cd20xrnt - ok
22:56:09.0718 1560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:56:09.0843 1560 Cdaudio - ok
22:56:09.0843 1560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:56:09.0953 1560 Cdfs - ok
22:56:09.0968 1560 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:56:10.0062 1560 Cdrom - ok
22:56:10.0078 1560 Changer - ok
22:56:10.0093 1560 CmdIde - ok
22:56:10.0109 1560 Cpqarray - ok
22:56:10.0125 1560 dac2w2k - ok
22:56:10.0125 1560 dac960nt - ok
22:56:10.0140 1560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:56:10.0234 1560 Disk - ok
22:56:10.0265 1560 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
22:56:10.0390 1560 dmboot - ok
22:56:10.0406 1560 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
22:56:10.0515 1560 dmio - ok
22:56:10.0515 1560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:56:10.0640 1560 dmload - ok
22:56:10.0656 1560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:56:10.0750 1560 DMusic - ok
22:56:10.0765 1560 dpti2o - ok
22:56:10.0781 1560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:56:10.0875 1560 drmkaud - ok
22:56:10.0906 1560 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
22:56:10.0953 1560 eamon - ok
22:56:10.0984 1560 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
22:56:11.0000 1560 ehdrv - ok
22:56:11.0015 1560 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
22:56:11.0015 1560 epfwtdir - ok
22:56:11.0046 1560 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:56:11.0156 1560 Fastfat - ok
22:56:11.0171 1560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:56:11.0265 1560 Fdc - ok
22:56:11.0281 1560 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
22:56:11.0375 1560 Fips - ok
22:56:11.0390 1560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:56:11.0500 1560 Flpydisk - ok
22:56:11.0515 1560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:56:11.0625 1560 FltMgr - ok
22:56:11.0640 1560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:56:11.0750 1560 Fs_Rec - ok
22:56:11.0750 1560 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:56:11.0859 1560 Ftdisk - ok
22:56:11.0875 1560 GMSIPCI - ok
22:56:11.0875 1560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:56:11.0968 1560 Gpc - ok
22:56:12.0000 1560 Hardlock (d64a40b94602158e40527ae95e7a9193) C:\WINDOWS\system32\drivers\hardlock.sys
22:56:12.0046 1560 Hardlock - ok
22:56:12.0078 1560 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:56:12.0093 1560 HDAudBus ( UnsignedFile.Multi.Generic ) - warning
22:56:12.0093 1560 HDAudBus - detected UnsignedFile.Multi.Generic (1)
22:56:12.0109 1560 hpn - ok
22:56:12.0156 1560 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:56:12.0203 1560 HPZid412 - ok
22:56:12.0218 1560 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:56:12.0234 1560 HPZipr12 - ok
22:56:12.0250 1560 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:56:12.0296 1560 HPZius12 - ok
22:56:12.0328 1560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:56:12.0359 1560 HTTP - ok
22:56:12.0375 1560 i2omgmt - ok
22:56:12.0375 1560 i2omp - ok
22:56:12.0421 1560 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:56:12.0531 1560 i8042prt - ok
22:56:12.0546 1560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:56:12.0640 1560 Imapi - ok
22:56:12.0656 1560 ini910u - ok
22:56:12.0750 1560 IntcAzAudAddService (1367a51bb535d2f76f642d4aade72aee) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:56:12.0890 1560 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - warning
22:56:12.0890 1560 IntcAzAudAddService - detected UnsignedFile.Multi.Generic (1)
22:56:12.0890 1560 IntelIde - ok
22:56:12.0906 1560 intelppm (27b290d632af2cf3cf40bfddb7370985) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:56:13.0000 1560 intelppm - ok
22:56:13.0015 1560 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:56:13.0125 1560 ip6fw - ok
22:56:13.0125 1560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:56:13.0234 1560 IpFilterDriver - ok
22:56:13.0234 1560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:56:13.0343 1560 IpInIp - ok
22:56:13.0359 1560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:56:13.0468 1560 IpNat - ok
