Krásný den všem, prosím o pomoc s virem

Zpráva

Tomy83 · #1 Příspěvek od **Tomy83** » 28 bře 2010 14:33

Zdravím,
asi týden mám problém s PC. 100%ně vytížený procesor od startu až do vypnutí PC. Ve správci úloh je 7x svchost.exe, které vytěžují plně procesor. Paměť zhruba 300MB z 1200MB. PC staré 4 roky, vždy bez problémů. Bohužel nelegální Windows.
Prosím o pomoc. Moc děkuji.

Logfile of random's system information tool 1.06 (written by random/random)
Run by uživatel pc at 2010-03-28 15:26:06
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (4%) free of 238 GB
Total RAM: 1278 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:26:56, on 28.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Total commander\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\uživatel pc\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\uživatel pc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=7261
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KeyBoard] C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32upd] rundll32 "C:\Program Files\Eset\fc_upd.dll",NOD32Ioctl
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: syspck32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CE40C3F1-3DF5-4461-A521-810923235628} - http://www.joj.sk/fileadmin/joj_player/ ... Player.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6991 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-299502267-725345543-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-299502267-725345543-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-15 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-10-04 8491008]
"nwiz"=nwiz.exe /install []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-08-30 69632]
"KeyBoard"=C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe [2004-07-12 49152]
"DAEMON Tools-1033"=C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"WheelMouse"=C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe [2004-08-25 192512]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-10-04 81920]
"nod32upd"=rundll32 C:\Program Files\Eset\fc_upd.dll,NOD32Ioctl []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-15 202256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32upd]
rundll32 C:\Program Files\Eset\fc_upd.dll,NOD32Ioctl []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-05-10 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Kodak software updater.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^PC Alert 4.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3
"NOD32krn"=2
"wscsvc"=2

C:\Documents and Settings\uživatel pc\Nabídka Start\Programy\Po spuštění
syspck32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Total commander\totalcmd\TOTALCMD.EXE"="C:\Program Files\Total commander\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\EA GAMES\Need for Speed Underground 2\speed2.exe"="C:\Program Files\EA GAMES\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2"
"C:\Program Files\Infogrames\Grand Prix 4\GP4.exe"="C:\Program Files\Infogrames\Grand Prix 4\GP4.exe:*:Enabled:GP4"
"C:\Program Files\InterVideo\DVD7\WinDVD.exe"="C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Program Files\Paintball2\paintball2.exe"="C:\Program Files\Paintball2\paintball2.exe:*:Enabled:paintball2"
"C:\Program Files\THQ\MotoGP URT 3\motogp.exe"="C:\Program Files\THQ\MotoGP URT 3\motogp.exe:*:Enabled:motogp"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf3d8475-f7a1-11de-ba47-001109111c5c}]
shell\AutoRun\command - setupSNK.exe

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-03-28 15:26:11 ----D---- C:\Program Files\trend micro
2010-03-28 15:26:06 ----D---- C:\rsit
2010-03-27 00:31:19 ----D---- C:\Program Files\Wise Registry Cleaner
2010-03-27 00:29:15 ----A---- C:\Program Files\WRCFree.exe
2010-03-15 19:49:16 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-03-15 19:49:09 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-03-15 19:49:09 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-03-15 19:49:00 ----D---- C:\Program Files\Common Files\xing shared
2010-03-15 19:48:33 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-03-15 19:48:32 ----D---- C:\Program Files\Real
2010-03-15 19:48:30 ----D---- C:\Program Files\Common Files\Real
2010-03-15 19:48:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-03-15 19:48:28 ----D---- C:\Documents and Settings\uživatel pc\Data aplikací\Real
2010-03-04 19:58:36 ----A---- C:\WINDOWS\_MSRSTRT.EXE
2010-03-04 19:51:18 ----D---- C:\EES32

