Rezidentna ochrana AVASTu mi hlasi v skoro kazdom exe vir

Rezidentna ochrana AVASTu mi hlasi v skoro kazdom exe vir
Prosim co mam robit? Mam stiahnut combofix a dat sem log? Vcera som odvirovala komp kamosovi a dnes mam vir asi ja. Prosim pomozte

Skôr to prejdi s MWAV. Ak je to naozaj vírus, combofix nepomôže.

Presla som to kombofix-om lpozri to pls :
ComboFix 09-03-06.02 - Administrator 2009-03-08 18:22:57.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.1527.918 [GMT 1:00]
Spuštěný z: g:\i-download\ComboFix.exe
AV: avast! antivirus 4.7.1098 [VPS 090307-0] *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\inst.exe
c:\windows\regedit.com
c:\windows\system32\m2
c:\windows\system32\o1
c:\windows\system32\taskmgr.com
c:\windows\system32\v4
c:\windows\system32\x64

. . . je infikován!!

. . . je infikován!!

. . . je infikován!!

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Legacy_R_SERVER
-------\Service_ISODrive
-------\Service_r_server


((((((((((((((((((((((((( Soubory vytvořené od 2009-02-08 do 2009-03-08 )))))))))))))))))))))))))))))))
.

2009-03-08 17:40 . 2009-03-02 04:46 <DIR> d-------- C:\32788R22FWJFW.0.tmp
2009-03-07 20:12 . 2009-03-07 20:12 <DIR> d-------- c:\program files\TeamViewer
2009-03-07 20:12 . 2009-03-07 20:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\TeamViewer
2009-03-07 20:11 . 2009-03-07 20:11 <DIR> d-------- c:\documents and settings\Administrator\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 18:01 22,536 ----a-w c:\windows\system32\drivers\pxscan.sys
2009-01-16 20:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
2009-01-05 12:04 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 11:57 333,184 ------w c:\windows\system32\dllcache\srv.sys
2008-04-15 22:26 40,368 ----a-w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-02-03 08:46 47,360 ----a-w c:\documents and settings\Administrator\Application Data\pcouffin.sys
2007-03-25 19:26 284 ----a-w c:\documents and settings\Administrator\Application Data\ViewerApp.dat
2007-01-22 16:10 87,608 ----a-w c:\documents and settings\Administrator\Application Data\ezpinst.exe
2007-01-05 10:15 73 ----a-w c:\program files\Common Files\appop.log
.

------- Sigcheck -------

2007-06-13 12:23 1050624 73446152605d4df1d829fa87095d0019 c:\windows\explorer.exe
2007-06-13 13:26 1050624 7924c6df6c7102749330d22a206e462d c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 12:23 1050624 73446152605d4df1d829fa87095d0019 c:\windows\system32\dllcache\explorer.exe
2004-08-04 04:00 1049600 4a0a5925474d39c05749d62a01acf9c8 c:\windows\$NtUninstallKB938828$\explorer.exe

2004-08-04 04:00 32768 55149c8acdd55828f8910c7f232f6aad c:\windows\system32\ctfmon.exe

2005-06-11 01:17 75264 98e01fe2fb37b51ff6e88e040d0576e3 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 04:00 75264 d44476de92a416610b3be0f0d67dce3c c:\windows\system32\spoolsv.exe
2004-08-04 04:00 75264 d44476de92a416610b3be0f0d67dce3c c:\windows\$NtUninstallKB896423$\spoolsv.exe

