Mám vir v přenosných discích??? Vyřešeno

[ASTRO]

Prosím o pomoc moje přenosné HDD a flash disky se zbláznily a přetváří si většinu složek na .exe soubory ktere se po smazani (a odpojeni/napojeni disku) znovu obnoví. Tyto složky pak nejdou přejmenovat,vyjmout,a nekteré nejdou ani vyhodit. Zkoušel jsem disky i moje PC proskenovat nekolika typy anti-viru,spywaru,trojanu atd. ale žádný nenahlásil závažnější chybu než tracking cookie. Nepomáhá ani několikanásobné zformátování disků a windows bych přeinstalovaval jen v nejhorším možném případě. Trápím se s tím už více jak týden prosím poraďte co s tím a jak to řešit.

[Reklama]

[Owner]

Vítej na pc-help!
Začal bych logem z HJT a MVAW viz. můj podpis (thx to mijaja za tyto návody) .

[ASTRO]

tady je log HJT ,sorry mam tam ted trochu vic antiviru pac uz sem si nevedel rady
jinak pouzivam jen avast! a spybot:search&destroy

Logfile of HijackThis v1.99.1
Scan saved at 20:30:42, on 17.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\94B349\A76327.EXE
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\64D596\AK0A2F7.EXE
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\WARPIG\Plocha\hijackthis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [A76327] C:\WINDOWS\system32\94B349\A76327.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
O4 - Startup: A76327.lnk = C:\WINDOWS\system32\94B349\A76327.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

[jaro3]

odinstaluj antiviry, nech jen jeden a u toho vypni rez. ochranu.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[ASTRO]

Zde je onen vyžádaný log, pokud to bude nutné hodím sem ještě jeden po odinstalování AVG

ComboFix 09-03-15.01 - WARPIG 2009-03-18 14:18:36.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3054.2391 [GMT 1:00]
Spuštěný z: c:\documents and settings\WARPIG\Plocha\Download\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090317-0] *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\cnvpe.fne
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\dp1.fne
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\eAPI.fne
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\HtmlView.fne
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\internet.fne
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\krnln.fnr
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\shell.fne
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\spec.fne
c:\windows\system32\Process.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-18 do 2009-03-18 )))))))))))))))))))))))))))))))
.