======List of files/folders modified in the last 1 months======

2010-03-28 15:26:11 ----D---- C:\Program Files
2010-03-28 15:24:11 ----SD---- C:\WINDOWS\Tasks
2010-03-28 12:04:28 ----A---- C:\WINDOWS\wincmd.ini
2010-03-28 11:49:01 ----D---- C:\WINDOWS\system32
2010-03-28 11:48:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-28 11:42:47 ----D---- C:\WINDOWS\Temp
2010-03-28 11:42:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-28 11:42:40 ----D---- C:\WINDOWS
2010-03-27 09:25:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-27 00:03:11 ----D---- C:\WINDOWS\system32\drivers
2010-03-27 00:02:48 ----HD---- C:\WINDOWS\inf
2010-03-27 00:01:28 ----SHD---- C:\WINDOWS\Installer
2010-03-27 00:01:14 ----D---- C:\WINDOWS\WinSxS
2010-03-26 22:48:50 ----D---- C:\Documents and Settings\uživatel pc\Data aplikací\ICQ
2010-03-26 21:50:46 ----D---- C:\Program Files\Mozilla Firefox
2010-03-26 21:21:27 ----A---- C:\Program Files\avira_antivir_personal_en.exe
2010-03-24 20:52:21 ----D---- C:\WINDOWS\Prefetch
2010-03-16 21:27:42 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-15 19:49:00 ----D---- C:\Program Files\Common Files
2010-03-05 12:18:35 ----D---- C:\Documents and Settings\uživatel pc\Data aplikací\gtk-2.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2004-08-25 5120]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 nxsIO32;NextSensor Kernel I/O Driver; \??\C:\WINDOWS\System32\DRIVERS\nxsIO32.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-30 637713]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-10-04 6854464]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-04-07 105088]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 AMDMSRIO;AMDMSRIO; \??\C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys []
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2004-08-25 10240]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 KMWDFilter;KMWDFilter; \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-06-29 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-06-29 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-06-29 108552]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-06-29 98568]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-10-04 155716]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-02-09 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 28 bře 2010 14:36

Zdravím

Podívám se na log, ovšem budeme pokračovat pod podmínkou, že si co nejdříve obstaráte legální Windows.

#3 Příspěvek od **Caroprd111** » 28 bře 2010 14:39

Doporučuji odinstalovat:
C:\Program Files\DC++\DCPlusPlus.exe

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.

Obrázek

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
Během skenování může být počítač restartován.

Tomy83 · #4 Příspěvek od **Tomy83** » 28 bře 2010 15:55

Vypadá to, že pomohlo projetí ComboFixem. Výkon je 2%! Zatím M.O.C. Děkuju!!!!!!!
Fakt moc a moc! Přeji nádherný den!

#5 Příspěvek od **Caroprd111** » 28 bře 2010 16:33

Potřeboval bych ten log.

Tomy83 · #6 Příspěvek od **Tomy83** » 28 bře 2010 16:47

ComboFix 10-03-27.03 - uživatel pc 28.03.2010 16:45:40.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1278.922 [GMT 2:00]
Spuštěný z: c:\documents and settings\uživatel pc\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Eset\fc_upd.dll
c:\windows\desktop
c:\windows\desktop\Virtual Pool 3.lnk
c:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-28 do 2010-03-28 )))))))))))))))))))))))))))))))
.

2010-03-28 13:26 . 2010-03-28 13:26 -------- d-----w- c:\program files\trend micro
2010-03-28 13:26 . 2010-03-28 13:27 -------- d-----w- C:\rsit
2010-03-26 22:31 . 2010-03-26 23:01 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-03-26 22:29 . 2010-03-26 22:29 2283966 ----a-w- c:\program files\WRCFree.exe
2010-03-15 17:49 . 2010-03-15 17:49 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-15 17:48 . 2010-03-15 17:49 -------- d-----w- c:\program files\Real
2010-03-15 17:48 . 2010-03-15 17:49 -------- d-----w- c:\program files\Common Files\Real
2010-03-04 17:58 . 2010-03-04 17:58 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-03-04 17:51 . 2010-03-04 18:38 -------- d-----w- C:\EES32

