VIRY.CZ

ahoj
Win32.Zaccess-PB avast ho najde vždy když se připojuji k internetu neodtraní jen dá do truhly
jak na něj
děkuji Lubo

log
Logfile of random's system information tool 1.09 (written by random/random)
Run by lubo at 2013-07-17 10:12:55
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (27%) free of 38 GB
Total RAM: 511 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:13:34, on 17.7.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\EpStsSrv.exe
C:\WINDOWS\system32\ESDUSBMon.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AnyDATA\EasyWirelessNet\EasyWirelessNet.exe
C:\Program Files\Mozilla Firefox1\firefox.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Trell\TRELL_kasa.exe
C:\Program Files\Mozilla Firefox1\plugin-container.exe
C:\Documents and Settings\lubo\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\lubo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Nástroje Lištičky - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - C:\Program Files\Seznam.cz\toolbar\toolbar.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ESDUSBMon.exe] C:\WINDOWS\system32\ESDUSBMon.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4293B026-29CE-4F9E-99AB-921A009F092C}: NameServer = 160.218.161.60 160.218.167.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{4293B026-29CE-4F9E-99AB-921A009F092C}: NameServer = 160.218.161.60 160.218.167.5
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: EPSON ESC/POS Status Service (EPSON ESCPOS Status Service) - SEIKO EPSON Corp. - C:\WINDOWS\SYSTEM32\EpStsSrv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

--
End of file - 6553 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{A7D6B816-139D-4BBF-9F21-1ADAFB201BF7}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\lubo\Data aplikací\Mozilla\Firefox\Profiles\m8juhjak.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"=Yahoo! activeX Plug-in Bridge
"Path"=C:\Program Files\Yahoo!\Common\npyaxmpb.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files\Seznam.cz\listicka.dll [2010-10-07 1961240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll []
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{1EA00BE1-6E54-4E2A-8099-680300BF23E1} - Nástroje Lištičky - C:\Program Files\Seznam.cz\toolbar\toolbar.dll [2010-10-07 187672]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"ESDUSBMon.exe"=C:\WINDOWS\system32\ESDUSBMon.exe [2005-05-26 188416]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE [2012-10-18 752736]

C:\Documents and Settings\lubo\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

======List of files/folders created in the last 1 month======

2013-07-17 10:13:04 ----D---- C:\Program Files\trend micro
2013-07-17 10:12:55 ----D---- C:\rsit
2013-07-16 09:07:23 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2013-07-16 09:07:22 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2013-07-16 09:07:20 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2013-07-16 09:07:18 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2013-07-16 09:07:17 ----A---- C:\WINDOWS\system32\drivers\aswVmm.sys
2013-07-16 09:07:17 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2013-07-16 09:07:16 ----A---- C:\WINDOWS\system32\drivers\aswRvrt.sys
2013-07-16 09:07:14 ----A---- C:\WINDOWS\system32\drivers\aswMonFlt.sys
2013-07-16 09:07:13 ----A---- C:\WINDOWS\system32\aswBoot.exe
2013-07-16 09:03:27 ----A---- C:\WINDOWS\avastSS.scr
2013-07-16 08:59:56 ----D---- C:\Program Files\AVAST Software
2013-07-16 08:58:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2013-07-13 09:25:52 ----D---- C:\Program Files\Seznam.cz
2013-07-13 09:25:50 ----HD---- C:\WINDOWS\msdownld.tmp
2013-07-13 09:22:56 ----HDC---- C:\WINDOWS\ie8
2013-07-03 09:00:01 ----D---- C:\Program Files\Mozilla Firefox1