22:56:13.0500 1560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:56:13.0593 1560 IPSec - ok
22:56:13.0625 1560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:56:13.0703 1560 IRENUM - ok
22:56:13.0750 1560 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:56:13.0843 1560 isapnp - ok
22:56:13.0859 1560 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:56:13.0953 1560 Kbdclass - ok
22:56:13.0968 1560 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:56:14.0078 1560 kmixer - ok
22:56:14.0093 1560 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:56:14.0140 1560 KSecDD - ok
22:56:14.0156 1560 lbrtfdc - ok
22:56:14.0203 1560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:56:14.0312 1560 mnmdd - ok
22:56:14.0328 1560 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
22:56:14.0421 1560 Modem - ok
22:56:14.0437 1560 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:56:14.0531 1560 Mouclass - ok
22:56:14.0546 1560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:56:14.0640 1560 MountMgr - ok
22:56:14.0671 1560 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
22:56:14.0765 1560 MPE - ok
22:56:14.0765 1560 mraid35x - ok
22:56:14.0781 1560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:56:14.0875 1560 MRxDAV - ok
22:56:14.0906 1560 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:56:14.0968 1560 MRxSmb - ok
22:56:14.0984 1560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:56:15.0078 1560 Msfs - ok
22:56:15.0078 1560 MSICPL - ok
22:56:15.0140 1560 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\Program Files\MSI\Live Update 5\msibios32_100507.sys
22:56:15.0171 1560 MSI_MSIBIOS_010507 - ok
22:56:15.0187 1560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:56:15.0296 1560 MSKSSRV - ok
22:56:15.0296 1560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:56:15.0390 1560 MSPCLOCK - ok
22:56:15.0406 1560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:56:15.0500 1560 MSPQM - ok
22:56:15.0531 1560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:56:15.0625 1560 mssmbios - ok
22:56:15.0640 1560 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:56:15.0750 1560 MSTEE - ok
22:56:15.0781 1560 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:56:15.0812 1560 Mup - ok
22:56:15.0828 1560 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:56:15.0921 1560 NABTSFEC - ok
22:56:15.0953 1560 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:56:16.0046 1560 NDIS - ok
22:56:16.0093 1560 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:56:16.0187 1560 NdisIP - ok
22:56:16.0218 1560 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:56:16.0234 1560 NdisTapi - ok
22:56:16.0250 1560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:56:16.0343 1560 Ndisuio - ok
22:56:16.0375 1560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:56:16.0468 1560 NdisWan - ok
22:56:16.0500 1560 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:56:16.0531 1560 NDProxy - ok
22:56:16.0546 1560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:56:16.0656 1560 NetBIOS - ok
22:56:16.0671 1560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:56:16.0765 1560 NetBT - ok
22:56:16.0781 1560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:56:16.0875 1560 Npfs - ok
22:56:16.0890 1560 NTACCESS - ok
22:56:16.0921 1560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:56:17.0031 1560 Ntfs - ok
22:56:17.0093 1560 NTIOLib_1_0_4 (cd2166c9511d336a058cde91778aaa69) C:\Program Files\MSI\Live Update 5\NTIOLib.sys
22:56:17.0109 1560 NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - warning
22:56:17.0109 1560 NTIOLib_1_0_4 - detected UnsignedFile.Multi.Generic (1)
22:56:17.0125 1560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:56:17.0234 1560 Null - ok
22:56:17.0265 1560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:56:17.0375 1560 NwlnkFlt - ok
22:56:17.0375 1560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:56:17.0484 1560 NwlnkFwd - ok
22:56:17.0515 1560 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
22:56:17.0609 1560 Parport - ok
22:56:17.0625 1560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:56:17.0734 1560 PartMgr - ok