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 14:49 . 2006-05-29 17:31 -------- d-----w- c:\program files\ESET
2010-03-28 09:49 . 2001-10-25 14:00 83680 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 09:49 . 2001-10-25 14:00 441192 ----a-w- c:\windows\system32\perfh005.dat
2010-03-26 19:21 . 2009-05-17 07:34 42281152 ----a-w- c:\program files\avira_antivir_personal_en.exe
2010-02-11 19:17 . 2010-01-03 16:48 -------- d-----w- c:\program files\AUTODESK.AUTOCAD.MECHANICAL.V2009.DVD-ISO
2010-02-11 16:42 . 2009-05-17 09:24 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-09 17:13 . 2008-06-17 17:42 -------- d-----w- c:\program files\Autodesk
2010-02-09 17:12 . 2010-02-09 17:12 -------- d-----w- c:\program files\Common Files\Autodesk
2010-02-09 17:11 . 2010-02-09 17:10 -------- d-----w- c:\program files\DWG TrueView 2009
2010-02-09 17:08 . 2010-02-09 16:52 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-02-09 16:59 . 2010-02-09 16:59 -------- d-----w- c:\program files\Microsoft WSE
2010-02-09 16:57 . 2008-11-02 13:50 -------- d-----w- c:\program files\MSBuild
2010-02-09 16:55 . 2010-02-09 16:55 -------- d-----w- c:\program files\Reference Assemblies
2010-01-02 13:37 . 2010-01-02 13:37 2321172 ----a-w- c:\program files\HEXelonMAX_install_kalkulacka.exe
2008-11-09 17:32 . 2008-11-09 17:32 14566424 ----a-w- c:\program files\vlc-0.9.4-win32.exe
2008-10-10 20:22 . 2008-10-10 20:22 305672 ----a-w- c:\program files\dxwebsetup.exe
2008-07-10 15:44 . 2008-07-10 15:44 14111464 ----a-w- c:\program files\install_atlas_icq6.exe
2008-02-02 21:38 . 2008-02-02 21:38 2733928 ----a-w- c:\program files\ccsetup204_vycisti registry.exe
2008-01-07 13:42 . 2008-01-07 13:42 5903928 ----a-w- c:\program files\picasa--setup...Sprava fotografii.exe
2007-11-30 18:59 . 2007-11-30 18:59 15180000 ----a-w- c:\program files\gimp-2.4.2-i686-setup.exe
2007-11-30 11:37 . 2007-11-30 11:37 18262521 ----a-w- c:\program files\MediaCoder-0.6.0.3920.exe
2007-11-30 11:29 . 2007-11-30 11:29 3400821 ----a-w- c:\program files\acala3gpmovies.exe
2007-11-30 11:21 . 2007-11-30 11:21 2049244 ----a-w- c:\program files\qip8040.exe
2007-11-13 13:02 . 2007-11-13 13:02 72234688 ----a-w- c:\program files\163.75_forceware_winxp_32bit_international_whql.exe
2007-10-26 16:36 . 2007-10-26 16:36 17788920 ----a-w- c:\program files\antivir_workstation_win7u_en_h.exe
2007-08-02 08:39 . 2007-08-02 08:39 15991392 ----a-w- c:\program files\Java Sun 1.5.0._internetove_bankovnictvi_jre-1_5_0_02-windows-i586-p.exe
2007-07-07 11:00 . 2007-07-07 10:51 22260056 ----a-w- c:\program files\WMP3_E_audio_editor.exe
2007-07-05 09:30 . 2007-07-05 09:30 21671816 ----a-w- c:\program files\Nokia_PC_Suite_683_rel_14_1_cze_web.exe
2007-07-02 20:26 . 2007-07-02 20:26 5827472 ----a-w- c:\program files\Firefox Setup 2.0.0.7.exe
2006-09-26 06:14 . 2006-12-04 18:02 39195076 ----a-w- c:\program files\WinDVD7.exe
2006-06-07 20:49 . 2006-06-07 20:48 1466776 ----a-w- c:\program files\daemon400.exe
2006-05-31 06:57 . 2006-05-31 06:57 22814048 ----a-w- c:\program files\AdbeRdr705_cze_full.exe
2006-05-30 13:48 . 2006-05-30 13:48 2467063 ----a-w- c:\program files\PCAlert4_MB.zip
2006-05-30 13:44 . 2006-05-30 13:44 695730 ----a-w- c:\program files\sview_b10.exe
2006-05-30 13:43 . 2006-05-30 13:43 282279 ----a-w- c:\program files\nxsensor.zip
2006-05-29 17:30 . 2006-05-29 17:30 10181505 ----a-w- c:\program files\nentczst-nod 32.exe
2006-05-29 17:22 . 2006-05-29 17:22 6086104 ----a-w- c:\program files\winamp522_full.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"SoundMan"="SOUNDMAN.EXE" [2004-08-30 69632]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2004-08-25 192512]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-15 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

c:\documents and settings\u§ivatel pc\Nabˇdka Start\Programy\Po spuçtŘnˇ\
syspck32.exe [2004-8-17 32256]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Kodak EasyShare software.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Kodak software updater.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^PC Alert 4.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-06-18 13:10 271360 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"NOD32krn"=2 (0x2)
"wscsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Total commander\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\THQ\\MotoGP URT 3\\motogp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2516:UDP"= 2516:UDP:Windows Media Format SDK (iexplore.exe)
"2517:UDP"= 2517:UDP:Windows Media Format SDK (iexplore.exe)
"2518:UDP"= 2518:UDP:Windows Media Format SDK (iexplore.exe)

