spouštění security tool jako následek napadejí troyanem Vyřešeno

[jaro3]

Jo bude to nadlouho , několik hodin...
pořád se to tam objevuje, budeme pokračovat zítra.

Poté:
Znovu OTM s tímto:

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
c:\documents and settings\All Users\Data aplikacˇ\*.vbs
c:\documents and settings\All Users\Data aplikacˇ\*.bat
c:\documents and settings\All Users\Data aplikacˇ\*.inf
c:\documents and settings\All Users\Data aplikacˇ\*.exe
c:\documents and settings\All Users\Data aplikacˇ\*.zip
c:\documents and settings\All Users\Data aplikacˇ\*.txt
c:\documents and settings\All Users\Data aplikacˇ\*.sys
c:\documents and settings\All Users\Data aplikacˇ\*.dll
c:\documents and settings\All Users\Data aplikacˇ\*.ini
c:\documents and settings\All Users\Data aplikacˇ\*.msi

c:\documents and settings\Danielka\Data aplikacˇ\*.bat
c:\documents and settings\Danielka\Data aplikacˇ\*.vbs
c:\documents and settings\Danielka\Data aplikacˇ\*.inf
c:\documents and settings\Danielka\Data aplikacˇ\*.exe
c:\documents and settings\Danielka\Data aplikacˇ\*.zip
c:\documents and settings\Danielka\Data aplikacˇ\*.txt
c:\documents and settings\Danielka\Data aplikacˇ\*.sys
c:\documents and settings\Danielka\Data aplikacˇ\*.ini
c:\documents and settings\Danielka\Data aplikacˇ\*.msi
c:\documents and settings\Danielka\Data aplikacˇ\*.dll

c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.bat
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.inf
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.vbs
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.exe
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.zip
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.txt
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.sys
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.ini
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.msi
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.dll

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Zase log z něj .

Pak CFScript:

Kód: Vybrat vše

DirLook::
c:\documents and settings\All Users\Data aplikacˇ
c:\documents and settings\Danielka\Data aplikacˇ
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ


[Reklama]

[jaja55]

Prosímtě, ten log virusu removal je hrozně dlouhej, našlo to 3 trojany, ktery jsem následně smazal


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder c:\documents and settings\All Users\Data aplikacˇ\*.vbs not found.
File/Folder c:\documents and settings\All Users\Data aplikacˇ\*.bat not found.
File/Folder c:\documents and settings\All Users\Data aplikacˇ\*.inf not found.
File/Folder c:\documents and settings\All Users\Data aplikacˇ\*.exe not found.
File/Folder c:\documents and settings\All Users\Data aplikacˇ\*.zip not found.
File/Folder c:\documents and settings\All Users\Data aplikacˇ\*.txt not found.
File/Folder c:\documents and settings\All Users\Data aplikacˇ\*.sys not found.
File/Folder c:\documents and settings\All Users\Data aplikacˇ\*.dll not found.
File/Folder c:\documents and settings\All Users\Data aplikacˇ\*.ini not found.
File/Folder c:\documents and settings\All Users\Data aplikacˇ\*.msi not found.
File/Folder c:\documents and settings\Danielka\Data aplikacˇ\*.bat not found.
File/Folder c:\documents and settings\Danielka\Data aplikacˇ\*.vbs not found.
File/Folder c:\documents and settings\Danielka\Data aplikacˇ\*.inf not found.
File/Folder c:\documents and settings\Danielka\Data aplikacˇ\*.exe not found.
File/Folder c:\documents and settings\Danielka\Data aplikacˇ\*.zip not found.
File/Folder c:\documents and settings\Danielka\Data aplikacˇ\*.txt not found.
File/Folder c:\documents and settings\Danielka\Data aplikacˇ\*.sys not found.
File/Folder c:\documents and settings\Danielka\Data aplikacˇ\*.ini not found.
File/Folder c:\documents and settings\Danielka\Data aplikacˇ\*.msi not found.
File/Folder c:\documents and settings\Danielka\Data aplikacˇ\*.dll not found.
File/Folder c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.bat not found.
File/Folder c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.inf not found.
File/Folder c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.vbs not found.
File/Folder c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.exe not found.
File/Folder c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.zip not found.
File/Folder c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.txt not found.
File/Folder c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.sys not found.
File/Folder c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.ini not found.
File/Folder c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.msi not found.
File/Folder c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\*.dll not found.
========== COMMANDS ==========
File delete failed. C:\WINDOWS\TEMP\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\Perflib_Perfdata_57c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\Perflib_Perfdata_7d8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF78C4.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF78E7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF79B0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF79BB.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\KQRDNQOA\ads[6].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\KQRDNQOA\viewtopic[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\HHW3WW5Q\ads[3].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_57c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7d8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF78C4.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF78E7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF79B0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF79BB.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF8CC.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DFFA14.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 10302009_073551

