Prosim o pomoc s virovou nakazou flec006.exe ????

[Madhuradhipati]

Prosim o pomoc s virovou nakazou prestal mi fungovat nod32 a tehle mrzak mi prevzal vladu nad internetovym spojenim flec006.exe ???? Co mam delat?

[Reklama]

[Madhuradhipati]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:39:07, on 18.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Documents and Settings\Madhuradhipati das\Data aplikací\m\flec006.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -boot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-220523388-1532298954-839522115-1003\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Stáhnout Star Downloaderem - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: GEMINI IBS 32 GEMB Applet Security -
O16 - DPF: GEMINI IBS 32 GEMB Applet Utilities -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6334607546
O17 - HKLM\System\CCS\Services\Tcpip\..\{46F0A911-913A-45AF-9D96-577EF26F2345}: NameServer = 217.11.224.1,217.11.224.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 6673 bytes

[Baron Prášil]

vítej na fóru PC-HELP
no tak mrzáčka zabijeme

ukonči ho v taskmanageru flec006.exe

stáhni si killbox
rozbal,spust a do okýnka zkopíruj tučné
C:\Documents and Settings\Madhuradhipati das\Data aplikací\m\flec006.exe
zaškrtni Delete on Reboot a klikni na křížek.stroj pude do restartu

po restartu pošli novej log z hijackthis

[Madhuradhipati]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:09:08, on 19.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Documents and Settings\Madhuradhipati das\Data aplikací\m\flec006.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spy Emergency 2005\SpyEmergency.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" -boot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Lupazal] C:\Program Files\LupaZal\LupaZal.exe 1
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\Spy Emergency 2005\SpyEmergency.exe"
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Stáhnout Star Downloaderem - C:\Program Files\Star Downloader\sdie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: GEMINI IBS 32 GEMB Applet Security - O16 - DPF: GEMINI IBS 32 GEMB Applet Utilities - O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6334607546
O17 - HKLM\System\CCS\Services\Tcpip\..\{46F0A911-913A-45AF-9D96-577EF26F2345}: NameServer = 217.11.224.1,217.11.224.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9312 bytes

[Madhuradhipati]

Ten bude nekde zasitej

[Baron Prášil]

hmmm
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Madhuradhipati]

ComboFix 08-01-18.5 - Madhuradhipati das 2008-01-19 7:18:33.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.227 [GMT 1:00]
Running from: C:\Download\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\exefld
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\mp3codec32win.dll
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\uppim.dll
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\srosa


((((((((((((((((((((((((( Files Created from 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))
.