======List of files/folders modified in the last 1 month======

2013-07-17 10:13:14 ----A---- C:\WINDOWS\ModemLog_AnyDATA CDMA USB Modem (PID 6501).txt
2013-07-17 10:13:04 ----RD---- C:\Program Files
2013-07-17 10:12:59 ----D---- C:\WINDOWS\Prefetch
2013-07-17 10:07:18 ----D---- C:\Program Files\Ztrl
2013-07-17 10:06:50 ----D---- C:\Program Files\Trell
2013-07-17 09:44:31 ----A---- C:\WINDOWS\red_dialer.ini
2013-07-17 08:36:03 ----D---- C:\WINDOWS\Temp
2013-07-17 08:21:29 ----D---- C:\WINDOWS\system32\CatRoot2
2013-07-16 17:31:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-07-16 09:07:47 ----D---- C:\WINDOWS\system32\drivers
2013-07-16 09:07:15 ----SD---- C:\WINDOWS\Tasks
2013-07-16 09:07:13 ----D---- C:\WINDOWS\system32
2013-07-16 09:06:27 ----SHD---- C:\WINDOWS\Installer
2013-07-16 09:06:25 ----D---- C:\WINDOWS\WinSxS
2013-07-16 09:03:27 ----D---- C:\WINDOWS
2013-07-16 09:01:48 ----D---- C:\Program Files\Google
2013-07-13 09:28:24 ----D---- C:\WINDOWS\system32\cs-cz
2013-07-13 09:28:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-07-13 09:28:22 ----HD---- C:\WINDOWS\inf
2013-07-13 09:28:22 ----D---- C:\WINDOWS\Media
2013-07-13 09:28:22 ----D---- C:\WINDOWS\Help
2013-07-13 09:28:22 ----D---- C:\Program Files\Internet Explorer
2013-07-12 13:28:48 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-05-09 49376]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-07-16 175176]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2013-05-09 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-07-16 770344]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-07-16 369584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-05-09 56080]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 tidnet;TID NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\tidnet.sys [2009-09-22 19200]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-05-09 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 Esdpdx01;Esdpdx01; \??\C:\WINDOWS\system32\Drivers\ESDPDX01.SYS []
R3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbmdm65.sys [2005-05-02 64896]
R3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbser65.sys [2005-05-02 64896]
R3 ati2mtaa;ati2mtaa; C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-17 326912]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\WINDOWS\system32\DRIVERS\ewusbnet.sys [2009-10-20 113280]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys [2007-08-09 24448]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-09-10 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-10-12 100736]
S3 hwusbfake;Huawei DataCard USB Fake; C:\WINDOWS\system32\DRIVERS\ewusbfake.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 EPSON ESCPOS Status Service;EPSON ESC/POS Status Service; C:\WINDOWS\system32\EpStsSrv.exe [2006-05-17 77824]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-16 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-16 116648]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravím,

Stáhni TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe . Pak použij tento návod od kolegy:

Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
Pokud utilita najde infikekci, bude ji chtit uložit do karantény (Quarantine), povolte leceni kliknutim na Continue
Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

ahoj
tak bohužel TDSSKiller nic nenašel
avast na mě zase 2x pipl s trojským koněm:(

zaskocim, pokial sa objavi kolega

citat:
Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.

•Utilitu spustte a prikazte ji, at skenuje - klik na Scan
•Kliknutim na Save log ulozte log aswMBR na plochu
•Obsah logu aswMBR mi sem vlozte

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-17 11:36:15
-----------------------------
11:36:15.796 OS Version: Windows 5.1.2600 Service Pack 3
11:36:15.796 Number of processors: 1 586 0x207
11:36:15.828 ComputerName: HOBBYPET-2B1160 UserName: lubo
11:36:17.781 Initialize success
11:36:20.625 AVAST engine defs: 13071601
11:36:23.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:36:23.515 Disk 0 Vendor: ST340014A 3.06 Size: 38165MB BusType: 3
11:36:23.625 Disk 0 MBR read successfully
11:36:23.640 Disk 0 MBR scan
11:36:23.703 Disk 0 Windows XP default MBR code
11:36:23.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
11:36:23.703 Disk 0 scanning sectors +78140160
11:36:23.875 Disk 0 scanning C:\WINDOWS\system32\drivers
11:36:46.328 Service scanning
11:37:07.312 Modules scanning
11:37:20.796 Disk 0 trace - called modules:
11:37:20.812 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
11:37:20.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8236fab8]
11:37:20.828 3 CLASSPNP.SYS[f8576fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x823e7030]
11:37:21.937 AVAST engine scan C:\WINDOWS
11:37:26.203 AVAST engine scan C:\WINDOWS\system32
11:40:17.656 File: C:\WINDOWS\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
11:41:04.984 AVAST engine scan C:\WINDOWS\system32\drivers
11:41:26.031 AVAST engine scan C:\Documents and Settings\lubo
11:41:55.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\lubo\Plocha\MBR.dat"
11:41:55.515 The log file has been saved successfully to "C:\Documents and Settings\lubo\Plocha\aswMBR.txt"