Files moved on Reboot...
File move failed. C:\WINDOWS\TEMP\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\TEMP\Perflib_Perfdata_57c.dat moved successfully.
File C:\WINDOWS\TEMP\Perflib_Perfdata_7d8.dat not found!
File C:\WINDOWS\TEMP\~DF78C4.tmp not found!
File C:\WINDOWS\TEMP\~DF78E7.tmp not found!
File C:\WINDOWS\TEMP\~DF79B0.tmp not found!
File C:\WINDOWS\TEMP\~DF79BB.tmp not found!
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\KQRDNQOA\ads[6].htm moved successfully.
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\KQRDNQOA\viewtopic[2].htm moved successfully.
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\HHW3WW5Q\ads[3].htm moved successfully.
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File C:\WINDOWS\temp\~DF8CC.tmp not found!
File C:\WINDOWS\temp\~DFFA14.tmp not found!

Registry entries deleted on Reboot...

[jaja55]

ComboFix 09-10-28.08 - Prdka 30.10.2009 7:46.13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.608 [GMT 1:00]
Spuštěný z: c:\documents and settings\Danielka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Danielka\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091029-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikacˇ\tiryzu.vbs
c:\documents and settings\All Users\Data aplikacˇ\urunoxi.vbs
c:\documents and settings\Danielka\Data aplikacˇ\gyza.bat
c:\documents and settings\Danielka\Data aplikacˇ\imir.bat
c:\documents and settings\Danielka\Data aplikacˇ\ohuhatyxo.vbs
c:\documents and settings\Danielka\Data aplikacˇ\otagudov.inf
c:\documents and settings\Danielka\Data aplikacˇ\vafyfad.vbs
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\edenuzijov.bat
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\kydepavag.inf
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\ycidolejy.bat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-28 do 2009-10-30 )))))))))))))))))))))))))))))))
.

2009-10-29 17:51 . 2009-10-29 21:29 944160 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-29 17:03 . 2009-10-29 17:03 -------- d-----w- c:\documents and settings\Danielka\DoctorWeb
2009-10-29 14:12 . 2009-10-29 14:12 -------- d-----w- c:\windows\Sun
2009-10-29 14:12 . 2009-10-29 14:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-29 14:12 . 2009-10-29 14:12 -------- d-----w- c:\program files\Java
2009-10-28 19:42 . 2009-10-28 19:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-28 16:51 . 2009-10-28 16:51 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-28 16:25 . 2009-10-28 16:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-28 16:24 . 2009-02-04 17:24 -------- d-----w- c:\documents and settings\Administrator\Bluetooth Software
2009-10-28 16:24 . 2009-02-08 21:26 -------- d-----r- c:\documents and settings\Administrator\Dokumenty
2009-10-28 16:24 . 2009-02-04 17:37 -------- d--h--r- c:\documents and settings\Administrator\Data aplikací
2009-10-28 16:23 . 2009-02-08 20:47 -------- d-----r- c:\documents and settings\Administrator\Oblíbené položky
2009-10-28 16:23 . 2009-02-04 17:29 -------- d-----w- c:\documents and settings\Administrator\Plocha
2009-10-28 16:23 . 2009-02-04 15:00 -------- d--h--w- c:\documents and settings\Administrator\Okolní tiskárny
2009-10-28 16:23 . 2009-02-04 15:00 -------- d--h--w- c:\documents and settings\Administrator\Okolní síť
2009-10-28 16:23 . 2009-02-04 15:00 -------- d-----r- c:\documents and settings\Administrator\Nabídka Start
2009-10-28 16:23 . 2009-02-04 14:06 -------- d--h--w- c:\documents and settings\Administrator\Šablony
2009-10-28 16:23 . 2009-10-28 16:51 -------- d-----w- c:\documents and settings\Administrator
2009-10-28 15:17 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 15:17 . 2009-10-28 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 15:17 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 15:09 . 2009-10-28 15:09 -------- d-----w- C:\_OTM
2009-10-28 15:04 . 2009-06-10 06:42 389632 ----a-w- C:\OTM.exe
2009-10-28 13:42 . 2009-10-28 13:42 -------- d-----w- c:\program files\Trend Micro
2009-10-28 13:21 . 2008-04-14 12:00 152576 -c--a-w- c:\windows\system32\dllcache\bnts.dll
2009-10-28 13:16 . 2009-10-28 13:16 -------- d-----w- c:\program files\NKProds
2009-10-28 13:08 . 2009-10-28 13:12 -------- d-----w- c:\program files\Cookie Killer
2009-10-28 10:47 . 2009-10-28 10:47 -------- d-----w- c:\program files\CCleaner
2009-10-28 10:35 . 2009-08-17 17:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-28 10:35 . 2009-08-17 17:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-28 10:34 . 2009-08-17 17:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-28 10:34 . 2009-08-17 17:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-28 10:34 . 2009-08-17 17:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-28 10:34 . 2009-08-17 17:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-28 10:34 . 2009-08-17 17:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-28 10:34 . 2009-08-17 17:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-28 10:34 . 2009-08-17 17:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-28 10:34 . 2009-10-28 10:34 -------- d-----w- c:\program files\Alwil Software
2009-10-27 20:48 . 2009-10-27 20:48 -------- d-----w- c:\program files\ESET
2009-10-27 16:28 . 2009-10-27 16:28 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 16:22 . 2009-10-27 19:54 -------- d-----w- c:\program files\Google
2009-10-23 12:47 . 2009-10-23 12:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-23 11:16 . 2009-10-28 10:16 -------- d-----w- c:\program files\Avast4
2009-10-10 18:19 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-10 18:19 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-10 18:19 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-10 18:19 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-10 18:19 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-03 17:16 . 2009-10-03 17:16 -------- d-----w- c:\windows\Hewlett-Packard