2008-01-19 07:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-19 01:46 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-19 01:46 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-19 01:46 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-19 01:46 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-19 01:46 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-19 01:46 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-19 01:46 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-19 01:46 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-19 01:13 . 2008-01-19 01:13 190,612 --a------ C:\Pass2.cmd
2008-01-19 00:29 . 2008-01-19 00:29 56 --a------ C:\WINDOWS\system32\drivers\hldrrr.exe
2008-01-18 23:32 . 2008-01-18 23:32 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-18 12:31 . 2008-01-18 12:31 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-01-18 12:31 . 2008-01-18 12:31 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-01-18 12:31 . 2008-01-18 12:31 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-01-18 12:31 . 2008-01-18 12:31 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-01-18 12:31 . 2008-01-18 12:31 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-01-18 12:31 . 2008-01-18 12:31 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-01-18 01:31 . 2006-03-02 13:00 147,968 --a------ C:\WINDOWS\R.COM
2008-01-18 01:31 . 2006-03-02 13:00 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-01-18 01:31 . 2008-01-18 11:45 26 --a------ C:\WINDOWS\Lic.xxx
2008-01-18 01:18 . 2008-01-18 01:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-18 00:53 . 2008-01-19 01:24 10,624 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-01-18 00:49 . 2008-01-19 01:36 <DIR> d-------- C:\Program Files\PrevxCSI
2008-01-17 23:25 . 2008-01-19 01:13 2,396 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-17 22:18 . 2008-01-17 22:18 <DIR> d-------- C:\Program Files\Greatis
2008-01-17 22:18 . 2003-09-06 15:55 57,556 --a------ C:\WINDOWS\guard.bmp
2008-01-17 18:57 . 2008-01-19 06:58 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2008-01-17 15:02 . 2008-01-19 07:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-17 15:02 . 2008-01-19 07:32 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-15 14:31 . 2008-01-15 15:15 <DIR> d-------- C:\Program Files\Mp3Doctor
2008-01-15 13:06 . 2007-10-09 17:04 513,152 --a------ C:\WINDOWS\system32\drivers\SndTDriverV32.sys
2008-01-15 13:06 . 2007-10-09 12:52 2,688 --a------ C:\WINDOWS\system32\drivers\MovRVDrv32.sys
2008-01-14 18:40 . 2008-01-14 21:06 282 --a------ C:\Save.dsa
2008-01-08 16:01 . 2008-01-08 16:03 <DIR> d-------- C:\Program Files\eMule+Ultra
2008-01-08 12:07 . 2008-01-08 12:07 <DIR> d-------- C:\WINDOWS\PIF
2008-01-08 11:27 . 2008-01-08 11:43 <DIR> d-------- C:\Program Files\download-boosters
2008-01-08 11:19 . 2008-01-08 11:19 167,936 --a------ C:\WINDOWS\system32\ltfil14n.DLL
2008-01-08 11:14 . 2008-01-08 11:13 495,616 --a------ C:\WINDOWS\system32\ltkrn14n.dll
2008-01-08 10:55 . 2008-01-08 10:55 299,008 --a------ C:\WINDOWS\system32\LTDIS14n.dll
2008-01-08 10:38 . 2008-01-08 10:38 26,000 --a------ C:\WINDOWS\system32\E3TL.DLL
2008-01-07 19:10 . 2008-01-07 19:29 <DIR> d-------- C:\FaceShop
2007-12-29 20:46 . 2007-12-29 21:17 <DIR> d-------- C:\Program Files\CrossFnt
2007-12-29 20:46 . 2007-12-29 21:15 2,919 --a------ C:\WINDOWS\CrossFnt.ini
2007-12-29 20:02 . 2007-12-29 20:03 113,808 --a------ C:\WINDOWS\ATMREG.ATM
2007-12-29 20:01 . 2007-12-29 20:03 <DIR> d-------- C:\Program Files\Adobe Type Manager
2007-12-29 20:01 . 2000-05-24 15:20 15,360 --a------ C:\WINDOWS\system32\ATMsrvc.exe
2007-12-29 15:44 . 2007-12-29 15:53 <DIR> d-------- C:\Program Files\MSECACHE
2007-12-29 15:26 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-29 15:26 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-29 15:26 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-29 15:26 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-29 15:26 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-29 15:26 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-28 17:45 . 2007-12-28 17:45 <DIR> d-------- C:\Program Files\Program Files
2007-12-27 17:15 . 2007-12-27 17:15 <DIR> d-------- C:\Setup Files
2007-12-25 22:45 . 2007-12-25 22:45 <DIR> d-------- C:\Program Files\Alien Skin
2007-12-23 22:11 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-12-23 22:08 . 2007-12-23 22:08 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-23 22:07 . 2007-12-23 22:07 <DIR> d-------- C:\Program Files\MSBuild
2007-12-23 22:05 . 2007-12-23 22:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-23 22:02 . 2007-12-23 22:02 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-23 21:59 . 2007-12-23 21:59 <DIR> d-------- C:\MSOCache
2007-12-21 13:17 . 2000-05-24 15:02 298,496 --a------ C:\WINDOWS\unin0416.exe
2007-12-19 14:48 . 2007-12-19 14:48 <DIR> d-------- C:\WINDOWS\Corel
2007-12-19 14:48 . 2007-12-19 14:48 232 --a------ C:\WINDOWS\PowerReg.dat
2007-12-19 12:25 . 2007-12-19 12:25 16,566 --a------ C:\WINDOWS\IrfanView_Wallpaper.bmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 22:12 --------- d-----w C:\Program Files\Spy Emergency 2005
2008-01-17 10:27 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-14 19:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 19:20 --------- d-----w C:\Program Files\onOne Software
2008-01-07 13:08 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-29 19:55 --------- d-----w C:\Program Files\QuickTime
2007-12-29 18:03 --------- d-----w C:\Program Files\Likno Drop-Down Menu Trees
2007-12-29 18:01 --------- d-----w C:\Program Files\Bradbury
2007-12-20 13:30 --------- d-----w C:\Program Files\MP4Tool
2007-12-13 12:07 --------- d-----w C:\Program Files\Macromedia
2007-11-27 12:05 --------- d-----w C:\Program Files\Common Files\Control Panels
2007-11-26 14:56 --------- d-----w C:\Program Files\Bonjour
2007-11-23 14:36 --------- d-----w C:\Program Files\Visioneer OneTouch
2007-11-23 14:33 --------- d-----w C:\Program Files\ScanSoft
2007-11-23 14:33 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2007-11-23 13:20 --------- d-----w C:\Program Files\Common Files\Vbox
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mule_st_key"="C:\Documents and Settings\Madhuradhipati das\Data aplikací\m\flec006.exe" [ ]
"german.exe"="C:\WINDOWS\system32\wintems.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"SpyEmergency"="C:\Program Files\Spy Emergency 2005\SpyEmergency.exe" [2007-12-06 08:35 2046520]
"Regrun2"="C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe" [ ]
"PPWebCap"="C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2001-08-10 10:50 40960]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PrevxCSI"="C:\Program Files\PrevxCSI\prevxcsi.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 20:42 77824 C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 11:52 40960]
"RegRun WinBait"="C:\WINDOWS\winbait.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-08 10:32 77824]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10 271360]
"OneTouch Monitor"="C:\PROGRA~1\VISION~1\ONETOU~2.EXE" [2001-10-30 07:09 86016]
"Matrox Powerdesk"="C:\WINDOWS\system32\PDesk\PDesk.exe" [2001-09-21 17:35 622592]
"Lupazal"="C:\Program Files\LupaZal\LupaZal.exe" [ ]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 00:24 620152]
"@RegRunOnSecure"="C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-19 07:31 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SpyEmrgSrv"=2 (0x2)
"SoundMovieServer"=3 (0x3)

