Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

prosim o pomoc..problem s virem

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
tepan
Návštěvník
Návštěvník
Příspěvky: 232
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

prosim o pomoc..problem s virem

#1 Příspěvek od tepan »

dobry den mam problem s virem,se kterym si awast nevi rady.muzete mi prosim pomoci.

prikladam rsit:

Logfile of random's system information tool 1.06 (written by random/random)
Run by tepan at 2010-02-06 12:43:59
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 1 GB (10%) free of 12 GB
Total RAM: 1023 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:31, on 6.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe
C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\IpSharkk\IpSharkk.exe
C:\Documents and Settings\tepan\Data aplikací\windows_update.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\tepan\Data aplikací\svchost.exe
C:\Program Files\TuneUp Utilities 2009\OneClick.exe
C:\Program Files\TuneUp Utilities 2009\RegistryCleaner.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\tepan\LOCALS~1\Temp\csrss.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
D:\Stazeno z dc\Z netu\RSIT.exe
C:\Program Files\trend micro\HijackThis\tepan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" /min
O4 - HKLM\..\Run: [Windows Live installer 123] C:\WINDOWS\system32\drivers\drivers.exe
O4 - HKLM\..\Run: [windows live update] C:\WINDOWS\system32\drivers\svchosts.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [IpSharkk] "C:\Program Files\IpSharkk\IpSharkk.exe" /auto
O4 - HKCU\..\Run: [MSN] C:\Documents and Settings\tepan\Data aplikací\svchost.exe
O4 - HKCU\..\Run: [windows live update] C:\WINDOWS\system32\drivers\svchosts.exe
O4 - HKCU\..\Run: [csrss] C:\Documents and Settings\tepan\Data aplikací\csrss.exe 1000
O4 - HKCU\..\Run: [Windows Live installer 1214] C:\WINDOWS\system32\drivers\drivers.exe
O4 - HKLM\..\Policies\Explorer\Run: [Windows Live Update 434] C:\WINDOWS\system32\drivers\drivers.exe
O4 - HKLM\..\Policies\Explorer\Run: [windows live update121] C:\WINDOWS\system32\drivers\svchosts.exe
O4 - HKCU\..\Policies\Explorer\Run: [windows live update121] C:\WINDOWS\system32\drivers\svchosts.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Live Update 434] C:\WINDOWS\system32\drivers\drivers.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5463707078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6061926015
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ADDC832-6756-4EB9-A6DF-068620BB9809}: NameServer = 1.1.1.1,1.1.1.17
O17 - HKLM\System\CS3\Services\Tcpip\..\{4ADDC832-6756-4EB9-A6DF-068620BB9809}: NameServer = 1.1.1.1,1.1.1.17
O17 - HKLM\System\CS4\Services\Tcpip\..\{4ADDC832-6756-4EB9-A6DF-068620BB9809}: NameServer = 1.1.1.1,1.1.1.17
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 10514 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Úklid 1 kliknutím.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-10-24 90112]
"P17Helper"=Rundll32 P17.dll,P17Helper []
"CTSysVol"=C:\Program Files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe [2005-10-31 57344]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-12-02 2221352]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-11-06 570664]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-11-11 198160]
"FlashGet"=C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe [2008-08-19 1795656]
"Windows Live installer 123"=C:\WINDOWS\system32\drivers\drivers.exe [2010-02-05 301056]
"windows live update"=C:\WINDOWS\system32\drivers\svchosts.exe [2010-02-06 301568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Windows Live Update 434"=C:\WINDOWS\system32\drivers\drivers.exe [2010-02-05 301056]
"windows live update121"=C:\WINDOWS\system32\drivers\svchosts.exe [2010-02-06 301568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SetDefaultMIDI"=C:\WINDOWS\MIDIDef.exe [2002-12-03 49152]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"IpSharkk"=C:\Program Files\IpSharkk\IpSharkk.exe [2008-09-11 716800]
"MSN"=C:\Documents and Settings\tepan\Data aplikací\svchost.exe [2010-02-05 76800]
"windows live update"=C:\WINDOWS\system32\drivers\svchosts.exe [2010-02-06 301568]
"csrss"=C:\Documents and Settings\tepan\Data aplikací\csrss.exe [2010-02-06 11776]
"Windows Live installer 1214"=C:\WINDOWS\system32\drivers\drivers.exe [2010-02-05 301056]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"windows live update121"=C:\WINDOWS\system32\drivers\svchosts.exe [2010-02-06 301568]
"Windows Live Update 434"=C:\WINDOWS\system32\drivers\drivers.exe [2010-02-05 301056]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Strong dc\StrongDC.exe"="C:\Program Files\Strong dc\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\ICQ\Icq.exe"="C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\IpSharkk\IpSharkk.exe"="C:\Program Files\IpSharkk\IpSharkk.exe:*:Enabled:IpSharkk"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13d7f424-f472-11de-9fbf-0018f3677774}]
shell\AutoRun\command - J:\AutoTransfer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa58f76a-8d73-11de-a98a-0018f3677774}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9171f68-bffd-11de-aa61-0018f3677774}]
shell\AutoRun\command - H:\autoverify.exe