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-17 11:44:39
-----------------------------
11:44:39.312 OS Version: Windows 5.1.2600 Service Pack 3
11:44:39.312 Number of processors: 1 586 0x207
11:44:39.328 ComputerName: HOBBYPET-2B1160 UserName: lubo
11:44:40.406 Initialize success
11:44:41.171 AVAST engine defs: 13071601
11:44:43.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:44:43.562 Disk 0 Vendor: ST340014A 3.06 Size: 38165MB BusType: 3
11:44:43.765 Disk 0 MBR read successfully
11:44:43.781 Disk 0 MBR scan
11:44:43.781 Disk 0 Windows XP default MBR code
11:44:43.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
11:44:43.812 Disk 0 scanning sectors +78140160
11:44:44.125 Disk 0 scanning C:\WINDOWS\system32\drivers
11:45:28.765 Service scanning
11:46:03.406 Modules scanning
11:46:37.484 Disk 0 trace - called modules:
11:46:37.500 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
11:46:37.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8236fab8]
11:46:37.500 3 CLASSPNP.SYS[f8576fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x823e7030]
11:46:37.859 AVAST engine scan C:\WINDOWS
11:47:04.562 AVAST engine scan C:\WINDOWS\system32
11:53:53.000 File: C:\WINDOWS\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
11:55:40.812 AVAST engine scan C:\WINDOWS\system32\drivers
11:56:18.531 AVAST engine scan C:\Documents and Settings\lubo
12:26:26.750 AVAST engine scan C:\Documents and Settings\All Users
12:27:06.734 Scan finished successfully
13:05:14.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\lubo\Plocha\MBR.dat"
13:05:14.703 The log file has been saved successfully to "C:\Documents and Settings\lubo\Plocha\aswMBR.txt"

skus pouzit tento navod http://kb.eset.com/esetkb/index?page=co ... cale=sk_SK

zdarvím tak nevím kde nastala chyba
stahl jsem esetclener
spustil, odsouhlasil, chtěl restart
po restartu
se na žádnou hloubkovou kontrolu nedestanu (žádnej eset nanainstlovaný)
po suštění to stažené ho esetu tu vytvoří soubor a v něm je
[2013.07.17 14:15:40.171] -
[2013.07.17 14:15:40.171] - ....................................
[2013.07.17 14:15:40.171] - ..::::::::::::::::::....................
[2013.07.17 14:15:40.187] - .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT.. Win32/Sirefef
[2013.07.17 14:15:40.187] - .::EE::::EE:SS:::::::.EE....EE....TT...... Version: 1.1.0.12
[2013.07.17 14:15:40.187] - .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT...... Built: Jul 1 2013
[2013.07.17 14:15:40.187] - .::EE:::::::::::::SS:.EE..........TT......
[2013.07.17 14:15:40.187] - .::EEEEEE:::SSSSSS::..EEEEEE.....TT..... Copyright (c) ESET, spol. s r.o.
[2013.07.17 14:15:40.187] - ..::::::::::::::::::.................... 1992-2013. All rights reserved.
[2013.07.17 14:15:40.187] - ....................................
[2013.07.17 14:15:40.187] -
[2013.07.17 14:15:40.187] - --------------------------------------------------------------------------------
[2013.07.17 14:15:40.203] -
[2013.07.17 14:15:40.203] - INFO: OS: 5.1.2600 SP3
[2013.07.17 14:15:40.203] - INFO: Product Type: Workstation
[2013.07.17 14:15:40.203] - INFO: WoW64: False
[2013.07.17 14:15:40.203] - INFO: Machine guid: 204A18D1-FE5B-4AA2-B202-C067D59E5272
[2013.07.17 14:15:40.203] -
[2013.07.17 14:15:40.203] - INFO: EULA Accepted
[2013.07.17 14:15:40.203] - --------------------------------------------------------------------------------
[2013.07.17 14:15:40.203] - INFO: Scanning for system infection...
[2013.07.17 14:15:40.203] - --------------------------------------------------------------------------------
[2013.07.17 14:15:40.203] -
[2013.07.17 14:15:40.203] -
[2013.07.17 14:15:40.203] - INFO: Current Shell HKLM [Explorer.exe].
[2013.07.17 14:15:40.203] - INFO: Current SubSystems [%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16].
[2013.07.17 14:15:40.656] -
[2013.07.17 14:15:40.671] -
[2013.07.17 14:15:40.671] - INFO: Win32/Sirefef not found
[2013.07.17 14:16:52.734] - --------------------------------------------------------------------------------
[2013.07.17 14:16:52.734] - INFO: Logging finished successfully...
[2013.07.17 14:16:52.734] - --------------------------------------------------------------------------------

