Prosím poraďte, jak se zbavím tohodle viru
Napsal: 16 úno 2012 14:20
Dobrý den.
Před pár dny mi neznámá osoba na jednom z messangerů poslala odkaz. Klikla jsem na něj a jelikož mám Google chrome ten soubor v odkaze se mi stáhl automaticky. Soubor se mi zdál podezřelý a tak jsem ho prověřila Microsoftem Security Essentials - žádný virus to neobjevilo a tak jsem soubor otevřela. Nic se neobjevilo ale asi tak za deset sekund se mi stalo něco jako když se používá Teamviewer = prostě mi ta neznámá osoba hýbala s myší, napsala některým lidem na skype zprávu- na stejný odkaz ( ten vir,který jsem stáhla já) , tuto zprávu jsem však neobjevila v historii. Poté mi Microsoft Security Essentials oznámil, že nalezl vir, dala jsem "opravit/zastavit průběh viru" . Přesto se obávám, že je tento virus nebezpečná a, že se může stále jestě někde ukrývat v počítači. Prosím o radu co mám dělat. Bojím se že mi to zlikviduje počítač
. Děkuji.
Tady je log (prosím o kontrolu) :
Logfile of random's system information tool 1.09 (written by random/random)
Run by raigi at 2012-02-15 17:22:29
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 8 GB (16%) free of 50 GB
Total RAM: 4095 MB (56% free)
======Scheduled tasks folder======
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2012-01-17 281600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2012-01-17 281600]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-03-03 98304]
"jmekey"=C:\Program Files (x86)\jmesoft\hotkey.exe [2009-07-16 114688]
"Healthcare"=C:\Program Files\Lenovo\HealthCare\HealthCare.exe [2009-09-28 827392]
"CLMLServer"=C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [2009-06-04 103720]
"UpdateP2GoShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"PlusService"=C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [2011-10-24 801792]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"NokiaMServer"=C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2010-11-10 4240760]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 17351304]
"Intel Display Protocal"=C:\Users\Anýk\Network\igfxdp86.exe [2012-02-14 144896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-02-15 17:21:51 ----D---- C:\Program Files (x86)\trend micro
2012-02-15 17:21:50 ----D---- C:\rsit
2012-02-15 10:12:41 ----A---- C:\windows\SysWOW64\mshtml.dll
2012-02-15 10:12:37 ----A---- C:\windows\SysWOW64\urlmon.dll
2012-02-15 10:12:37 ----A---- C:\windows\SysWOW64\ieframe.dll
2012-02-15 10:12:36 ----A---- C:\windows\SysWOW64\wininet.dll
2012-02-15 10:12:36 ----A---- C:\windows\SysWOW64\msfeeds.dll
2012-02-15 10:12:35 ----A---- C:\windows\SysWOW64\mshtmled.dll
2012-02-15 10:12:35 ----A---- C:\windows\SysWOW64\ieui.dll
2012-02-15 10:12:35 ----A---- C:\windows\SysWOW64\iertutil.dll
2012-02-15 10:12:34 ----A---- C:\windows\SysWOW64\url.dll
2012-02-15 10:12:34 ----A---- C:\windows\SysWOW64\jsproxy.dll
2012-02-15 10:10:28 ----A---- C:\windows\SysWOW64\shell32.dll
2012-02-15 10:10:28 ----A---- C:\windows\SysWOW64\ntshrui.dll
2012-02-15 10:04:33 ----A---- C:\windows\SysWOW64\msvcrt.dll
======List of files/folders modified in the last 1 month======
2012-02-15 17:21:51 ----RD---- C:\Program Files (x86)
2012-02-15 17:21:21 ----D---- C:\windows\Temp
2012-02-15 17:08:36 ----D---- C:\Users\Anýk\AppData\Roaming\Skype
2012-02-15 16:44:38 ----D---- C:\windows\Microsoft.NET
2012-02-15 16:44:35 ----RSD---- C:\windows\assembly
2012-02-15 14:12:36 ----SHD---- C:\System Volume Information
2012-02-15 13:47:09 ----D---- C:\windows\winsxs
2012-02-15 13:45:12 ----D---- C:\windows\SysWOW64
2012-02-15 13:45:12 ----D---- C:\windows\System32
2012-02-15 13:45:10 ----D---- C:\windows\SysWOW64\migration
2012-02-15 13:45:10 ----D---- C:\Program Files (x86)\Internet Explorer
2012-02-15 11:46:58 ----SHD---- C:\windows\Installer
2012-02-15 11:46:51 ----D---- C:\ProgramData\Microsoft Help
2012-02-15 11:44:21 ----D---- C:\windows\inf
2012-02-15 11:39:09 ----D---- C:\windows\Prefetch
2012-02-02 13:41:23 ----HD---- C:\ProgramData
2012-01-27 16:49:59 ----SD---- C:\Users\Anýk\AppData\Roaming\Microsoft
2012-01-19 20:12:04 ----AD---- C:\ProgramData\Temp
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys []
R1 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys []
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver; \??\C:\windows\system32\drivers\DDCDrv.sys [2009-03-02 16200]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atipmdag.sys []
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys []
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\windows\system32\drivers\AtiHdmi.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys []
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\windows\system32\DRIVERS\MpNWMon.sys []