======List of files/folders created in the last 1 months======

2010-02-06 03:03:35 ----A---- C:\Documents and Settings\tepan\Data aplikací\csrss.exe
2010-02-05 14:22:52 ----H---- C:\Documents and Settings\tepan\Data aplikací\Window_s_updater.exe
2010-02-05 01:00:30 ----A---- C:\Documents and Settings\tepan\Data aplikací\windows_update.exe
2010-02-04 23:29:30 ----H---- C:\WINDOWS\system32\Windows_updater.exe
2010-02-04 02:26:08 ----D---- C:\TTDX
2010-02-03 23:34:42 ----H---- C:\Documents and Settings\tepan\Data aplikací\winliveupd.exe
2010-02-03 23:34:33 ----A---- C:\Documents and Settings\tepan\Data aplikací\boob.exe
2010-02-03 23:07:29 ----D---- C:\Program Files\Total Video Converter 3.12
2010-02-03 22:51:10 ----RSH---- C:\Documents and Settings\tepan\Data aplikací\svchost.exe
2010-02-03 22:51:09 ----H---- C:\WINDOWS\WLU.exe
2010-02-03 22:48:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\QuickMediaConverter
2010-02-03 22:48:03 ----D---- C:\Documents and Settings\tepan\Data aplikací\CocoonSoftware
2010-02-03 22:47:45 ----D---- C:\Program Files\QuickMediaConverter
2010-02-03 14:40:33 ----D---- C:\Program Files\Aiseesoft Studio
2010-01-31 16:07:27 ----D---- C:\Program Files\IpSharkk
2010-01-31 14:11:14 ----D---- C:\MPS
2010-01-31 12:18:28 ----D---- C:\Program Files\Common Files\DivX Shared
2010-01-27 11:17:55 ----D---- C:\Program Files\Total Video Converter
2010-01-21 15:17:18 ----D---- C:\Program Files\DreamCom
2010-01-13 22:26:37 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-12 19:38:01 ----A---- C:\WINDOWS\imsins.BAK
2010-01-12 19:37:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

======List of files/folders modified in the last 1 months======

2010-02-06 12:44:16 ----D---- C:\Documents and Settings\tepan\Data aplikací\BITS
2010-02-06 12:42:47 ----D---- C:\WINDOWS\Prefetch
2010-02-06 12:41:49 ----A---- C:\WINDOWS\wincmd.ini
2010-02-06 12:28:00 ----D---- C:\Program Files\Mozilla Firefox
2010-02-06 12:05:10 ----D---- C:\WINDOWS\system32\drivers
2010-02-06 12:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-06 08:47:33 ----D---- C:\WINDOWS\temp
2010-02-06 01:19:51 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-05 15:36:52 ----D---- C:\Documents and Settings\tepan\Data aplikací\ICQ
2010-02-05 13:17:04 ----D---- C:\Documents and Settings\tepan\Data aplikací\vlc
2010-02-04 23:29:30 ----D---- C:\WINDOWS\system32
2010-02-04 02:15:00 ----D---- C:\Documents and Settings\tepan\Data aplikací\dvdcss
2010-02-03 23:07:29 ----AD---- C:\Program Files
2010-02-03 22:51:09 ----D---- C:\WINDOWS
2010-02-03 16:22:31 ----SHD---- C:\WINDOWS\Installer
2010-02-03 16:22:29 ----RD---- C:\Program Files\Skype
2010-02-03 16:01:16 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-31 14:50:04 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2010-01-31 14:50:04 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2010-01-31 14:48:12 ----D---- C:\Program Files\Webteh
2010-01-31 14:47:28 ----D---- C:\Documents and Settings\tepan\Data aplikací\BSplayer
2010-01-31 14:19:17 ----D---- C:\Program Files\StormWare
2010-01-31 14:17:53 ----D---- C:\Program Files\Alcohol Soft
2010-01-31 12:18:46 ----D---- C:\WINDOWS\WinSxS
2010-01-31 12:18:28 ----D---- C:\Program Files\Common Files
2010-01-29 09:48:00 ----D---- C:\Program Files\Common Files\STORMWARE Shared
2010-01-29 09:45:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-29 09:44:55 ----D---- C:\WINDOWS\inf
2010-01-27 11:18:03 ----RSD---- C:\WINDOWS\Fonts
2010-01-26 08:28:17 ----DC---- C:\WINDOWS\system32\dllcache
2010-01-26 08:28:12 ----D---- C:\Program Files\Internet Explorer
2010-01-26 08:28:00 ----D---- C:\WINDOWS\ie8updates
2010-01-26 08:27:31 ----D---- C:\WINDOWS\$hf_mig$
2010-01-22 20:55:44 ----D---- C:\Documents and Settings\tepan\Data aplikací\uTorrent
2010-01-22 07:09:10 ----D---- C:\Documents and Settings\tepan\Data aplikací\Free Download Manager
2010-01-20 12:21:40 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-17 08:38:19 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-17 08:38:15 ----D---- C:\Program Files\The KMPlayer
2010-01-13 22:24:31 ----D---- C:\WINDOWS\Debug
2010-01-13 22:24:02 ----D---- C:\Documents and Settings\tepan\Data aplikací\Skype
2010-01-13 22:20:34 ----D---- C:\Documents and Settings\tepan\Data aplikací\skypePM
2010-01-12 19:39:11 ----D---- C:\WINDOWS\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 anf0100.sys;anf0100.sys; \??\C:\WINDOWS\system32\drivers\anf0100.sys []
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2005-04-05 100096]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 AIRPLUS;D-Link AirPlus Wireless Adapter; C:\WINDOWS\system32\DRIVERS\airplus.sys [2003-06-05 155776]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-12-28 1135104]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-10-26 3786944]
S3 auoyoy2z;auoyoy2z; C:\WINDOWS\system32\drivers\auoyoy2z.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-04 241664]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-04-29 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-11-30 20543]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-12-02 877864]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2005-04-29 131136]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-04-29 57412]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-01 66872]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-10-23 603904]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
R2 UTSCSI;Usbest Service Zero; C:\WINDOWS\system32\UTSCSI.EXE [2009-10-23 45568]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-10-23 360192]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-12-12 537896]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
dekuji
Nahoru
Tom8sh16
Návštěvník
Návštěvník
Příspěvky: 260
Registrován: 12 dub 2009 09:43

