VIRY.CZ

Dobrý den, mám problém s těmito viry :
"Infekce";"Trojský kůň BackDoor.Generic_c.CRB";"G:\System Volume Information\_restore{233FB791-0AA4-4B36-AAAF-5E171F98B3C5}\RP55\A0019011.exe";"";"16.1.2010, 17:06:14"
"Infekce";"Trojský kůň Dropper.Generic_c.CQP";"G:\System Volume Information\_restore{233FB791-0AA4-4B36-AAAF-5E171F98B3C5}\RP57\A0019086.exe";"";"16.1.2010, 22:00:53"

AVG mi je několikrát za den objeví, a nvm co stím. Pc se chová poněkud zpomaleně, déle se spouští Windows, než obvykle.

Zde přikládám Hijack :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:05, on 17.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\Program Files\PROGRAMI\AVG9\avgchsvx.exe
G:\Program Files\PROGRAMI\AVG9\avgrsx.exe
G:\Program Files\PROGRAMI\AVG9\avgcsrvx.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\PROGRAMI\AVG9\avgwdsvc.exe
G:\Program Files\PROGRAMI\AVG9\avgfws9.exe
G:\Program Files\Spyware Terminator\sp_rsser.exe
G:\Program Files\PROGRAMI\AVG9\avgam.exe
G:\Program Files\PROGRAMI\AVG9\avgnsx.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\TUProgSt.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\wscntfy.exe
G:\WINDOWS\RTHDCPL.EXE
G:\Program Files\Java\jre1.6.0\bin\jusched.exe
G:\Program Files\PROGRAMI\HP\HP Software Update\HPWuSchd.exe
G:\Program Files\ATI\ATI.ACE\Core-Static\MOM.exe
G:\Program Files\HP\hpcoretech\hpcmpmgr.exe
G:\PROGRA~1\PROGRAMI\AVG9\avgtray.exe
G:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\PROGRAMI\AnyDVD\AnyDVD.exe
G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
G:\Program Files\PROGRAMI\HP\Digital Imaging\bin\hpqtra08.exe
G:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
G:\Program Files\ATI\ATI.ACE\Core-Static\ccc.exe
G:\Program Files\PROGRAMI\AVG9\avgcsrvx.exe
G:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
G:\Program Files\PROGRAMI\Mozilla Firefox\firefox.exe
G:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
G:\Program Files\PROGRAMI\ArchiCAD 12\ArchiCAD.exe
G:\Program Files\PROGRAMI\uTorrent\utorrent.exe
G:\Program Files\Spyware Terminator\SpywareTerminator.exe
G:\Documents and Settings\SPARKY\Plocha\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60347
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - G:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - G:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\PROGRAMI\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - G:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [CloneCDTray] "G:\Program Files\PROGRAMI\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "G:\Program Files\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] "G:\Program Files\PROGRAMI\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "G:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] G:\PROGRA~1\PROGRAMI\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SpywareTerminator] "G:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] G:\Program Files\PROGRAMI\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "G:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "G:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = G:\Program Files\PROGRAMI\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://G:\PROGRA~1\PROGRAMI\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\PROGRAMI\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - G:\Program Files\PROGRAMI\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - G:\Program Files\PROGRAMI\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6947DE5-DFDB-450A-A919-095FD89FF047}: NameServer = 212.80.70.2,212.80.66.7
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Program Files\PROGRAMI\AVG9\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - G:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: avgrsstarter - G:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - G:\Program Files\PROGRAMI\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - G:\Program Files\PROGRAMI\AVG9\avgfws9.exe
O23 - Service: NBService - Nero AG - G:\Program Files\PROGRAMI\NERO 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - G:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - G:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - G:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - G:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8698 bytes

Dobrý den,
vypněte Obnovu systému, restarrtujte počítač a Obnovu zase zapněte. Vir by měl být tímto vymazán.
Pro sichr proscanujte počítač programem MBAM - viz můj podpis. Vložte sem z něho log, zatím nic nemažte.

Dobrý den, mohl byste mi prosím poslat postup na vypnutí Obnovy systému ? díky

Zde: http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

Tak jsem udělal test a zde je výsledek :

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17.1.2010 10:04:32
mbam-log-2010-01-17 (10-04-28).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|E:\|G:\|)
Zkontrolované objekty: 240126
Uplynulý čas: 47 minute(s), 40 second(s)

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 1
Infikované datové položky registru: 1
Infikované adresáře: 0
Infikované soubory: 6

Infikované procesy v paměti:
G:\Program Files\PROGRAMI\AnyDVD\AnyDVD.exe (Malware.pacler) -> No action taken.

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\anydvd (Malware.pacler) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
G:\Program Files\PROGRAMI\AnyDVD\AnyDVD.exe (Malware.pacler) -> No action taken.
G:\Program Files\PROGRAMI\ACE Mega CoDecS Pack\UtilitieS\Remover.exe (Trojan.FakeAlert) -> No action taken.
G:\Program Files\PROGRAMI\ACE Mega CoDecS Pack\UtilitieS\AVI CoDecS\Remover.exe (Trojan.FakeAlert) -> No action taken.
G:\Documents and Settings\SPARKY\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> No action taken.
G:\Documents and Settings\SPARKY\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> No action taken.
G:\Documents and Settings\SPARKY\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> No action taken.

Toto smažte:

Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Infikované soubory:
G:\Documents and Settings\SPARKY\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> No action taken.
G:\Documents and Settings\SPARKY\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> No action taken.
G:\Documents and Settings\SPARKY\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> No action taken.


Zbytek bych viděl na falešnou detekci.


Co na to počítač?

tak jsem smazal ty soubory , a projel to znovu AVG a Malvarebytes , a nic se neobjevilo, takže doufám že je to pryč . Děkuji za rady

Rádo se stalo.