R3 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys []
R3 phaudlwr;Philips Audio Filter; C:\windows\system32\DRIVERS\phaudlwr.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys []
R3 SPC630;Philips SPC630NC PC Camera; C:\windows\system32\drivers\SPC630.sys []
R3 SPC630m;Philips SPC630NC PC Cameram; C:\windows\system32\drivers\SPC630m.sys []
R3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys []
S1 StarOpen;StarOpen; C:\windows\SysWOW64\drivers\StarOpen.sys [2006-07-24 5632]
S3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys []
S3 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr.sys []
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys []
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmbx64.sys []
S3 nmwcdc;Nokia USB Communication Driver; C:\windows\system32\drivers\ccdcmbox64.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys []
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\windows\system32\DRIVERS\Rtnic64.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\windows\System32\drivers\tsusbflt.sys []
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys []
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys []
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys []
S3 WimFltr;WimFltr; C:\windows\system32\DRIVERS\wimfltr.sys []
S3 wsvd;wsvd; C:\windows\system32\DRIVERS\wsvd.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe []
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 103440]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0; C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2010-08-25 49152]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 136176]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 136176]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe []
S3 WMZuneComm;Zune Windows Mobile Connectivity Service; C:\Program Files\Zune\WMZuneComm.exe [2011-08-05 306400]
S3 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2011-08-05 8277728]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\Program Files\Zune\ZuneWlanCfgSvc.exe [2011-08-05 467680]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
-----------------EOF-----------------
Každý den mi antivirus najde ten samý virus , již vím o jaký druh se jedná: http://www.microsoft.com/security/porta ... 2147630011 , množí se to, potřebuji pomoct, jak se toho viru zbavit!
Moc děkuji!
Před pár dny mi neznámá osoba na jednom z messangerů poslala odkaz. Klikla jsem na něj a jelikož mám Google chrome ten soubor v odkaze se mi stáhl automaticky. Soubor se mi zdál podezřelý a tak jsem ho prověřila Microsoftem Security Essentials - žádný virus to neobjevilo a tak jsem soubor otevřela. Nic se neobjevilo ale asi tak za deset sekund se mi stalo něco jako když se používá Teamviewer = prostě mi ta neznámá osoba hýbala s myší, napsala některým lidem na skype zprávu- na stejný odkaz ( ten vir,který jsem stáhla já) , tuto zprávu jsem však neobjevila v historii. Poté mi Microsoft Security Essentials oznámil, že nalezl vir, dala jsem "opravit/zastavit průběh viru" . Přesto se obávám, že je tento virus nebezpečná a, že se může stále jestě někde ukrývat v počítači. Prosím o radu co mám dělat. Bojím se že mi to zlikviduje počítač
. Děkuji.Tady je log (prosím o kontrolu) :
Logfile of random's system information tool 1.09 (written by random/random)
Run by raigi at 2012-02-15 17:22:29
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 8 GB (16%) free of 50 GB
Total RAM: 4095 MB (56% free)
======Scheduled tasks folder======
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2012-01-17 281600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2012-01-17 281600]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-03-03 98304]
"jmekey"=C:\Program Files (x86)\jmesoft\hotkey.exe [2009-07-16 114688]
"Healthcare"=C:\Program Files\Lenovo\HealthCare\HealthCare.exe [2009-09-28 827392]
"CLMLServer"=C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [2009-06-04 103720]
"UpdateP2GoShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"PlusService"=C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [2011-10-24 801792]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"NokiaMServer"=C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2010-11-10 4240760]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 17351304]
"Intel Display Protocal"=C:\Users\Anýk\Network\igfxdp86.exe [2012-02-14 144896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-02-15 17:21:51 ----D---- C:\Program Files (x86)\trend micro
2012-02-15 17:21:50 ----D---- C:\rsit
2012-02-15 10:12:41 ----A---- C:\windows\SysWOW64\mshtml.dll
2012-02-15 10:12:37 ----A---- C:\windows\SysWOW64\urlmon.dll