22:56:17.0750 1560 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
22:56:17.0859 1560 ParVdm - ok
22:56:17.0890 1560 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
22:56:18.0000 1560 PCI - ok
22:56:18.0000 1560 PCIDump - ok
22:56:18.0015 1560 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:56:18.0140 1560 PCIIde - ok
22:56:18.0156 1560 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:56:18.0250 1560 Pcmcia - ok
22:56:18.0281 1560 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
22:56:18.0281 1560 pcouffin ( UnsignedFile.Multi.Generic ) - warning
22:56:18.0281 1560 pcouffin - detected UnsignedFile.Multi.Generic (1)
22:56:18.0296 1560 PDCOMP - ok
22:56:18.0296 1560 PDFRAME - ok
22:56:18.0312 1560 PDRELI - ok
22:56:18.0312 1560 PDRFRAME - ok
22:56:18.0328 1560 perc2 - ok
22:56:18.0343 1560 perc2hib - ok
22:56:18.0375 1560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:56:18.0468 1560 PptpMiniport - ok
22:56:18.0484 1560 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
22:56:18.0578 1560 Processor - ok
22:56:18.0578 1560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:56:18.0671 1560 PSched - ok
22:56:18.0687 1560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:56:18.0796 1560 Ptilink - ok
22:56:18.0796 1560 ql1080 - ok
22:56:18.0812 1560 Ql10wnt - ok
22:56:18.0812 1560 ql12160 - ok
22:56:18.0828 1560 ql1240 - ok
22:56:18.0828 1560 ql1280 - ok
22:56:18.0843 1560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:56:18.0937 1560 RasAcd - ok
22:56:18.0968 1560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:56:19.0062 1560 Rasl2tp - ok
22:56:19.0078 1560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:56:19.0187 1560 RasPppoe - ok
22:56:19.0203 1560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:56:19.0296 1560 Raspti - ok
22:56:19.0312 1560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:56:19.0406 1560 Rdbss - ok
22:56:19.0421 1560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:56:19.0515 1560 RDPCDD - ok
22:56:19.0546 1560 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:56:19.0640 1560 rdpdr - ok
22:56:19.0687 1560 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:56:19.0703 1560 RDPWD - ok
22:56:19.0734 1560 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:56:19.0828 1560 redbook - ok
22:56:19.0859 1560 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
22:56:19.0937 1560 RTL8023xp - ok
22:56:19.0968 1560 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:56:20.0046 1560 rtl8139 - ok
22:56:20.0062 1560 RTLE8023xp (d3578c3806ed545e5c36b2a20f5c0b5a) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:56:20.0078 1560 RTLE8023xp - ok
22:56:20.0109 1560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:56:20.0375 1560 Secdrv - ok
22:56:20.0390 1560 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:56:20.0484 1560 serenum - ok
22:56:20.0500 1560 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
22:56:20.0593 1560 Serial - ok
22:56:20.0625 1560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:56:20.0718 1560 Sfloppy - ok
22:56:20.0734 1560 Simbad - ok
22:56:20.0750 1560 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:56:20.0843 1560 SLIP - ok
22:56:20.0859 1560 Sparrow - ok
22:56:20.0875 1560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:56:20.0968 1560 splitter - ok
22:56:21.0015 1560 sptd (4f576e516cc76ec50a244586bcfa1c78) C:\WINDOWS\system32\Drivers\sptd.sys
22:56:21.0015 1560 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4f576e516cc76ec50a244586bcfa1c78
22:56:21.0015 1560 sptd ( LockedFile.Multi.Generic ) - warning
22:56:21.0015 1560 sptd - detected LockedFile.Multi.Generic (1)
22:56:21.0015 1560 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
22:56:21.0125 1560 sr - ok
22:56:21.0140 1560 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:56:21.0171 1560 Srv - ok
22:56:21.0187 1560 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:56:21.0281 1560 streamip - ok
22:56:21.0296 1560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:56:21.0390 1560 swenum - ok
22:56:21.0406 1560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:56:21.0531 1560 swmidi - ok
22:56:21.0531 1560 symc810 - ok