Re: prosim o pomoc..problem s virem

#2 Příspěvek od Tom8sh16 »

Dobré odpoledne :)

Stahněte MBAM, nainstalujte, dejte Úplný sken. Ještě před zahájením skenu program aktualizujte.

NIC NEMAŽTE :!: (MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu)

Log potom pošlete sem.
RSIT | OTMoveIt3 | Avenger | RootRepeal | GMER | AVPTool | CCleaner | T-Cleaner | ATF Cleaner | Win XP Manager | SVI
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
:!: Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému :!:
Nahoru
tepan
Návštěvník
Návštěvník
Příspěvky: 232
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: prosim o pomoc..problem s virem

#3 Příspěvek od tepan »

tak tady je ten log

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3729
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12.2.2010 10:47:34
mbam-log-2010-02-12 (10-47-20).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|F:\|)
Zkontrolované objekty: 213630
Uplynulý čas: 2 hour(s), 12 minute(s), 29 second(s)

Infikované procesy v paměti: 2
Infikované moduly v paměti: 0
Infikované klíče registru: 18
Infikované hodnoty registru: 5
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 8

Infikované procesy v paměti:
C:\Documents and Settings\tepan\Data aplikací\csrss.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\tepan\Data aplikací\svchost.exe (Trojan.Delf) -> No action taken.

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5c0-4fcb-11cf-aax5-00401c608512} (Generic.Bot.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6rgy181e-8dn8-44d2-7k17-5038e1470846} (Generic.Bot.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{vhmd682l-8071-06e5-jt1s-h13ae34wvfgt} (Generic.Bot.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{08b0e5c0-4fcb-11cf-aax5-00401c608512} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msn (Trojan.Delf) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\csrss (Trojan.Agent) -> No action taken.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\WINDOWS\system32\drivers\svchosts.exe (Generic.Bot.H) -> No action taken.
C:\WINDOWS\system32\drivers\drivers.exe (Generic.Bot.H) -> No action taken.
F:\Documents and Settings\Mr Zdenek\My Documents\Filmy\Dinosaur-021216_1935 (D)\DivXPro502GAINBundle.exe (Adware.Gain) -> No action taken.
C:\Documents and Settings\tepan\Local Settings\temp\UuU.uUu (Malware.Trace) -> No action taken.
C:\Documents and Settings\tepan\Local Settings\temp\XxX.xXx (Malware.Trace) -> No action taken.
C:\Documents and Settings\tepan\Data aplikací\csrss.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\tepan\Data aplikací\svchost.exe (Trojan.Delf) -> No action taken.
C:\Documents and Settings\tepan\Local Settings\temp\csrss.exe (Trojan.Agent) -> No action taken.
Nahoru
Tom8sh16
Návštěvník
Návštěvník
Příspěvky: 260
Registrován: 12 dub 2009 09:43

Re: prosim o pomoc..problem s virem

#4 Příspěvek od Tom8sh16 »

OK, klikněte na Odstranit vše.

Pak sem pošlete log z ComboFix.