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 06:41 . 2009-10-29 17:27 529496 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-10-30 06:41 . 2009-02-04 14:53 83098 ----a-w- c:\windows\system32\perfc005.dat
2009-10-30 06:41 . 2009-02-04 14:53 438402 ----a-w- c:\windows\system32\perfh005.dat
2009-10-29 21:29 . 2009-10-29 17:51 12140 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-28 19:49 . 2009-04-25 23:20 -------- d-----w- c:\program files\Lavasoft
2009-10-28 19:41 . 2009-04-25 23:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-03 17:16 . 2009-05-05 17:47 -------- d-----w- c:\program files\HP
2009-09-11 14:19 . 2009-02-04 14:53 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2009-02-04 14:53 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:58 . 2009-02-04 14:53 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2009-02-04 14:53 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2009-02-04 14:07 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-02-04 14:07 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-02-04 14:07 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-02-04 14:07 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2009-02-04 14:53 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-02-04 14:07 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-02-04 14:07 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2009-02-04 14:53 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2008-04-14 08:06 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2008-04-14 08:06 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Data aplikacˇ ----


---- Directory of c:\documents and settings\Danielka\Data aplikacˇ ----


---- Directory of c:\documents and settings\Danielka\Local Settings\Data aplikacˇ ----



((((((((((((((((((((((((((((( SnapShot@2009-10-28_17.11.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-30 06:37 . 2009-10-30 06:37 16384 c:\windows\temp\Perflib_Perfdata_574.dat
+ 2009-10-29 13:21 . 2009-10-29 13:21 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-10-28 19:42 . 2009-10-28 19:42 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-10-28 19:42 . 2009-10-28 19:42 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-10-28 19:42 . 2009-10-28 19:42 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
- 2009-02-04 14:53 . 2009-10-28 17:01 441772 c:\windows\system32\perfh009.dat
+ 2009-02-04 14:53 . 2009-10-29 09:00 441772 c:\windows\system32\perfh009.dat
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-10-29 14:12 . 2009-10-29 14:12 149280 c:\windows\system32\javaws.exe
+ 2009-10-29 14:12 . 2009-10-29 14:12 145184 c:\windows\system32\javaw.exe
+ 2009-10-29 14:12 . 2009-10-29 14:12 145184 c:\windows\system32\java.exe
+ 2009-10-19 16:27 . 2009-10-19 16:27 401008 c:\windows\Downloaded Program Files\fslauncher.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-10-28 19:42 . 2009-10-28 19:42 1583616 c:\windows\Installer\5ed144.msi
+ 2009-10-29 14:12 . 2009-10-29 14:12 1757696 c:\windows\Installer\121672b.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-12 21898024]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-29 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-18 16855040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-2-4 376832]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.10.2009 11:34 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12.10.2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 21:24 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.10.2009 11:34 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4.2.2009 18:54 55136]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [4.2.2009 18:22 10752]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [4.2.2009 10:41 38400]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 21:24 7408]
S2 gupdate1ca5721be0c60e0;Google Update Service (gupdate1ca5721be0c60e0);c:\program files\Google\Update\GoogleUpdate.exe [27.10.2009 17:22 133104]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [27.4.2009 18:41 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [27.4.2009 18:41 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [27.4.2009 18:41 38784]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [8.12.2008 17:01 533344]
S3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [13.1.2009 12:31 25216]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-07-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Celkový čas: 2009-10-30 7:59
ComboFix-quarantined-files.txt 2009-10-30 06:58
ComboFix2.txt 2009-10-29 17:39
ComboFix3.txt 2009-10-29 15:04
ComboFix4.txt 2009-10-29 09:32
ComboFix5.txt 2009-10-30 06:44