22:56:21.0546 1560 symc8xx - ok
22:56:21.0546 1560 sym_hi - ok
22:56:21.0562 1560 sym_u3 - ok
22:56:21.0578 1560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:56:21.0687 1560 sysaudio - ok
22:56:21.0734 1560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:56:21.0781 1560 Tcpip - ok
22:56:21.0812 1560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:56:21.0921 1560 TDPIPE - ok
22:56:21.0937 1560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:56:22.0031 1560 TDTCP - ok
22:56:22.0046 1560 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:56:22.0156 1560 TermDD - ok
22:56:22.0171 1560 TosIde - ok
22:56:22.0187 1560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:56:22.0281 1560 Udfs - ok
22:56:22.0296 1560 ultra - ok
22:56:22.0328 1560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:56:22.0437 1560 Update - ok
22:56:22.0468 1560 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:56:22.0562 1560 usbccgp - ok
22:56:22.0593 1560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:56:22.0687 1560 usbehci - ok
22:56:22.0734 1560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:56:22.0828 1560 usbhub - ok
22:56:22.0843 1560 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:56:22.0937 1560 usbprint - ok
22:56:22.0968 1560 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:56:23.0062 1560 usbscan - ok
22:56:23.0078 1560 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:56:23.0171 1560 USBSTOR - ok
22:56:23.0203 1560 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:56:23.0296 1560 usbuhci - ok
22:56:23.0328 1560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:56:23.0437 1560 VgaSave - ok
22:56:23.0437 1560 ViaIde - ok
22:56:23.0453 1560 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
22:56:23.0546 1560 VolSnap - ok
22:56:23.0578 1560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:56:23.0687 1560 Wanarp - ok
22:56:23.0687 1560 WDICA - ok
22:56:23.0703 1560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:56:23.0796 1560 wdmaud - ok
22:56:23.0843 1560 WFLR6654 (ea53419ddde9e0a39ccbf83edb5cd4bd) C:\WINDOWS\system32\drivers\wfeaglxt.sys
22:56:23.0859 1560 WFLR6654 ( UnsignedFile.Multi.Generic ) - warning
22:56:23.0859 1560 WFLR6654 - detected UnsignedFile.Multi.Generic (1)
22:56:23.0906 1560 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:56:24.0000 1560 WSTCODEC - ok
22:56:24.0031 1560 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:56:24.0078 1560 WudfPf - ok
22:56:24.0093 1560 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:56:24.0109 1560 WudfRd - ok
22:56:24.0140 1560 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
22:56:24.0359 1560 \Device\Harddisk0\DR0 - ok
22:56:24.0359 1560 Boot (0x1200) (ae75677e36d0ab66003c109085411dae) \Device\Harddisk0\DR0\Partition0
22:56:24.0359 1560 \Device\Harddisk0\DR0\Partition0 - ok
22:56:24.0375 1560 Boot (0x1200) (4e1c502138abf9f5bab8d1f659953e25) \Device\Harddisk0\DR0\Partition1
22:56:24.0375 1560 \Device\Harddisk0\DR0\Partition1 - ok
22:56:24.0375 1560 ============================================================
22:56:24.0375 1560 Scan finished
22:56:24.0375 1560 ============================================================
22:56:24.0515 0316 Detected object count: 6
22:56:24.0515 0316 Actual detected object count: 6
22:56:45.0296 0316 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:45.0296 0316 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:56:45.0312 0316 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:45.0312 0316 IntcAzAudAddService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:56:45.0312 0316 NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:45.0312 0316 NTIOLib_1_0_4 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:56:45.0312 0316 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:45.0312 0316 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:56:45.0312 0316 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:56:45.0312 0316 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:56:45.0312 0316 WFLR6654 ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:45.0312 0316 WFLR6654 ( UnsignedFile.Multi.Generic ) - User select action: Skip