Stáhněte na plochu ComboFix.
▪ Před použitím ComboFixu je doporučeno vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
▪ Po spuštění potvrďte podmínky užití.
▪ Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujících se oken.
▪ Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem.
▪ ComboFix je třeba spustit pod účtem s právy administrátora.
RSIT | OTMoveIt3 | Avenger | RootRepeal | GMER | AVPTool | CCleaner | T-Cleaner | ATF Cleaner | Win XP Manager | SVI
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
:!: Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému :!:
Nahoru
tepan
Návštěvník
Návštěvník
Příspěvky: 232
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: prosim o pomoc..problem s virem

#5 Příspěvek od tepan »

ComboFix 10-02-12.01 - tepan 13.02.2010 16:50:22.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.609 [GMT 1:00]
Spuštěný z: d:\stazeno z dc\Z netu\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100213-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\tepan\blaabxxxababaa2.exe
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\btcore.dll
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4b15efda.torrent
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4b15f71d.torrent
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4b15f7d7.torrent
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4b15fa2a.torrent
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4b592662.torrent
c:\program files\FlashGet Network\FlashGet universal\btwrap.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.exe
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhocfg.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\ComDlls.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi
c:\program files\FlashGet Network\FlashGet universal\ComDlls\FlashgetXpi.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt
c:\program files\FlashGet Network\FlashGet universal\dbghelp.dll
c:\program files\FlashGet Network\FlashGet universal\DBTrans.dll
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\DBTransC.exe
c:\program files\FlashGet Network\FlashGet universal\ed2kwrap.dll
c:\program files\FlashGet Network\FlashGet universal\explorerbar.dll
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\FGVer.dll
c:\program files\FlashGet Network\FlashGet universal\flashget.exe
c:\program files\FlashGet Network\FlashGet universal\gt.exe
c:\program files\FlashGet Network\FlashGet universal\hashgen.dll
c:\program files\FlashGet Network\FlashGet universal\Help\license.txt
c:\program files\FlashGet Network\FlashGet universal\Help\Readme.txt
c:\program files\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBatchLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBTTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Added.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddEMTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddHpFpLink.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlgEx.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksModern.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BrowserPlugins.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BTOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CategoryView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ComfirmWhenExitDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CommonDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ConfirmInvalidLinks.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ContextMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DefaultDownloadsDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DeleteFilesDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DetailStatus.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMServers.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExplorerPane.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExtensionRuleDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FG2SearchTopPlugin.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileRemovedDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FindTaskDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashgetAbout.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashGetDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FSUStatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageLoginDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HotResource.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HpFpOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\LogsOutput.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MACReader.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MonitorOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NormalOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NotifyOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Option.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\P4PPluginMain.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ProxySetting.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SearchBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Security.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityScan.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Shutdown.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\StatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskDefOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskListView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskNotify.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\UserListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\XpEnhance.ini
c:\program files\FlashGet Network\FlashGet universal\libupnp.dll
c:\program files\FlashGet Network\FlashGet universal\LiveUpdateUI.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\ComHelper.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Downstat.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\P4pclient.dll
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\SearchTop.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SECURITY.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.xml
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SamplerCli.dll
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SnapShot.dll
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\tasknotifier.dll
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCore.dll
c:\program files\FlashGet Network\FlashGet universal\p2pprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2snetio.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p2sprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2spwrap.dll
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\Skins\close_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify.wav
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_board.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\storage.dll
c:\program files\FlashGet Network\FlashGet universal\SysOpt.exe
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\program files\FlashGet Network\FlashGet universal\uninst.exe
c:\program files\FlashGet Network\FlashGet universal\zlib.dll
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\regedit.com
c:\windows\system32\Data
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-13 do 2010-02-13 )))))))))))))))))))))))))))))))
.

2010-02-12 07:29 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-12 07:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-05 13:25 . 2010-02-05 13:25 301056 ----a-w- c:\documents and settings\tepan\boooooooo.exe
2010-02-05 13:22 . 2010-02-05 13:22 301056 ----a-w- c:\documents and settings\tepan\dritt.exe
2010-02-04 22:29 . 2010-02-05 13:34 76800 ---h--w- c:\windows\system32\Windows_updater.exe
2010-02-04 01:26 . 2010-02-04 04:49 -------- d-----w- C:\TTDX
2010-02-03 22:07 . 2010-02-03 22:07 -------- d-----w- c:\program files\Total Video Converter 3.12
2010-02-03 21:47 . 2010-02-03 21:48 -------- d-----w- c:\program files\QuickMediaConverter
2010-02-03 13:40 . 2010-02-03 14:57 -------- d-----w- c:\program files\Aiseesoft Studio
2010-01-31 15:07 . 2007-10-03 15:21 9728 ----a-w- c:\windows\system32\drivers\anf0100.sys
2010-01-31 15:07 . 2010-01-31 15:08 -------- d-----w- c:\program files\IpSharkk
2010-01-31 13:11 . 2010-01-31 13:11 -------- d-----w- C:\MPS
2010-01-31 11:18 . 2010-01-31 11:18 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-27 10:17 . 2010-02-03 15:00 -------- d-----w- c:\program files\Total Video Converter
2010-01-21 14:17 . 2010-01-21 14:37 -------- d-----w- c:\program files\DreamCom