Díky kolegovi za spolupráci

INFO: Win32/Sirefef not found - zkontroluj znovu aswMBR

Klikni na https://www.virustotal.com
po kliknutí na "Choose File" jen zkopíruj do řádku "Název souboru":

C:\WINDOWS\assembly\GAC\Desktop.ini

"Scan It" (pokud byl již testován, nech testovat znovu - Reanalyse)
Trpělivě vyčkej dokončení scanu dokud se neobjeví konečný výsledek např.0/41
Do fóra zkopíruj výsledný log. nebo odkaz z adresního řádku na stránku.
Pokud nebude nález stačí jen oznámit

C:\WINDOWS\assembly\GAC\Desktop.ini
mi virustotal nenajde
při ručním vyhledání v C:\WINDOWS\assembly\ nevidím adresář GAC

Co našel aswMBR?

Proveď kontrolu Avastem

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-17 11:36:15
-----------------------------
11:36:15.796 OS Version: Windows 5.1.2600 Service Pack 3
11:36:15.796 Number of processors: 1 586 0x207
11:36:15.828 ComputerName: HOBBYPET-2B1160 UserName: lubo
11:36:17.781 Initialize success
11:36:20.625 AVAST engine defs: 13071601
11:36:23.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:36:23.515 Disk 0 Vendor: ST340014A 3.06 Size: 38165MB BusType: 3
11:36:23.625 Disk 0 MBR read successfully
11:36:23.640 Disk 0 MBR scan
11:36:23.703 Disk 0 Windows XP default MBR code
11:36:23.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
11:36:23.703 Disk 0 scanning sectors +78140160
11:36:23.875 Disk 0 scanning C:\WINDOWS\system32\drivers
11:36:46.328 Service scanning
11:37:07.312 Modules scanning
11:37:20.796 Disk 0 trace - called modules:
11:37:20.812 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
11:37:20.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8236fab8]
11:37:20.828 3 CLASSPNP.SYS[f8576fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x823e7030]
11:37:21.937 AVAST engine scan C:\WINDOWS
11:37:26.203 AVAST engine scan C:\WINDOWS\system32
11:40:17.656 File: C:\WINDOWS\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
11:41:04.984 AVAST engine scan C:\WINDOWS\system32\drivers
11:41:26.031 AVAST engine scan C:\Documents and Settings\lubo
11:41:55.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\lubo\Plocha\MBR.dat"
11:41:55.515 The log file has been saved successfully to "C:\Documents and Settings\lubo\Plocha\aswMBR.txt"