OK, byly vsude automaticky moznosti Skip

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller ... r_TEST.exe

Jedna se o testovaci verzi prelozeneho RK - proto je v nazvu ten TEST v navodu nize jsou i anglicke nazvy prikazu kdyby CZ nefungovala
Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

Tady to je:

RogueKiller V7.0.4 [02/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v: Normální režim
Uživatel: Windows XP [Práva Správce]
Mode: Kontrola -- Date : 02/09/2012 23:09:32

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NENAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST3320418AS +++++
--- User ---
[MBR] f891496357d9077a719b55921bfc9886
[BSP] 35e2f9c7568ab8d3f5dc6ec7890879ef : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204796620 | Size: 205236 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

vytecne, dekuji za test...zatim TDSS ani RK nakazu nedetekuji

Jaky nazev viru NOD hlasi

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Další úkol splněn (aspoň doufám):

ComboFix 12-02-09.04 - Windows XP 09.02.2012 23:22:47.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1536 [GMT 1:00]
Spuštěný z: d:\stahovane soubory\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Windows XP\WINDOWS
c:\program files\DaemonTools_WhenUSave_Installer
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Dvbpws.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACTIVE_COMMON_SERVICE
-------\Legacy_WINTRUST32
-------\Service_Active Common Service
-------\Service_WinTrust32
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-09 do 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-09 21:44 . 2012-02-09 21:45 -------- d-----w- C:\rsit
2012-02-09 21:44 . 2012-02-09 21:45 -------- d-----w- c:\program files\trend micro
2012-02-09 20:50 . 2012-02-09 20:50 -------- d-----w- c:\program files\ESET
2012-02-05 16:11 . 2012-02-09 20:54 -------- d-----w- c:\documents and settings\Windows XP\Data aplikací\Tuxa
2012-02-05 16:11 . 2012-02-09 20:48 -------- d-----w- c:\documents and settings\Windows XP\Data aplikací\Egyt
2012-02-03 15:03 . 2012-02-03 15:03 -------- d-----w- c:\documents and settings\Windows XP\Local Settings\Data aplikací\Identities
2012-01-13 09:52 . 2012-02-04 16:47 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-13 09:52 . 2012-02-04 16:47 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-13 09:52 . 2012-02-04 16:47 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-13 09:52 . 2012-02-04 16:47 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2002-09-20 16:05 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2002-09-20 15:41 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2002-09-20 16:05 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2002-09-20 16:05 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2002-09-20 16:04 152064 ----a-w- c:\windows\system32\schannel.dll
2012-02-04 16:47 . 2011-10-29 13:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2008-10-02 2916352]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2008-10-24 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, OhmidxeLxadt.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Windows XP^Nabídka Start^Programy^Po spuštění^Reminder-cor40212.lnk]
path=c:\documents and settings\Windows XP\Nabídka Start\Programy\Po spuštění\Reminder-cor40212.lnk
backup=c:\windows\pss\Reminder-cor40212.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-04-03 22:29 165784 ----a-w- c:\programy\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 21:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Live Update 5]
2011-11-07 16:40 1858064 ----a-w- c:\program files\MSI\Live Update 5\LU5.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-12-11 08:56 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Hry\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"d:\\Hry\\Warcraft III\\Warcraft III.exe"=
"d:\\Hry\\Warcraft III\\War3.exe"=
"d:\\Hry\\Revistronic\\ToonCar\\ToonCar.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17718:UDP"= 17718:UDP:UDP 17718
"27249:TCP"= 27249:TCP:TCP 27249
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.10.2011 16:23 682232]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [29.10.2011 14:55 47360]
R3 WFLR6654;WinFast DTV2000 H Plus (XC4000);c:\windows\system32\drivers\wfeaglxt.sys [29.10.2011 12:33 434176]
S2 DirectX common;DirectX common;c:\windows\system32\dxwizard.exe --> c:\windows\system32\dxwizard.exe [?]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [19.11.2011 10:48 25912]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [19.11.2011 10:48 7680]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Windows XP\Data aplikací\Mozilla\Firefox\Profiles\coc2w4jb.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Moorhuhn 2 V1.1 - c:\windows\IsUn0407.exe
AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-09 23:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2296)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
.
**************************************************************************
.
Celkový čas: 2012-02-09 23:29:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-09 22:29
.
Před spuštěním: Volných bajtů: 91 438 022 656
Po spuštění: Volných bajtů: 91 317 698 560
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 1EFCB8943C341F9A3F4725D3EC5C7DD0