2009-03-18 13:58 . 2009-03-18 13:58 <DIR> d-------- c:\documents and settings\WARPIG\Data aplikací\DAEMON Tools Pro
2009-03-17 20:38 . 2009-03-17 20:58 <DIR> d-------- C:\Kaspersky
2009-03-17 20:19 . 2009-03-17 21:02 <DIR> d-------- c:\program files\Unlocker
2009-03-17 19:11 . 2009-03-17 19:11 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-03-17 19:10 . 2009-03-17 19:10 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-03-17 19:10 . 2009-03-18 13:58 <DIR> d-------- c:\documents and settings\WARPIG\Data aplikací\DAEMON Tools Lite
2009-03-17 19:06 . 2009-03-17 19:06 <DIR> d-------- c:\documents and settings\WARPIG\Data aplikací\TrojanHunter
2009-03-17 18:58 . 2009-03-17 18:58 <DIR> d-------- c:\documents and settings\WARPIG\Data aplikací\Simply Super Software
2009-03-17 18:49 . 2009-03-17 18:54 32 --a------ c:\windows\thxcfg.ini
2009-03-17 16:46 . 2009-03-17 16:46 <DIR> d-------- c:\program files\Absolute Uninstaller
2009-03-17 15:30 . 2009-03-17 15:30 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-16 17:38 . 2004-08-17 14:49 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-16 17:31 . 2009-03-18 13:59 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-16 17:31 . 2009-03-16 17:31 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\avg8
2009-03-16 17:31 . 2009-03-16 17:31 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-16 17:31 . 2009-03-16 17:31 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-16 17:31 . 2009-03-16 17:31 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-15 16:51 . 2009-03-15 16:51 <DIR> d-------- c:\documents and settings\All Users\Data aplikac
2009-03-14 20:06 . 2009-03-17 16:54 <DIR> d-------- c:\program files\Drakensang
2009-03-13 20:06 . 2009-03-13 20:40 189,072 --a------ c:\windows\system32\PnkBstrB.xtr
2009-03-13 19:26 . 2005-12-16 00:15 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-03-13 19:26 . 2005-12-16 00:15 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2009-03-13 19:26 . 2005-12-16 00:15 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-03-13 19:26 . 2005-12-16 00:15 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2009-03-13 19:26 . 2008-04-14 04:18 6,144 --a------ c:\windows\system32\kbd106.dll
2009-03-13 19:26 . 2005-12-16 00:15 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-03-13 19:26 . 2005-12-16 00:15 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-03-13 19:26 . 2008-04-14 04:18 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2009-03-13 19:26 . 2005-12-16 00:15 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2009-03-13 19:26 . 2005-12-16 00:15 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2009-03-13 19:26 . 2005-12-16 00:15 5,632 --a------ c:\windows\system32\kbd103.dll
2009-03-13 19:26 . 2005-12-16 00:15 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2009-03-12 19:03 . 2009-03-12 19:03 339,456 --a------ c:\windows\UIA200.exe
2009-03-11 16:43 . 2009-03-11 16:43 <DIR> d-------- c:\windows\system32\xlive
2009-03-11 16:43 . 2009-03-11 16:44 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-03-11 16:10 . 2009-03-11 16:26 <DIR> d--h----- c:\windows\system32\94B349
2009-03-11 16:10 . 2009-03-17 19:08 <DIR> d--h----- c:\windows\system32\661E80
2009-03-11 16:10 . 2009-03-17 19:08 <DIR> d--h----- c:\windows\system32\64D596
2009-03-11 16:10 . 2009-03-11 16:25 <DIR> d--h----- c:\windows\system32\6248EA
2009-03-11 14:18 . 2009-03-11 14:26 <DIR> d-------- c:\program files\ICQ6.5
2009-03-10 20:32 . 2009-03-10 21:02 <DIR> d-------- c:\windows\NV31483004.TMP
2009-03-10 20:32 . 2009-02-18 14:44 212,711 --a------ c:\windows\system32\nvapps.nvb
2009-03-10 19:08 . 2009-03-10 19:09 12,288 --a------ c:\windows\system32\drivers\EIO64_xp.sys
2009-03-10 19:07 . 2009-03-10 19:08 <DIR> d-------- c:\program files\ASUS
2009-03-10 19:00 . 2009-03-18 14:04 206,065 --a------ c:\windows\system32\nvapps.xml
2009-03-10 18:59 . 2009-02-16 23:17 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2009-03-10 18:59 . 2009-02-18 14:44 453,152 --a------ c:\windows\system32\nvudisp.exe
2009-03-10 18:59 . 2009-02-18 14:44 19,021 --a------ c:\windows\system32\nvdisp.nvu
2009-02-18 14:44 . 2009-02-18 14:44 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax
2009-02-18 14:44 . 2009-02-18 14:44 401,408 --a------ c:\windows\system32\nvcuvid.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 12:58 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\DAEMON Tools
2009-03-17 18:22 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\teamspeak2
2009-03-17 18:04 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-17 17:56 --------- d-----w c:\documents and settings\All Users\Data aplikací\Lavasoft
2009-03-17 16:12 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\Azureus
2009-03-17 15:54 --------- d-----w c:\program files\World of Warcraft
2009-03-17 15:54 --------- d-----w c:\program files\TmNationsForever
2009-03-17 15:54 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\GetRightToGo
2009-03-16 16:31 --------- d-----w c:\program files\AVG
2009-03-16 13:56 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-03-15 18:35 --------- d-----w c:\program files\Steam
2009-03-14 19:15 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\Skype
2009-03-14 18:04 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\skypePM
2009-03-14 16:54 --------- d-----w c:\documents and settings\All Users\Data aplikací\TrackMania
2009-03-13 19:42 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-13 19:40 189,072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-13 19:06 138,920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-12 18:03 --------- d-----w c:\program files\All Ten Fingers