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 15:54 . 2008-12-29 00:36 -------- d-----w- c:\program files\ICQ6.5
2010-02-13 15:38 . 2010-02-13 15:38 390144 ----a-w- c:\windows\system32\CF359.exe
2010-02-13 15:37 . 2010-02-13 15:38 390144 ----a-w- c:\windows\system32\CF183.exe
2010-02-13 14:25 . 2010-02-13 14:26 390144 ----a-w- c:\windows\system32\CF18830.exe
2010-02-12 07:29 . 2008-12-27 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-03 15:22 . 2008-07-14 14:05 -------- d-----r- c:\program files\Skype
2010-02-03 15:01 . 2008-07-05 14:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-31 13:50 . 2009-11-07 11:31 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-31 13:50 . 2009-11-07 11:31 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-31 13:48 . 2008-07-18 07:11 -------- d-----w- c:\program files\Webteh
2010-01-31 13:19 . 2009-12-29 20:46 -------- d-----w- c:\program files\StormWare
2010-01-31 13:17 . 2008-09-29 15:17 -------- d-----w- c:\program files\Alcohol Soft
2010-01-29 08:48 . 2009-12-29 20:46 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2010-01-20 11:21 . 2009-11-28 12:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 07:38 . 2009-11-30 01:54 -------- d-----w- c:\program files\The KMPlayer
2009-12-26 12:29 . 2009-11-01 16:04 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-26 12:29 . 2009-11-01 16:04 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-23 23:31 . 2009-10-23 16:39 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-12-21 19:08 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-09 19:26 . 2001-10-25 14:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 19:26 . 2001-10-25 14:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-12-06 18:48 . 2009-12-06 18:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-24 23:54 . 2008-07-06 13:56 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-07-06 13:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-07-06 13:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-07-06 19:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-07-06 19:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-07-06 13:56 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-07-06 13:56 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-07-06 13:56 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-07-06 13:56 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-11-23 06:13 . 2008-11-23 06:08 3391 ----a-w- c:\program files\Trefik_Nast.ini
2008-11-23 06:09 . 2008-11-23 06:08 731 ----a-w- c:\program files\hint.htm
2008-11-23 06:08 . 2008-11-23 06:08 14140 ----a-w- c:\program files\hints.txt
2008-11-23 06:08 . 2008-11-23 06:08 0 ----a-w- c:\program files\Trefik_Nast1.ini
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 49152]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"IpSharkk"="c:\program files\IpSharkk\IpSharkk.exe" [2008-09-11 716800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"P17Helper"="P17.dll" [2007-12-28 65536]
"CTSysVol"="c:\program files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-06 570664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-11 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2009-10-12 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Strong dc\\StrongDC.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\IpSharkk\\IpSharkk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [28.6.2009 16:29 5248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28.6.2009 5:06 64160]
R1 anf0100.sys;anf0100.sys;c:\windows\system32\drivers\anf0100.sys [31.1.2010 16:07 9728]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6.7.2008 20:50 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.7.2008 20:50 20560]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [28.6.2009 16:29 160640]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.7.2008 18:27 691696]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - uphcleanhlp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5DD29C79-0A94-FBDA-DA30-B2BCFF5BB0AD}]
2010-02-05 13:34 76800 ---h--w- c:\windows\system32\Windows_updater.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-02-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2010-02-13 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
TCP: {4ADDC832-6756-4EB9-A6DF-068620BB9809} = 1.1.1.1,1.1.1.17
FF - ProfilePath - c:\documents and settings\tepan\Data aplikací\Mozilla\Firefox\Profiles\oufdh9bz.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-windows live update - c:\windows\system32\drivers\svchosts.exe
HKCU-Run-Windows Live installer 1214 - c:\windows\system32\drivers\drivers.exe
HKLM-Run-FlashGet - c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe
HKLM-Run-Windows Live installer 123 - c:\windows\system32\drivers\drivers.exe
HKLM-Run-windows live update - c:\windows\system32\drivers\svchosts.exe
HKLM-Explorer_Run-Windows Live Update 434 - c:\windows\system32\drivers\drivers.exe
HKLM-Explorer_Run-windows live update121 - c:\windows\system32\drivers\svchosts.exe
HKCU-Explorer_Run-windows live update121 - c:\windows\system32\drivers\svchosts.exe
HKCU-Explorer_Run-Windows Live Update 434 - c:\windows\system32\drivers\drivers.exe
AddRemove-FlashGet 2.0 - c:\program files\FlashGet Network\FlashGet universal\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 16:54
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2000478354-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5CBAED1B-D2D1-17D4-AB0D-A79783D6DD99}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2a77bdb2-e018-4db8-8fe0-ed264f01e8b8}]
@Denied: (Full) (Everyone)
"Model"=dword:00000132
"Therad"=dword:00000008