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [8.6.2006 19:37 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [8.6.2006 19:37 5248]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15.11.2009 10:13 108289]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [30.5.2006 15:43 2208]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.6.2006 22:44 664064]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\UIVATE~1\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-299502267-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-03-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-299502267-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
DPF: {CE40C3F1-3DF5-4461-A521-810923235628} - hxxp://www.joj.sk/fileadmin/joj_player/JOJ_Explorer_Player.cab
FF - ProfilePath - c:\documents and settings\uživatel pc\Data aplikací\Mozilla\Firefox\Profiles\gzxw015u.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-nod32upd - c:\program files\Eset\fc_upd.dll
MSConfigStartUp-nod32upd - c:\program files\Eset\fc_upd.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-28 16:49
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x89473F00]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cfc3
\Driver\ACPI -> ACPI.sys @ 0xba759cb8
\Driver\atapi -> 0x89473f00
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba5ccba0
PacketIndicateHandler -> NDIS.sys @ 0xba5d9b21
SendHandler -> NDIS.sys @ 0xba5b787b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
Celkový čas: 2010-03-28 16:51:07
ComboFix-quarantined-files.txt 2010-03-28 14:51

Před spuštěním: 9 886 105 600
Po spuštění: 9 863 127 040

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe

- - End Of File - - 26A556239FE5E9402F92D6EA9EE79C50

#7 Příspěvek od **Caroprd111** » 28 bře 2010 17:23

Pokud nemáte, přesuňte Combofix na plochu

Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

File:: 
c:\windows\_MSRSTRT.EXE
c:\documents and settings\uživatel pc\Nabídka Start\Programy\Po spuštění\syspck32.exe

Folder::
c:\program files\ESET

Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Tomy83 · #8 Příspěvek od **Tomy83** » 31 bře 2010 17:58

ComboFix 10-03-27.03 - uživatel pc 31.03.2010 18:20:41.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1278.909 [GMT 2:00]
Spuštěný z: c:\documents and settings\uživatel pc\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\uživatel pc\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\documents and settings\uživatel pc\Nabídka Start\Programy\Po spuštění\syspck32.exe"
"c:\windows\_MSRSTRT.EXE"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\uživatel pc\Nabídka Start\Programy\Po spuštění\syspck32.exe
c:\program files\ESET
c:\program files\ESET\Install\advheur.nup
c:\program files\ESET\Install\archs.nup
c:\program files\ESET\Install\engine.nup
c:\program files\ESET\Install\charon.nup
c:\program files\ESET\Install\main.dll
c:\program files\ESET\Install\mainlang.dll
c:\program files\ESET\Install\mfc42.dll
c:\program files\ESET\Install\mfc42u.dll
c:\program files\ESET\Install\msvcrt.dll
c:\program files\ESET\Install\ntbasecz.nup
c:\program files\ESET\Install\ntinetcz.nup
c:\program files\ESET\Install\ntstdcz.nup
c:\program files\ESET\Install\pwscan.nup
c:\program files\ESET\Install\readme.txt
c:\program files\ESET\Install\setup.exe
c:\program files\ESET\Install\setup.xml
c:\program files\ESET\Install\utilmod.nup
c:\program files\ESET\soubor pro neomezené používání\NOD32_Patch.By.FreeSecLabs.exe
c:\windows\_MSRSTRT.EXE

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-28 do 2010-03-31 )))))))))))))))))))))))))))))))
.