A ten název viru je v explorer.exe(1864) - varianta infiltrace Win32/Spy.Zbot.AAN trojský kůň - takhle to stojí v protokolu. Zapoměla sem napsat, pardon

POhoda, nic se nedeje

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

Ulozte nejlepe na plochu
Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Report
Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

Zdravím, už jsem na přímu. Tady je další scan.

Kód: Vybrat vše

MBRScan v1.1.0

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 6 Model 15 Stepping 13, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/02/10 (ISO 8601) at 09:19:14
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST3320418AS (Ě4)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	298.1 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : F891496357D9077A719B55921BFC9886
MBR_SHA1  : 32BEB7F6CB2058A971FE6E69B193CA6AFAB770B4

Device\Harddisk0\Partition1	97.65 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	200.4 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\WINDOWS\System32\Drivers\a8ae3eb9.SYS => Invisible on the disk
ADDRESS : 0xB9490000
SIZE    : 408.0 Ko

DRIVER  : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xABC31000
SIZE    : 96.0 Ko

DRIVER  : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xBA5F8000
SIZE    : 8.0 Ko

DRIVER  : \Programy\DAEMON Tools\daemon.dll => LOCKED!
ADDRESS : 0x10000000
SIZE    : 892.0 Ko

SystemStartOptions : FASTDETECT  NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C   2ä.V.Í.ëÖaùÃNepl
0x00000130   61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64   atn. tabulka odd
0x00000140   A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61   ¡l..Chyba pýi na
0x00000150   9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68   .¡t.n¡ opera.n¡h
0x00000160   6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F   o syst.mu.Opera.
0x00000170   6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65   n¡ syst.m nenale
0x00000180   7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00   zen.............
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A 0B A9 0B A9 00 00 80 01   .....,Dj.©.©....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 8D F2 34 0C 00 00   ...þ..?....ò4...
0x000001D0   C1 FF 0F FE FF FF CC F2 34 0C 34 A5 0D 19 00 00   Á..þ..Ìò4.4¥....
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Synchronizer.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Live Update 5]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17718:UDP"=-
"27249:TCP"= -

ClearJavaCache::

AtJob::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Omlouvám se za zpoždění, ale chodím do práce. Tak jsem, doufám, vykonala, co jste napsal. Pokud jsem něco udělal špatně, pokusím se zlepšit

Jinak Vám moc děkuju, že se mi věnujete.