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3d,1b,b7,09,42,d9,34,7c,c9,bb,05,ba,24,be,b0,31,43,47,33,c3,2d,
ac,e7,7c,c0,6f,d5,00,be,bc,79,2e,62,77,ba,61,e1,c8,8d,55,00,00,00,00,00,00,\
.
Celkový čas: 2010-02-13 16:56:56
ComboFix-quarantined-files.txt 2010-02-13 15:56

Před spuštěním: 1 098 493 952
Po spuštění: 1 044 078 592

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 6FAF5A62E1FC695416EC6F250E1393CA
Nahoru
Tom8sh16
Návštěvník
Návštěvník
Příspěvky: 260
Registrován: 12 dub 2009 09:43

Re: prosim o pomoc..problem s virem

#6 Příspěvek od Tom8sh16 »

Tyto soubory:
c:\program files\IpSharkk\IpSharkk.exe
c:\windows\system32\Windows_updater.exe
c:\documents and settings\tepan\boooooooo.exe
c:\documents and settings\tepan\dritt.exe
otestujte na virustotal.com a vložte sem pouze odkazy (linky) k výsledkům.
Pokud se u nějakého souboru zobrazí, že už dříve byl testován, klikněte na tlačítko Otestovat soubor znovu.

(Poznámka: pokud by nějaké soubory nebyly k nalezení, přesvědčte se, zda máte zapnuté zobrazování skrytých souborů a složek, pokud ne, tak Nabídka Start -> Ovládací panely -> Možnosti složky -> Zobrazení -> Zobrazovat skryté soubory a složky -> OK)
RSIT | OTMoveIt3 | Avenger | RootRepeal | GMER | AVPTool | CCleaner | T-Cleaner | ATF Cleaner | Win XP Manager | SVI
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
:!: Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému :!:
Nahoru
tepan
Návštěvník
Návštěvník
Příspěvky: 232
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: prosim o pomoc..problem s virem

#7 Příspěvek od tepan »

http://www.virustotal.com/cs/analisis/b ... 1266088445

http://www.virustotal.com/cs/analisis/2 ... 1266088941

http://www.virustotal.com/cs/analisis/2 ... 1266089055

omlouvam se,ale takovyto soubor c:\windows\system32\Windows_updater.exe jsem nenasel a to ani ve vyhledavaci
Nahoru
Tom8sh16
Návštěvník
Návštěvník
Příspěvky: 260
Registrován: 12 dub 2009 09:43

Re: prosim o pomoc..problem s virem

#8 Příspěvek od Tom8sh16 »

Otevřete poznámkový blok, tam vložte tohle:

Kód: Vybrat vše

@echo off
echo. >> %temp%\find.log
echo. >> %temp%\find.log
for %%a in (
Windows_updater.exe
) do (
echo. "%%~a": >> %temp%\find.log && dir /b/s/a-d "%localdisk%\%%~a" >> %temp%\find.log && echo. >> %temp%\find.log 
)
start %temp%\find.log

exit
Soubor uložte jako Script.bat (nutno přepsat příponu z .txt na .bat), a soubor otevřete (2x klik levým tl. myši na soubor), chvilku počkejte, vyskočí find.txt, jehož obsah pošlete sem.
RSIT | OTMoveIt3 | Avenger | RootRepeal | GMER | AVPTool | CCleaner | T-Cleaner | ATF Cleaner | Win XP Manager | SVI
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
:!: Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému :!:
Nahoru
tepan
Návštěvník
Návštěvník
Příspěvky: 232
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: prosim o pomoc..problem s virem

#9 Příspěvek od tepan »

"Windows_updater.exe":
C:\WINDOWS\system32\Windows_updater.exe

a chtel bych jeste dodat,ze ted uz se nejaky den pocitac nechce nekdy ani vypnout.Jen "natvrdo".takze v poradku urcite neni..ty odkazy co jsem sem dal,mam nektere z tech souboru smazat?
Nahoru
Tom8sh16
Návštěvník
Návštěvník
Příspěvky: 260
Registrován: 12 dub 2009 09:43

Re: prosim o pomoc..problem s virem

#10 Příspěvek od Tom8sh16 »

Prozatím ne, k tomu se dostaneme.