R3 G550DH;G550DH;C:\WINDOWS\system32\DRIVERS\g550dhm.sys [2001-09-28 19:13]
R3 MovRVDrv32;MovRVDrv32;C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2007-10-09 12:52]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 13:00]
R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-10-09 17:04]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S1 SpyEmrg;Spy Emergency Driver;C:\WINDOWS\system32\Drivers\spyemrg.sys []
S3 cg;cg;C:\Documents and Settings\Madhuradhipati das\Dokumenty\Muralidhar\pretakt to is in\cg.sys [2004-12-06 10:31]
S3 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-01-19 01:24]
S3 UtilNT;UtilNT;C:\WINDOWS\system32\drivers\UtilNT.sys [2000-04-18 00:32]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 07:36:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-19 7:43:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-19 06:43:30
.
2007-11-29 14:48:58 --- E O F ---

[Madhuradhipati]

Smazal jsem co se dalo kdyz jsem nainstaloval Avast tak se restartoval pocitac a po restartu scanoval a jeste neco nasel. Ale kdyz chci spustit avast po nabehnuti tak hlasi neni platna aplikace typu win32

[Baron Prášil]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\Process.exe
C:\Documents and Settings\Madhuradhipati das\Data aplikací\m\flec006.exe
C:\WINDOWS\system32\wintems.exe

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

určitě odinstaluj Spyemergency 2005 a nainstaluj
Spyware Terminator nebo Spybot S&D

[Madhuradhipati]

Jo tak snad uz je to v pohode nechal jsem si najit nakazu timhle programem PREVXCSIFREE.EXE a pak jsem to zlikvidoval vsechno killboxem. Nakonec jeste neco nasel online scan od ESETu a to jsem take killboxnul pak sel uz normalne nainstalovat a spustit Avast a ten proscenoval celej Komp vse je v pohode.

Diky moc Barone Prasile

[Madhuradhipati]

Jo ten Spyemergency 2005 nejde odinstalovat on neni v programech a ani nema uninstal ??

[Baron Prášil]

prosím,prosím,prosím-ten combofix není pro srandu-všechno je to šmejd non plus ultra

tak to udělej jak sem psal. a pošli ještě log z něho a ještě jeden hijackthis.

Spy Emergency-koukni do jeho složky v prog.files jestli tam neni uninstall,kdyžtak ho smažeš natvrdo.