2010-03-28 13:26 . 2010-03-28 13:26 -------- d-----w- c:\program files\trend micro
2010-03-28 13:26 . 2010-03-28 13:27 -------- d-----w- C:\rsit
2010-03-26 22:31 . 2010-03-26 23:01 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-03-26 22:29 . 2010-03-26 22:29 2283966 ----a-w- c:\program files\WRCFree.exe
2010-03-15 17:49 . 2010-03-15 17:49 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-15 17:48 . 2010-03-15 17:49 -------- d-----w- c:\program files\Real
2010-03-15 17:48 . 2010-03-15 17:49 -------- d-----w- c:\program files\Common Files\Real
2010-03-04 17:51 . 2010-03-04 18:38 -------- d-----w- C:\EES32

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 09:49 . 2001-10-25 14:00 83680 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 09:49 . 2001-10-25 14:00 441192 ----a-w- c:\windows\system32\perfh005.dat
2010-03-26 19:21 . 2009-05-17 07:34 42281152 ----a-w- c:\program files\avira_antivir_personal_en.exe
2010-02-11 19:17 . 2010-01-03 16:48 -------- d-----w- c:\program files\AUTODESK.AUTOCAD.MECHANICAL.V2009.DVD-ISO
2010-02-11 16:42 . 2009-05-17 09:24 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-09 17:13 . 2008-06-17 17:42 -------- d-----w- c:\program files\Autodesk
2010-02-09 17:12 . 2010-02-09 17:12 -------- d-----w- c:\program files\Common Files\Autodesk
2010-02-09 17:11 . 2010-02-09 17:10 -------- d-----w- c:\program files\DWG TrueView 2009
2010-02-09 17:08 . 2010-02-09 16:52 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-02-09 16:59 . 2010-02-09 16:59 -------- d-----w- c:\program files\Microsoft WSE
2010-02-09 16:57 . 2008-11-02 13:50 -------- d-----w- c:\program files\MSBuild
2010-02-09 16:55 . 2010-02-09 16:55 -------- d-----w- c:\program files\Reference Assemblies
2010-01-02 13:37 . 2010-01-02 13:37 2321172 ----a-w- c:\program files\HEXelonMAX_install_kalkulacka.exe
2008-11-09 17:32 . 2008-11-09 17:32 14566424 ----a-w- c:\program files\vlc-0.9.4-win32.exe
2008-10-10 20:22 . 2008-10-10 20:22 305672 ----a-w- c:\program files\dxwebsetup.exe
2008-07-10 15:44 . 2008-07-10 15:44 14111464 ----a-w- c:\program files\install_atlas_icq6.exe
2008-02-02 21:38 . 2008-02-02 21:38 2733928 ----a-w- c:\program files\ccsetup204_vycisti registry.exe
2008-01-07 13:42 . 2008-01-07 13:42 5903928 ----a-w- c:\program files\picasa--setup...Sprava fotografii.exe
2007-11-30 18:59 . 2007-11-30 18:59 15180000 ----a-w- c:\program files\gimp-2.4.2-i686-setup.exe
2007-11-30 11:37 . 2007-11-30 11:37 18262521 ----a-w- c:\program files\MediaCoder-0.6.0.3920.exe
2007-11-30 11:29 . 2007-11-30 11:29 3400821 ----a-w- c:\program files\acala3gpmovies.exe
2007-11-30 11:21 . 2007-11-30 11:21 2049244 ----a-w- c:\program files\qip8040.exe
2007-11-13 13:02 . 2007-11-13 13:02 72234688 ----a-w- c:\program files\163.75_forceware_winxp_32bit_international_whql.exe
2007-10-26 16:36 . 2007-10-26 16:36 17788920 ----a-w- c:\program files\antivir_workstation_win7u_en_h.exe
2007-08-02 08:39 . 2007-08-02 08:39 15991392 ----a-w- c:\program files\Java Sun 1.5.0._internetove_bankovnictvi_jre-1_5_0_02-windows-i586-p.exe
2007-07-07 11:00 . 2007-07-07 10:51 22260056 ----a-w- c:\program files\WMP3_E_audio_editor.exe
2007-07-05 09:30 . 2007-07-05 09:30 21671816 ----a-w- c:\program files\Nokia_PC_Suite_683_rel_14_1_cze_web.exe
2007-07-02 20:26 . 2007-07-02 20:26 5827472 ----a-w- c:\program files\Firefox Setup 2.0.0.7.exe
2006-09-26 06:14 . 2006-12-04 18:02 39195076 ----a-w- c:\program files\WinDVD7.exe
2006-06-07 20:49 . 2006-06-07 20:48 1466776 ----a-w- c:\program files\daemon400.exe
2006-05-31 06:57 . 2006-05-31 06:57 22814048 ----a-w- c:\program files\AdbeRdr705_cze_full.exe
2006-05-30 13:48 . 2006-05-30 13:48 2467063 ----a-w- c:\program files\PCAlert4_MB.zip
2006-05-30 13:44 . 2006-05-30 13:44 695730 ----a-w- c:\program files\sview_b10.exe
2006-05-30 13:43 . 2006-05-30 13:43 282279 ----a-w- c:\program files\nxsensor.zip
2006-05-29 17:30 . 2006-05-29 17:30 10181505 ----a-w- c:\program files\nentczst-nod 32.exe
2006-05-29 17:22 . 2006-05-29 17:22 6086104 ----a-w- c:\program files\winamp522_full.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-03-28_14.49.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-03 20:59 . 2004-08-03 20:59 95360 c:\windows\system32\dllcache\atapi.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"SoundMan"="SOUNDMAN.EXE" [2004-08-30 69632]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2004-08-25 192512]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-15 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Kodak EasyShare software.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Kodak software updater.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^PC Alert 4.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-06-18 13:10 271360 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=3 (0x3)
"NOD32krn"=2 (0x2)
"wscsvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Total commander\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\THQ\\MotoGP URT 3\\motogp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2516:UDP"= 2516:UDP:Windows Media Format SDK (iexplore.exe)
"2517:UDP"= 2517:UDP:Windows Media Format SDK (iexplore.exe)
"2518:UDP"= 2518:UDP:Windows Media Format SDK (iexplore.exe)