2004-08-04 04:00 41984 373ce258dd438089778bb82a7972b965 c:\windows\system32\userinit.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AWMON"="c:\program files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [2005-05-25 539648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 32768]
"QIP2005"="c:\program files\QIP\qip.exe" [2008-12-09 3276800]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [ ]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 163840]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 546304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 151552]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 184320]
"PrevxOne"="c:\program files\Prevx1\PXConsole.exe" [2007-01-12 1523712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 33280]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 499712]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-03-03 72240]
"VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2008-03-03 55856]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.MJPX"= Pvmjpg21.dll
"VIDC.PIMJ"= pvljpg20.dll
"VIDC.PVW2"= PVWV220.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.divxa32"= msaud32_divx.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Persistence"=c:\windows\system32\igfxpers.exe
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"PinnacleDriverCheck"=c:\windows\system32\PSDrvCheck.exe -CheckReg
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Vypress Chat\\VyChat.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"g:\\I-Download\\RapidShare Plus.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XIIc\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business XIIc\\RpcSandraSrv.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Radmin\\radmin.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2007-01-03 26112]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-02-01 22536]
R1 PrevxTdi;PREVX Tdi filter;c:\windows\system32\drivers\pxtdi.sys [2007-12-03 18560]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-03-14 40928]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-03-14 27776]
R2 CSIScanner;CSIScanner;c:\program files\PrevxCSI\PrevxCSI.exe [2007-12-03 4150840]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-12-01 170640]
R2 SBFSHOOK;SBFSHOOK;c:\windows\system32\drivers\sbfshook.sys [2007-01-05 8320]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-01-14 21632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-12-01 15504]
R3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\pfc027.sys [2005-04-08 162176]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2004-08-04 69120]
S3 actvcomm;actvcomm;c:\windows\system32\drivers\actvcomm.sys [2004-04-28 78848]
S3 ncvhook;ncvhook;c:\windows\system32\drivers\ncvhook.sys [2008-06-22 3200]
S3 PrevxEmulator;PREVX Emulator Driver;c:\windows\system32\drivers\PxEmu.sys [2007-12-03 100864]
S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);c:\windows\system32\drivers\SE30bus.sys [2007-03-16 61600]
S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;c:\windows\system32\drivers\SE30mdfl.sys [2007-03-16 9360]
S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;c:\windows\system32\drivers\SE30mdm.sys [2007-03-16 97184]
S3 SE30mgmt;Sony Ericsson Device 048 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE30mgmt.sys [2007-03-16 88688]
S3 se30nd5;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (NDIS);c:\windows\system32\drivers\se30nd5.sys [2007-03-16 18704]
S3 SE30obex;Sony Ericsson Device 048 USB WMC OBEX Interface;c:\windows\system32\drivers\SE30obex.sys [2007-03-16 86560]
S3 se30unic;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (WDM);c:\windows\system32\drivers\se30unic.sys [2007-03-16 90800]
S3 siusbmod;siusbmod;c:\windows\system32\drivers\siusbmod.sys [2004-05-07 26624]
S3 SPAInfoDrv;SPAInfoDrv;c:\progra~1\MOBILE~1\bin\SPAInfoDrv.sys [2004-05-05 4736]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2bf248b-2fb4-11dd-bae7-005056c00008}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\b5700x drive]
c:\windows\cnssr.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-01-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-05-20 18:17]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.brnet.sk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uInternet Connection Wizard,ShellNext = iexplore
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fvn5budu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.brnet.sk/
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\TV JOJ Media Player\np_JOJ_netscape_player.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 18:30:17
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,d2,b8,25,ab,24,
45,b3,46,c8,28,51,af,b0,29,a3,98,2f,d5,4e,2b,9f,58,af,d8,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,36,90,2c,2c,05,
b5,1a,bf,71,3b,04,66,8b,46,0d,96,14,73,0d,5d,cc,f7,e6,04,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,f6,54,25,7a,a9,
da,8a,9c,25,da,ec,7e,55,20,c9,26,18,a8,48,a9,cf,1a,4d,78,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,78,31,b1,66,9f,
07,97,f3,3e,1e,9e,e0,57,5a,93,61,c6,a3,60,ab,97,7c,17,fe,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,1d,30,b1,28,07,
c4,01,bd,cd,44,cd,b9,a6,33,6c,cd,f1,8f,5b,35,a7,4e,d1,0f,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,d4,00,16,8a,13,
30,32,92,b0,18,ed,a7,3f,8d,37,a4,5e,f9,af,fd,d3,a7,47,a5,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,13,04,31,4b,d6,
c6,ff,c5,31,77,e1,ba,b1,f8,68,02,b9,0d,75,13,cc,f6,38,2a,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,9f,2e,ea,94,16,
d9,e9,b2,83,6c,56,8b,a0,85,96,ab,58,7d,5a,cd,33,72,7f,18,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,c8,9a,b7,b5,89,
c7,ec,f9,51,fa,6e,91,28,9e,14,cc,f1,9b,9f,e2,50,cd,72,d5,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,00,5c,59,99,35,
98,7a,0e,b1,cd,45,5a,a8,c4,f8,b9,66,66,9d,35,f3,90,67,15,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,f6,7e,36,c7,53,
30,1a,f4,e3,0e,66,d5,eb,bc,2f,6b,5a,41,13,41,ef,41,46,49,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,d0,ca,8a,23,23,
67,74,32,fa,ea,66,7f,d4,3b,6b,70,2c,a7,3f,8d,1a,bf,c3,c6,6c,43,2d,1e,aa,22,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton Ghost12\Agent\VProSvc.exe
c:\program files\Prevx1\PXAgent.exe
c:\program files\Photodex\ProShowGold31\ScsiAccess.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Skype\Plugin Manager\SkypePM.exe
.
**************************************************************************
.
Celkový čas: 2009-03-08 18:36:49 - počítač byl restartován [Administrator]
ComboFix-quarantined-files.txt 2009-03-08 17:36:42

Před spuštěním: 11,905,470,464 bytes free
Po spuštění: 11,982,897,152 bytes free

287 --- E O F --- 2009-02-28 21:59:00

Mam to prebehnut tym MVAV-om?

Spusti skript

A preco by akoze nepomohol a MWAV ano?????. Ak tam je fileinfector tak nepomoze uz nic... iba format
Okrem toho co napisal brano sprav toto ( Combofix a skript spustaj z plochy):

Ja to vidim skorej na fileinfector.

Mandy otestuj tieto subory na www.virustotal.com a vysledky daj sem.