2012-02-15 10:12:37 ----A---- C:\windows\SysWOW64\ieframe.dll
2012-02-15 10:12:36 ----A---- C:\windows\SysWOW64\wininet.dll
2012-02-15 10:12:36 ----A---- C:\windows\SysWOW64\msfeeds.dll
2012-02-15 10:12:35 ----A---- C:\windows\SysWOW64\mshtmled.dll
2012-02-15 10:12:35 ----A---- C:\windows\SysWOW64\ieui.dll
2012-02-15 10:12:35 ----A---- C:\windows\SysWOW64\iertutil.dll
2012-02-15 10:12:34 ----A---- C:\windows\SysWOW64\url.dll
2012-02-15 10:12:34 ----A---- C:\windows\SysWOW64\jsproxy.dll
2012-02-15 10:10:28 ----A---- C:\windows\SysWOW64\shell32.dll
2012-02-15 10:10:28 ----A---- C:\windows\SysWOW64\ntshrui.dll
2012-02-15 10:04:33 ----A---- C:\windows\SysWOW64\msvcrt.dll
======List of files/folders modified in the last 1 month======
2012-02-15 17:21:51 ----RD---- C:\Program Files (x86)
2012-02-15 17:21:21 ----D---- C:\windows\Temp
2012-02-15 17:08:36 ----D---- C:\Users\Anýk\AppData\Roaming\Skype
2012-02-15 16:44:38 ----D---- C:\windows\Microsoft.NET
2012-02-15 16:44:35 ----RSD---- C:\windows\assembly
2012-02-15 14:12:36 ----SHD---- C:\System Volume Information
2012-02-15 13:47:09 ----D---- C:\windows\winsxs
2012-02-15 13:45:12 ----D---- C:\windows\SysWOW64
2012-02-15 13:45:12 ----D---- C:\windows\System32
2012-02-15 13:45:10 ----D---- C:\windows\SysWOW64\migration
2012-02-15 13:45:10 ----D---- C:\Program Files (x86)\Internet Explorer
2012-02-15 11:46:58 ----SHD---- C:\windows\Installer
2012-02-15 11:46:51 ----D---- C:\ProgramData\Microsoft Help
2012-02-15 11:44:21 ----D---- C:\windows\inf
2012-02-15 11:39:09 ----D---- C:\windows\Prefetch
2012-02-02 13:41:23 ----HD---- C:\ProgramData
2012-01-27 16:49:59 ----SD---- C:\Users\Anýk\AppData\Roaming\Microsoft
2012-01-19 20:12:04 ----AD---- C:\ProgramData\Temp
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys []
R1 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys []
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver; \??\C:\windows\system32\drivers\DDCDrv.sys [2009-03-02 16200]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atipmdag.sys []
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys []
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\windows\system32\drivers\AtiHdmi.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys []
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\windows\system32\DRIVERS\MpNWMon.sys []
R3 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys []
R3 phaudlwr;Philips Audio Filter; C:\windows\system32\DRIVERS\phaudlwr.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys []
R3 SPC630;Philips SPC630NC PC Camera; C:\windows\system32\drivers\SPC630.sys []
R3 SPC630m;Philips SPC630NC PC Cameram; C:\windows\system32\drivers\SPC630m.sys []
R3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys []
S1 StarOpen;StarOpen; C:\windows\SysWOW64\drivers\StarOpen.sys [2006-07-24 5632]
S3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys []
S3 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr.sys []
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys []
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmbx64.sys []
S3 nmwcdc;Nokia USB Communication Driver; C:\windows\system32\drivers\ccdcmbox64.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys []
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\windows\system32\DRIVERS\Rtnic64.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\windows\System32\drivers\tsusbflt.sys []
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys []
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys []
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys []
S3 WimFltr;WimFltr; C:\windows\system32\DRIVERS\wimfltr.sys []
S3 wsvd;wsvd; C:\windows\system32\DRIVERS\wsvd.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe []
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 103440]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0; C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2010-08-25 49152]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 136176]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 136176]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe []
S3 WMZuneComm;Zune Windows Mobile Connectivity Service; C:\Program Files\Zune\WMZuneComm.exe [2011-08-05 306400]
S3 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2011-08-05 8277728]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\Program Files\Zune\ZuneWlanCfgSvc.exe [2011-08-05 467680]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
-----------------EOF-----------------
Každý den mi antivirus najde ten samý virus , již vím o jaký druh se jedná: http://www.microsoft.com/security/porta ... 2147630011 , množí se to, potřebuji pomoct, jak se toho viru zbavit!
Moc děkuji!