Před spuštěním: Volných bajtů: 72 059 154 432
Po spuštění: Volných bajtů: 72 023 228 416

- - End Of File - - 0D11DA8DA00F7F9B63D7394BDC1ED9C2

[jaro3]

Restartuj PC.

Použij znovu OTM.

Kód: Vybrat vše

:Processes
explorer.exe
   
:Services

:Reg

:Files
c:\documents and settings\All Users\Data aplikacˇ\tiryzu.vbs
c:\documents and settings\All Users\Data aplikacˇ\urunoxi.vbs
c:\documents and settings\Danielka\Data aplikacˇ\gyza.bat
c:\documents and settings\Danielka\Data aplikacˇ\imir.bat
c:\documents and settings\Danielka\Data aplikacˇ\ohuhatyxo.vbs
c:\documents and settings\Danielka\Data aplikacˇ\otagudov.inf
c:\documents and settings\Danielka\Data aplikacˇ\vafyfad.vbs
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\edenuzijov.bat
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\kydepavag.inf
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\ycidolejy.bat

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Stejný postup, napiš , jak se chová PC.

[jaja55]

PC se chová standartně, žádný program se sám neinstaluje. Tady posílám OTM
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder c:\documents and settings\All Users\Data aplikacˇ\tiryzu.vbs not found.
File/Folder c:\documents and settings\All Users\Data aplikacˇ\urunoxi.vbs not found.
File/Folder c:\documents and settings\Danielka\Data aplikacˇ\gyza.bat not found.
File/Folder c:\documents and settings\Danielka\Data aplikacˇ\imir.bat not found.
File/Folder c:\documents and settings\Danielka\Data aplikacˇ\ohuhatyxo.vbs not found.
File/Folder c:\documents and settings\Danielka\Data aplikacˇ\otagudov.inf not found.
File/Folder c:\documents and settings\Danielka\Data aplikacˇ\vafyfad.vbs not found.
File/Folder c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\edenuzijov.bat not found.
File/Folder c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\kydepavag.inf not found.
File/Folder c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\ycidolejy.bat not found.
========== COMMANDS ==========
File delete failed. C:\WINDOWS\TEMP\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\Perflib_Perfdata_444.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\Perflib_Perfdata_568.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF7BFC.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF7C4E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF7E83.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF8100.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\A1LIBDRW\ads[5].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\A1LIBDRW\viewtopic[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\3ML8YDFY\ads[7].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_444.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_568.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF1F9D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF7BFC.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF7C4E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF7E83.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF8100.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DFF99C.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 10302009_091902

Files moved on Reboot...
File move failed. C:\WINDOWS\TEMP\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\TEMP\Perflib_Perfdata_444.dat not found!
C:\WINDOWS\TEMP\Perflib_Perfdata_568.dat moved successfully.
File C:\WINDOWS\TEMP\~DF7BFC.tmp not found!
File C:\WINDOWS\TEMP\~DF7C4E.tmp not found!
File C:\WINDOWS\TEMP\~DF7E83.tmp not found!
File C:\WINDOWS\TEMP\~DF8100.tmp not found!
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\A1LIBDRW\ads[5].htm moved successfully.
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\A1LIBDRW\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\3ML8YDFY\ads[7].htm moved successfully.
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File C:\WINDOWS\temp\~DF1F9D.tmp not found!
File C:\WINDOWS\temp\~DFF99C.tmp not found!