Otestujte na virustotal.com tento soubor:
C:\WINDOWS\system32\Windows_updater.exe

Musíte ovšem povolit zobrazování skrytých a systémových souborů. Soubor tam je :)
RSIT | OTMoveIt3 | Avenger | RootRepeal | GMER | AVPTool | CCleaner | T-Cleaner | ATF Cleaner | Win XP Manager | SVI
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
:!: Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému :!:
Nahoru
tepan
Návštěvník
Návštěvník
Příspěvky: 232
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: prosim o pomoc..problem s virem

#11 Příspěvek od tepan »

http://www.virustotal.com/cs/analisis/5 ... 1266178013
Nahoru
Tom8sh16
Návštěvník
Návštěvník
Příspěvky: 260
Registrován: 12 dub 2009 09:43

Re: prosim o pomoc..problem s virem

#12 Příspěvek od Tom8sh16 »

Přesuňte Combofix na plochu (pokud tam již není)

:!: K následujícímu úkonu je potřeba, abyste měl/a administrátorská práva :!:

Otevřete poznámkový blok (Notepad) a zkopírujte do něj následující text:

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\Windows_updater.exe
c:\documents and settings\tepan\boooooooo.exe
c:\documents and settings\tepan\dritt.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5DD29C79-0A94-FBDA-DA30-B2BCFF5BB0AD}]
RegNull::
[HKEY_USERS\S-1-5-21-2000478354-776561741-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5CBAED1B-D2D1-17D4-AB0D-A79783D6DD99}*]
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2a77bdb2-e018-4db8-8fe0-ed264f01e8b8}]
Soubor uložte na plochu jako CFScript.txt a podle obrázku přetáhněte nad ComboFix:
Obrázek
spustí se ComboFix a vykoná příkaz ze skriptu - potom pošlete nový log
RSIT | OTMoveIt3 | Avenger | RootRepeal | GMER | AVPTool | CCleaner | T-Cleaner | ATF Cleaner | Win XP Manager | SVI
-------------------------------------------------------------------------------------------
Neexperimentujte, pokud si s něčím nevíte rady -> ptejte se!
Pokud chcete pomoci s PC, dělejte jen to, co napíšu a nedělejte nic dopředu!
Před odvirováním počítače si udělejte zálohu důležitých dat! | >>Podpořte viry.cz<<
:!: Nepoužívejte ComboFix bez vyzvání, při nesprávné manipulaci může dojít k poškození nebo zničení systému :!:
Nahoru
tepan
Návštěvník
Návštěvník
Příspěvky: 232
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: prosim o pomoc..problem s virem

#13 Příspěvek od tepan »

omlouvan se ,ale neivm,co si mam predsstavit pod pojmem "Administrovska prava",a jak pod nemi pracovat
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: prosim o pomoc..problem s virem

#14 Příspěvek od motji »

Omluva za vstup

Pokud máte na počítači víc uživatelských učtů, tak by jste měl být pod tím, který může dělat vše - tedy ne pod učtem s omezenými právy.
Pokud máte jen jeden uživatelský učet, tak ten by měl mít administrátorská práva :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
tepan
Návštěvník
Návštěvník
Příspěvky: 232
Registrován: 22 pro 2006 21:11
Bydliště: Sumperk

Re: prosim o pomoc..problem s virem

#15 Příspěvek od tepan »

ComboFix 10-02-12.01 - tepan 16.02.2010 17:16:08.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.552 [GMT 1:00]
Spuštěný z: d:\stazeno z dc\Z netu\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\tepan\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100216-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: NVIDIA Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

FILE ::
"c:\documents and settings\tepan\boooooooo.exe"
"c:\documents and settings\tepan\dritt.exe"
"c:\windows\system32\Windows_updater.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\tepan\boooooooo.exe
c:\documents and settings\tepan\dritt.exe
c:\windows\system32\Windows_updater.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-16 do 2010-02-16 )))))))))))))))))))))))))))))))
.

2010-02-13 23:10 . 2010-02-13 23:11 254 ----a-w- c:\documents and settings\tepan\script.bat
2010-02-13 15:38 . 2010-02-13 15:38 390144 ----a-w- c:\windows\system32\CF359.exe
2010-02-13 15:38 . 2010-02-13 15:37 390144 ----a-w- c:\windows\system32\CF183.exe
2010-02-13 14:26 . 2010-02-13 14:25 390144 ----a-w- c:\windows\system32\CF18830.exe
2010-02-12 07:29 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-12 07:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 01:26 . 2010-02-04 04:49 -------- d-----w- C:\TTDX
2010-02-03 22:07 . 2010-02-03 22:07 -------- d-----w- c:\program files\Total Video Converter 3.12
2010-02-03 21:47 . 2010-02-03 21:48 -------- d-----w- c:\program files\QuickMediaConverter
2010-02-03 13:40 . 2010-02-03 14:57 -------- d-----w- c:\program files\Aiseesoft Studio
2010-01-31 15:07 . 2007-10-03 15:21 9728 ----a-w- c:\windows\system32\drivers\anf0100.sys
2010-01-31 15:07 . 2010-01-31 15:08 -------- d-----w- c:\program files\IpSharkk
2010-01-31 13:11 . 2010-01-31 13:11 -------- d-----w- C:\MPS
2010-01-31 11:18 . 2010-01-31 11:18 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-27 10:17 . 2010-02-03 15:00 -------- d-----w- c:\program files\Total Video Converter
2010-01-21 14:17 . 2010-01-21 14:37 -------- d-----w- c:\program files\DreamCom