C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe

Stale mi spusta rezidentna ochrana vela suborov, ze ma tento virus :
Win32:JunkPoly [Cryp]

Neviem ci ten skryp vobec spusti

nemozem ani tuknut na zrusenie okna o hlaske infikovaneho suboru, lebo naskoci hned dalsia hlaska o dalsom infik subore a stale dokola

Otestuj najprv tie subory.

sVCHOST :

Soubor již byl testován:
MD5: 8f078ae4ed187aaabc0a305146de6716
Poprvé zaslán: 2007.06.16 16:53:55 (CET)
Datum: 2009.03.08 17:19:21 (CET) [<1D]
Výsledky: 0/39
Stálý odkaz: analisis/78436174399000665c120cf318f2

VINLOGON:

Soubor již byl testován:
MD5: 01c3346c241652f43aed8e2149881bfe
Poprvé zaslán: 2007.03.19 21:16:43 (CET)
Datum: 2009.03.08 15:39:04 (CET) [<1D]
Výsledky: 0/39
Stálý odkaz: analisis/c4cf2da292f3d290108b68d3ed82671b

services.exe:

Soubor již byl testován:
MD5: c6ce6eec82f187615d1002bb3bb50ed4
Poprvé zaslán: 2006.07.10 20:42:18 (CET)
Datum: 2009.03.06 15:22:44 (CET) [>2D]
Výsledky: 0/39
Stálý odkaz: analisis/6a5e2df37bbf38c4c6fa8c1428323079

lsass:

Soubor již byl testován:
MD5: 84885f9b82f4d55c6146ebf6065d75d2
Poprvé zaslán: 2008.04.17 04:43:33 (CET)
Datum: 2009.03.08 18:08:53 (CET) [<1D]
Výsledky: 0/39
Stálý odkaz: analisis/f30fbad2393eba6149f169cb5a85a074

a co teraz??

mam spustit trn script co pisal br4n0, prosim radte

Combofix je "anti-trojan", MWAV je aj anti-vírus, preto som sa chcel uistiť, či Avast neblázni. Ak je to file infector (a zrejme je), stále je tu šanca to zachrániť s Avira antivir rescue system (http://www.secit.sk/content/návody?q=content/pouzitie-livecd)

prosim porad, co mam robit
zatial stahujem oba iso subory, len sa bojim ci sa mi to podari napalit - ci sa mi nenainfikuje nero alebo tak,,

Navrhujem uvedený avira alebo dr.web. Je možné, že sa nevyhneš min opravnej inštalácii, ak budú odstránené systémové súbory.

ty uz si to robil? ktory mam radsej vyskusat?

Ešte podstatná vec. Tie súbory si dala znova otestovať alebo si zvolila výsledky predošlého testu? V prvom prípade by to znamenalo, že nie sú infikované a teda nejde o file infector.
Ja som takto úspešne odstránil Virut, ale je možné, že niektoré súbory nebudú môcť byť vyliečené a bude ich treba vymazať.

nornalne som ich vyhladala na mojom hdd a dala otestovat, takze asi nie vysledky predosleho testu - tie oba CD som uz uspesne napalila.. mam troska obavu sa do toho pustit

mas este nejake rady co pred tym urobit? prosim ta velmi pekne o dalsie rady.. bud este chvilu tu.. neviem ci budem vediet obnovit nejake systemove subory ak bude treba - to bude asi zrejme treba cez boot CD win xp - recovery consolu?

vie mi tu este niekto poradit?

Ak budu zmazane systemove subory tak ich bude treba s CD s Winom Repairovat system.

Boli to zakerne viry (TR/crypt.U.gen, W32/Virut.gen, Win32 Junk Poly crypt) - nic nepomohlo - jedine obnovenie systemu zo zalohy sice rok starej ale ajtak - acronisom

No ano. Virut je efektivny fileinfector a je len mala sanca sa ho zbavit bez format / obnovenia zalohy ... Ak ste zalohovali nejake exe subory tak ich poriadne preskenujte pretym ako ich spustite. Istota je istota

To je jasne, ta zaloha je v pohode - kedze som tu zalohu (celu particiu-komplet) urobila pred rokom - ked som mala komp cisty... No budem musiet robit zalohu castejsie. Usetrilo mi to kopec casu ako keby som mala preinstalovavat win a vsetky potrebne prog. znova, takto som stravila cas akurat update-mi winu a pod.

Ahojte ak sa možem pridať do bebaty ja už mám tiež skúsenosti

chytil som vírus : avast to rozpoznal ako win32:junkpoly(cryp) ,win32:vitro
nakazil mi vsetky exe súbory ktoré som mal na 2 hdd 500GB.
skusal som vsetky možne programy a nasiel som jeden ktory pomohol.

stiahol som DR.WEB cureit dal som komp do safe modu a začal som scan
a liečenie po 7 hodinovej kontrole som mal zistené 24584 nak. súborov , tento program ich dokázal vyliečiť ... stalo to zato zachranil som vsetky subory na hdd.

DR.web ten vírus rozpoznal ako win32: Virut 56
Teraz uz komp funguje

Myslim ze to nepomoze u kazdeho. Mozes hovorit o stasti ak to je naozaj pravda