Registry entries deleted on Reboot...

[eBohous3Q]

Upozornuji sem uplny like!!! Mám ten samý problem sec. tools sem smazl ,ale obevil se tady dalsi problem a to je pokles vykonu grafiky (projevilo se to v jedene hre 100fps > 20fps), napriklad i kdyz roluju na internetu tak se to lehce kouse . Zkousel sem preinstalovat drivery na http://h20000.www2.hp.com/bizsupport/Te ... 1093#11360 ... ale kdyz uz sem je preinstallovaval tak se v prubehu instalace obevila hlaska neco s "...Zobrazovaci adapér s standartním ovladacem VGA" .. Poradte pls jak mam vyresit ten problem VGA

[jaro3]

To eBohous3Q : jsi ve špatné sekci , toto je sekci viry. Zadej si vlastní nové téma do správné sekce.

To jaja55 :

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG či Avast, následně T-Cleaner smaž a zapni si AVG.


Vlož sem ještě nový log z hJT.

[jaja55]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:16, on 30.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-s ... uncher.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1ca5721be0c60e0) (gupdate1ca5721be0c60e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8923 bytes

[eBohous3Q]

To eBohous3Q : jsi ve špatné sekci , toto je sekci viry. Zadej si vlastní nové téma do správné sekce.

To jaja55 :

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG či Avast, následně T-Cleaner smaž a zapni si AVG.


Vlož sem ještě nový log z hJT.

TO to je log z ComboFixu >>> POSÍLÁM V PŘÍLOZE<<<

[eBohous3Q]

((((((((((((((((((((((((( Soubory vytvořené od 2009-09-28 do 2009-10-30 )))))))))))))))))))))))))))))))
.

2009-10-30 10:56 . 2009-10-30 13:46 94112 -c--a-w- c:\windows\system32\dllcache\agp440.sys
2009-10-30 10:56 . 2009-10-30 13:46 94112 ----a-w- c:\windows\system32\drivers\agp440.sys
2009-10-29 21:46 . 2009-10-29 21:46 -------- d-----w- C:\compaq
2009-10-29 19:16 . 2009-10-30 09:48 -------- d-----w- c:\program files\MultiRes
2009-10-29 19:12 . 2009-10-29 19:12 472576 ----a-w- c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2009-10-29 19:12 . 2009-10-29 19:12 -------- d-----w- c:\program files\Radeon Omega Drivers
2009-10-29 15:25 . 2009-10-29 15:25 -------- d-----w- c:\program files\WinPcap
2009-10-29 12:01 . 2009-10-30 12:23 294912 ----a-w- c:\windows\system32\qtplugin.exe
2009-10-29 11:59 . 2009-10-29 11:59 58877 ----a-w- c:\documents and settings\Ales\restorer32_a.exe
2009-10-29 11:59 . 2009-10-29 11:59 58877 ----a-w- c:\windows\system32\restorer32_a.exe
2009-10-13 15:01 . 2009-10-13 15:01 -------- d-----w- c:\program files\EA Games
2009-10-10 09:30 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-10-10 09:26 . 2009-10-10 09:26 -------- d-----w- c:\windows\system32\cs-CZ
2009-10-10 09:18 . 2009-10-10 09:26 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-10 09:18 . 2009-10-10 09:18 -------- d-----w- c:\program files\MSBuild
2009-10-10 09:18 . 2009-10-10 09:18 -------- d-----w- c:\program files\Reference Assemblies
2009-10-10 09:16 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-10 09:16 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-10 09:16 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-10 09:16 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-10 09:16 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-10 09:16 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-10 09:16 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-10 09:05 . 2009-10-10 09:05 -------- d-----w- c:\program files\MSXML 6.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 13:58 . 2008-05-15 20:01 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2009-10-29 18:31 . 2009-06-06 14:47 -------- d-----w- c:\program files\Counter-Strike 1.6
2009-10-29 18:18 . 2008-09-01 10:39 -------- d-s---w- c:\program files\HLSW
2009-10-29 15:25 . 2001-10-25 12:00 82750 ----a-w- c:\windows\system32\perfc005.dat
2009-10-29 15:25 . 2001-10-25 12:00 438070 ----a-w- c:\windows\system32\perfh005.dat
2009-10-24 22:44 . 2009-09-10 14:59 -------- d-----w- c:\program files\Counter-Strike 2.1
2009-09-25 05:58 . 2004-08-17 13:49 663040 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:58 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-24 14:31 . 2007-11-11 08:10 -------- d-----w- c:\program files\TRANSLAT
2009-09-11 14:35 . 2004-08-17 13:49 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-06 09:32 . 2009-09-06 09:32 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-04 20:47 . 2004-08-17 13:49 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16 . 2004-08-17 13:49 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 16:10 . 2009-05-27 13:50 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-05-27 13:51 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-05-27 13:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-05-27 13:51 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-05-27 13:51 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-05-27 13:51 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-05-27 13:51 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-05-27 13:51 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-05-27 13:51 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-10 09:26 . 2009-05-16 20:07 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-08-06 18:24 . 2007-10-12 01:53 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2007-10-12 01:53 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2007-10-12 01:53 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2007-10-12 01:53 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2004-08-17 13:49 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2007-10-12 01:53 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2007-10-12 01:53 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:07 . 2004-08-17 13:49 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:07 . 2004-08-17 15:45 2059904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 17:07 . 2004-08-17 13:45 2182528 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-05-08 16:57 . 2009-05-08 16:57 8 --sh--r- c:\windows\system32\27F766CDF2.dll
2009-05-08 21:43 . 2009-05-08 13:18 80 --sh--r- c:\windows\system32\C70D5C09E6.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-05-25 25477928]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]
"restorer32_a"="c:\documents and settings\Ales\restorer32_a.exe" [2009-10-29 58877]
"RegistryMonitor1"="c:\windows\system32\qtplugin.exe" [2009-10-30 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FRYMXINS"="c:\windows\atiimxgl" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-11 335872]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"sysgif32"="c:\windows\Temp\wpv291255703227.exe" [2009-10-29 23552]
"restorer32_a"="c:\windows\system32\restorer32_a.exe" [2009-10-29 58877]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Ales\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
zavupd32.exe [2004-8-17 32000]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2009-5-28 716800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe rundll32.exe pqrs.tmo printer"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\rmiregistry.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hltv.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hlds.exe"=
"c:\\Program Files\\Valve\\hltv.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Counter-Strike 2.1\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:UDP"= 53:UDP:Promo