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 15:54 . 2008-12-29 00:36 -------- d-----w- c:\program files\ICQ6.5
2010-02-12 07:29 . 2008-12-27 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-03 15:22 . 2008-07-14 14:05 -------- d-----r- c:\program files\Skype
2010-02-03 15:01 . 2008-07-05 14:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-31 13:50 . 2009-11-07 11:31 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-31 13:50 . 2009-11-07 11:31 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-31 13:48 . 2008-07-18 07:11 -------- d-----w- c:\program files\Webteh
2010-01-31 13:19 . 2009-12-29 20:46 -------- d-----w- c:\program files\StormWare
2010-01-31 13:17 . 2008-09-29 15:17 -------- d-----w- c:\program files\Alcohol Soft
2010-01-29 08:48 . 2009-12-29 20:46 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2010-01-20 11:21 . 2009-11-28 12:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 07:38 . 2009-11-30 01:54 -------- d-----w- c:\program files\The KMPlayer
2009-12-31 16:50 . 2004-08-03 21:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-26 12:29 . 2009-11-01 16:04 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-26 12:29 . 2009-11-01 16:04 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-23 23:31 . 2009-10-23 16:39 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-12-21 19:08 . 2004-08-17 13:49 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-07-05 14:24 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 19:26 . 2001-10-25 14:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-12-09 19:26 . 2001-10-25 14:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-12-06 18:48 . 2009-12-06 18:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-04 18:22 . 2004-08-03 21:15 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-17 13:49 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 14:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2004-08-17 13:49 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 13:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-24 23:54 . 2008-07-06 13:56 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-07-06 13:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-07-06 13:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-07-06 19:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-07-06 19:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-07-06 13:56 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-07-06 13:56 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-07-06 13:56 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-07-06 13:56 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-11-21 16:03 . 2004-08-17 13:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-11-23 06:13 . 2008-11-23 06:08 3391 ----a-w- c:\program files\Trefik_Nast.ini
2008-11-23 06:09 . 2008-11-23 06:08 731 ----a-w- c:\program files\hint.htm
2008-11-23 06:08 . 2008-11-23 06:08 14140 ----a-w- c:\program files\hints.txt
2008-11-23 06:08 . 2008-11-23 06:08 0 ----a-w- c:\program files\Trefik_Nast1.ini
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 49152]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"IpSharkk"="c:\program files\IpSharkk\IpSharkk.exe" [2008-09-11 716800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"P17Helper"="P17.dll" [2007-12-28 65536]
"CTSysVol"="c:\program files\Creative\SB5.1 VX\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-11-06 570664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-11 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2009-10-12 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Strong dc\\StrongDC.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\IpSharkk\\IpSharkk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [28.6.2009 16:29 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [28.6.2009 16:29 5248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28.6.2009 5:06 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.7.2008 18:27 691696]
R1 anf0100.sys;anf0100.sys;c:\windows\system32\drivers\anf0100.sys [31.1.2010 16:07 9728]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6.7.2008 20:50 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.7.2008 20:50 20560]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - uphcleanhlp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-02-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2010-02-16 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
TCP: {4ADDC832-6756-4EB9-A6DF-068620BB9809} = 1.1.1.1,1.1.1.17
FF - ProfilePath - c:\documents and settings\tepan\Data aplikací\Mozilla\Firefox\Profiles\oufdh9bz.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 17:22
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spau.sys >>UNKNOWN [0x86B91938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf730bcb8
\Driver\atapi -> atapi.sys @ 0xf72a0b40
IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a05a9
ParseProcedure -> TUKERNEL.EXE @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805a05a9
ParseProcedure -> TUKERNEL.EXE @ 0x8056ea15
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf717fbb0
PacketIndicateHandler -> NDIS.sys @ 0xf716ea0d
SendHandler -> NDIS.sys @ 0xf7182b40
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):3d,1b,b7,09,42,d9,34,7c,c9,bb,05,ba,24,be,b0,31,43,47,33,c3,2d,
ac,e7,7c,c0,6f,d5,00,be,bc,79,2e,62,77,ba,61,e1,c8,8d,55,00,00,00,00,00,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1964)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\ATKKBService.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\Rundll32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\TUProgSt.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\UTSCSI.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-02-16 17:27:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-16 16:27
ComboFix2.txt 2010-02-13 15:56

Před spuštěním: 1 000 878 080
Po spuštění: 950 296 576

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 4D4E0DF57EC1B4F4BFF60E16E3C9EDBC
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“