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-17 11:44:39
-----------------------------
11:44:39.312 OS Version: Windows 5.1.2600 Service Pack 3
11:44:39.312 Number of processors: 1 586 0x207
11:44:39.328 ComputerName: HOBBYPET-2B1160 UserName: lubo
11:44:40.406 Initialize success
11:44:41.171 AVAST engine defs: 13071601
11:44:43.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:44:43.562 Disk 0 Vendor: ST340014A 3.06 Size: 38165MB BusType: 3
11:44:43.765 Disk 0 MBR read successfully
11:44:43.781 Disk 0 MBR scan
11:44:43.781 Disk 0 Windows XP default MBR code
11:44:43.796 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
11:44:43.812 Disk 0 scanning sectors +78140160
11:44:44.125 Disk 0 scanning C:\WINDOWS\system32\drivers
11:45:28.765 Service scanning
11:46:03.406 Modules scanning
11:46:37.484 Disk 0 trace - called modules:
11:46:37.500 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
11:46:37.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8236fab8]
11:46:37.500 3 CLASSPNP.SYS[f8576fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x823e7030]
11:46:37.859 AVAST engine scan C:\WINDOWS
11:47:04.562 AVAST engine scan C:\WINDOWS\system32
11:53:53.000 File: C:\WINDOWS\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
11:55:40.812 AVAST engine scan C:\WINDOWS\system32\drivers
11:56:18.531 AVAST engine scan C:\Documents and Settings\lubo
12:26:26.750 AVAST engine scan C:\Documents and Settings\All Users
12:27:06.734 Scan finished successfully
13:05:14.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\lubo\Plocha\MBR.dat"
13:05:14.703 The log file has been saved successfully to "C:\Documents and Settings\lubo\Plocha\aswMBR.txt"

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-17 16:08:58
-----------------------------
16:08:58.078 OS Version: Windows 5.1.2600 Service Pack 3
16:08:58.078 Number of processors: 1 586 0x207
16:08:58.078 ComputerName: HOBBYPET-2B1160 UserName: lubo
16:09:01.046 Initialize success
16:09:02.828 AVAST engine defs: 13071601
16:09:18.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:09:18.078 Disk 0 Vendor: ST340014A 3.06 Size: 38165MB BusType: 3
16:09:18.187 Disk 0 MBR read successfully
16:09:18.187 Disk 0 MBR scan
16:09:18.281 Disk 0 Windows XP default MBR code
16:09:18.281 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
16:09:18.312 Disk 0 scanning sectors +78140160
16:09:18.515 Disk 0 scanning C:\WINDOWS\system32\drivers
16:09:40.609 Service scanning
16:10:03.515 Modules scanning
16:10:15.156 Disk 0 trace - called modules:
16:10:15.171 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
16:10:15.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8236fab8]
16:10:15.703 3 CLASSPNP.SYS[f8576fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x823e7030]
16:10:16.812 AVAST engine scan C:\WINDOWS
16:10:21.093 AVAST engine scan C:\WINDOWS\system32
16:13:49.296 AVAST engine scan C:\WINDOWS\system32\drivers
16:14:10.609 AVAST engine scan C:\Documents and Settings\lubo
16:42:44.875 AVAST engine scan C:\Documents and Settings\All Users
16:43:16.078 Scan finished successfully
16:50:42.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\lubo\Plocha\MBR.dat"
16:50:42.546 The log file has been saved successfully to "C:\Documents and Settings\lubo\Plocha\aswMBR.txt"

asi dobrý?

jakým avastem normální test?
děkuji

V Avastu stačí Rychlý test

Ano aswMBR už ho nenašel

je možné že je ted pc nějaké zpomalené nebo se mi to zdá?
dá se vyčisti? jak?
děkuji

rychlej test avastu ho nenašel ani když tam byl:(

VIRY.CZ

Win32.Zaccess-PB

Win32.Zaccess-PB

Re: Win32.Zaccess-PB

Re: Win32.Zaccess-PB

Re: Win32.Zaccess-PB

Re: Win32.Zaccess-PB

Re: Win32.Zaccess-PB

Re: Win32.Zaccess-PB

Re: Win32.Zaccess-PB

Re: Win32.Zaccess-PB

Re: Win32.Zaccess-PB

Re: Win32.Zaccess-PB

Re: Win32.Zaccess-PB

Re: Win32.Zaccess-PB

Re: Win32.Zaccess-PB

Re: Win32.Zaccess-PB