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27.5.2009 14:51 114768]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [12.10.2007 23:45 58016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.5.2009 14:51 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.6.2009 1:26 222968]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [15.11.2007 21:30 34064]
S1 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys --> c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [?]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [25.10.2007 6:52 1180544]
S3 gtcdcmdm;GTRAN USB CDC Driver (PID 3196);c:\windows\system32\drivers\gtusbmdm_gpc6400.sys [14.5.2008 20:54 66858]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ENTDRV51
*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2294f390-0574-11dd-b750-0008026c9159}]
\Shell\AutoRun\command - "G:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6651c30-566d-11de-b90d-0008026c9159}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
.
Obsah adresáře 'Naplánované úlohy'

2009-09-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 20:35]

2009-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

2009-10-30 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]

2009-10-30 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-27 20:18]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-WDICT32 - (no file)
HKCU-Run-WEBTRAN - (no file)
HKLM-Run-11142413 - c:\docume~1\ALLUSE~1\DATAAP~1\11142413\11142413.exe
HKLM-Run-56736734 - c:\docume~1\ALLUSE~1\DATAAP~1\56736734\56736734.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = proxy.cd.cz:80
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {F19C3841-AD87-46D7-B5CB-DFBC5E0DB68B} = 10.4.10.10,10.12.20.20
FF - ProfilePath - c:\documents and settings\Ales\Data aplikací\Mozilla\Firefox\Profiles\gp22710s.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/|dwgaming.ic.cz
FF - component: c:\program files\Mozilla Firefox 3 Beta 5\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-30 15:38
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1164)
c:\windows\system32\EntApi.dll
.
Celkový čas: 2009-10-30 15:40
ComboFix-quarantined-files.txt 2009-10-30 14:40

Před spuštěním: 1 049 956 352
Po spuštění: 1 921 966 080

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (bootscreen)" /noexecute=optin /fastdetect /KERNEL=kernel1.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

207 --- E O F --- 2009-10-29 18:16

[jaro3]

To eBohous3Q : Prosím založ si nové vlastní téma v sekci hijackthis a nepleť se do jiného , již řešeného tématu.

To jaja55:

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-s ... uncher.cab


Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , fajfku.