ComboFix 12-02-09.04 - Windows XP 11.02.2012 9:54.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1521 [GMT 1:00]
Spuštěný z: c:\documents and settings\All Users\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Windows XP\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Dvbpws.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-11 do 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-09 21:44 . 2012-02-09 21:45 -------- d-----w- C:\rsit
2012-02-09 21:44 . 2012-02-09 21:45 -------- d-----w- c:\program files\trend micro
2012-02-09 20:50 . 2012-02-09 20:50 -------- d-----w- c:\program files\ESET
2012-02-05 16:11 . 2012-02-09 20:54 -------- d-----w- c:\documents and settings\Windows XP\Data aplikací\Tuxa
2012-02-05 16:11 . 2012-02-09 20:48 -------- d-----w- c:\documents and settings\Windows XP\Data aplikací\Egyt
2012-02-03 15:03 . 2012-02-03 15:03 -------- d-----w- c:\documents and settings\Windows XP\Local Settings\Data aplikací\Identities
2012-01-13 09:52 . 2012-02-04 16:47 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-13 09:52 . 2012-02-04 16:47 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-13 09:52 . 2012-02-04 16:47 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-13 09:52 . 2012-02-04 16:47 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2002-09-20 16:05 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2002-09-20 15:41 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2002-09-20 16:05 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2002-09-20 16:05 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2002-09-20 16:04 152064 ----a-w- c:\windows\system32\schannel.dll
2012-02-04 16:47 . 2011-10-29 13:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2008-10-02 2916352]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2008-10-24 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, OhmidxeLxadt.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Windows XP^Nabídka Start^Programy^Po spuštění^Reminder-cor40212.lnk]
path=c:\documents and settings\Windows XP\Nabídka Start\Programy\Po spuštění\Reminder-cor40212.lnk
backup=c:\windows\pss\Reminder-cor40212.lnkStartup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Hry\\Codemasters\\Worms 4 Mayhem\\WORMS 4 MAYHEM.EXE"=
"d:\\Hry\\Warcraft III\\Warcraft III.exe"=
"d:\\Hry\\Warcraft III\\War3.exe"=
"d:\\Hry\\Revistronic\\ToonCar\\ToonCar.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.10.2011 16:23 682232]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [29.10.2011 14:55 47360]
R3 WFLR6654;WinFast DTV2000 H Plus (XC4000);c:\windows\system32\drivers\wfeaglxt.sys [29.10.2011 12:33 434176]
S2 DirectX common;DirectX common;c:\windows\system32\dxwizard.exe --> c:\windows\system32\dxwizard.exe [?]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [19.11.2011 10:48 25912]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [19.11.2011 10:48 7680]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Windows XP\Data aplikací\Mozilla\Firefox\Profiles\coc2w4jb.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 09:58
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3440)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
.
**************************************************************************
.
Celkový čas: 2012-02-11 10:00:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-11 09:00
ComboFix2.txt 2012-02-09 22:29
.
Před spuštěním: Volných bajtů: 91 309 563 904
Po spuštění: Volných bajtů: 91 291 533 312
.
- - End Of File - - EC7F6CF6A005E43C0F50DAB4917A8E81

Neni zac se omlouvat, i ja mel dnes nejake povinnosti

Udelano bylo dobre

Jeste si dame jeden krok

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

:files
OhmidxeLxadt.dll /s
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

V C jsem to nenašla, tak jsem chtěla OTM spustit znovu a vyskočilo na mě toto:

All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\"SecurityProviders"|"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /E : value set successfully!
========== FILES ==========
File/Folder OhmidxeLxadt.dll not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\002316_.tmp moved successfully.
C:\WINDOWS\005234_.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SETA.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Windows XP
->Temp folder emptied: 587193 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->FireFox cache emptied: 50597266 bytes
->Flash cache emptied: 2842 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5623 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 49,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Windows XP

Pokud to není ono, dejte vědět a já to zkusím nějak najít

Duverujte si trosku, mate to dobre

Co nas pacient

VIRY.CZ

NOD mi hlásí vir v operační paměti

NOD mi hlásí vir v operační paměti

Re: NOD mi hlásí vir v operační paměti

Re: NOD mi hlásí vir v operační paměti

Re: NOD mi hlásí vir v operační paměti

Re: NOD mi hlásí vir v operační paměti

Re: NOD mi hlásí vir v operační paměti

Re: NOD mi hlásí vir v operační paměti

Re: NOD mi hlásí vir v operační paměti

Re: NOD mi hlásí vir v operační paměti

Re: NOD mi hlásí vir v operační paměti

Re: NOD mi hlásí vir v operační paměti

Re: NOD mi hlásí vir v operační paměti

Re: NOD mi hlásí vir v operační paměti

Re: NOD mi hlásí vir v operační paměti

Re: NOD mi hlásí vir v operační paměti