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [8.6.2006 19:37 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [8.6.2006 19:37 5248]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15.11.2009 10:13 108289]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [30.5.2006 15:43 2208]
S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\UIVATE~1\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys --> c:\docume~1\UIVATE~1\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.6.2006 22:44 664064]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-299502267-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-03-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-299502267-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
DPF: {CE40C3F1-3DF5-4461-A521-810923235628} - hxxp://www.joj.sk/fileadmin/joj_player/JOJ_Explorer_Player.cab
FF - ProfilePath - c:\documents and settings\uživatel pc\Data aplikací\Mozilla\Firefox\Profiles\gzxw015u.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-31 18:26
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8966F798]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cfc3
\Driver\ACPI -> ACPI.sys @ 0xba759cb8
\Driver\atapi -> 0x8966f798
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba5ccba0
PacketIndicateHandler -> NDIS.sys @ 0xba5d9b21
SendHandler -> NDIS.sys @ 0xba5b787b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3620)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\nvsvc32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-03-31 18:29:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-31 16:29
ComboFix2.txt 2010-03-28 14:51

Před spuštěním: 9 656 377 344
Po spuštění: 9 653 530 624

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe

- - End Of File - - 7DDA5E3BF9C80A36E25BE981CC62C91C

Tomy83 · #9 Příspěvek od **Tomy83** » 31 bře 2010 18:00

Tak má radost byla opravdu předčasná. Výše je nový log dle návodu. Jak jsem psal, PC nemá legální Windows, proto jsem neinstaloval vše potřebné. Děkuji za pomoc.

#10 Příspěvek od **Caroprd111** » 31 bře 2010 18:10

Odinstalujte všechny emulátory virtuálních mechanik.

Obrázek

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Obrázek

Start > Spustit (Win + R)

Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

Klikněte na OK

Vytvoří se log s názvem mbr.log, vložte ho sem.

Tohle otestujte na http://www.virustotal.com/cs/
c:\windows\system32\dllcache\atapi.sys

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

VIRY.CZ

Krásný den všem, prosím o pomoc s virem

Krásný den všem, prosím o pomoc s virem

Re: Krásný den všem, prosím o pomoc s virem

Re: Krásný den všem, prosím o pomoc s virem

Re: Krásný den všem, prosím o pomoc s virem

Re: Krásný den všem, prosím o pomoc s virem

Re: Krásný den všem, prosím o pomoc s virem

Re: Krásný den všem, prosím o pomoc s virem

Re: Krásný den všem, prosím o pomoc s virem

Re: Krásný den všem, prosím o pomoc s virem

Re: Krásný den všem, prosím o pomoc s virem