2009-03-10 19:54 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\Red Alert 3
2009-03-10 19:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-10 19:33 --------- d-----w c:\program files\AGEIA Technologies
2009-03-10 19:24 75,064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-03-10 19:13 --------- d-----w c:\program files\Vuze
2009-03-10 18:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 19:23 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\dvdcss
2009-02-07 15:00 --------- d-----w c:\documents and settings\All Users\Data aplikací\Phenomedia
2009-02-04 19:26 --------- d-----w c:\program files\LucasArts
2009-02-04 18:45 --------- d-----w c:\program files\THQ
2009-02-01 11:03 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\Creative
2009-02-01 09:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\XBlades
2009-02-01 09:11 --------- d-----w c:\program files\XBlades
2009-02-01 07:19 --------- d-----w c:\program files\The KMPlayer
2009-01-31 14:24 --------- d-----w c:\program files\Left4Dead
2009-01-31 11:03 --------- d-----w c:\documents and settings\All Users\Data aplikací\Electronic Arts
2009-01-30 17:05 --------- d-----w c:\program files\Electronic Arts
2009-01-16 17:24 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2009-01-12 15:08 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-12-26 08:22 682,280 ----a-w c:\windows\system32\pbsvc.exe
2008-12-26 08:22 22,328 ----a-w c:\documents and settings\WARPIG\Data aplikací\PnkBstrK.sys
2008-12-23 20:03 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-11-10 16:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008110320081110\index.dat
2008-11-10 16:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008111020081111\index.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-06-30 1150976]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VX3000"="c:\windows\vVX3000.exe" [2008-08-04 721936]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"A76327"="c:\windows\system32\94B349\A76327.EXE" [2009-03-11 1405148]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-16 1932568]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\WARPIG\Nabˇdka Start\Programy\Po spuçtŘnˇ\
A76327.lnk - c:\windows\system32\94B349\A76327.EXE [2009-03-11 1405148]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-04 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-16 17:31 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Pure\\Pure.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\RA3.exe"=
"c:\\Program Files\\Left4Dead\\hl2.exe"=
"c:\\Program Files\\XBlades\\xblades.exe"=
"c:\\Program Files\\XBlades\\launcher.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Kaspersky\\kavupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59051:TCP"= 59051:TCP:Pando Media Booster
"59051:UDP"= 59051:UDP:Pando Media Booster
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-11 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-16 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-16 107912]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-11 20560]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-16 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-16 298264]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6ad6fa0-ae98-11dd-b420-001676e07ffb}]
\Shell\1\Command - E:\Recycle.exe
\Shell\2\Command - E:\Recycle.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycle.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-03-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
.
.
------- Doplňkový sken -------
.
mStart Page = about:blank
FF - ProfilePath - c:\documents and settings\WARPIG\Data aplikací\Mozilla\Firefox\Profiles\o8bmsqi5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 14:19:47
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1417001333-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:3c,52,e6,3c,79,94,3c,b2,72,4e,3b,92,0d,60,7d,3e,fa,74,4a,b2,b6,
7c,a3,46,db,f3,63,76,08,e6,55,a3,5b,6e,2b,db,94,2d,37,d7,85,96,b7,8e,1f,5b,\
"rkeysecu"=hex:43,f3,aa,9f,21,6c,4b,dd,45,a2,00,f9,87,61,78,b2
.
Celkový čas: 2009-03-18 14:20:54
ComboFix-quarantined-files.txt 2009-03-18 13:20:52

Před spuštěním: Volných bajtů: 142,416,031,744
Po spuštění: Volných bajtů: 142,478,446,592

237 --- E O F --- 2009-03-16 16:41:49

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\thxcfg.ini
c:\windows\system32\drivers\EIO64_xp.sys

Driver::
EIO64_xp

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6ad6fa0-ae98-11dd-b420-001676e07ffb}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Tyto složky:
c:\windows\system32\94B349
c:\windows\system32\661E80
c:\windows\system32\64D596
c:\windows\system32\6248EA
znáš?
Jestli ne , tak se tam koukni co tam je, popř. :
Toto otestuj na Virustotal
c:\windows\system32\94B349\A76327.EXE
Vlož sem pak odkaz výsledku.

[ASTRO]

ComboFix 09-03-15.01 - WARPIG 2009-03-18 16:30:22.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3054.2483 [GMT 1:00]
Spuštěný z: c:\documents and settings\WARPIG\Plocha\Download\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\WARPIG\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090317-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\system32\drivers\EIO64_xp.sys
c:\windows\thxcfg.ini
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\cnvpe.fne
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\dp1.fne
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\eAPI.fne
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\HtmlView.fne
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\internet.fne
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\krnln.fnr
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\shell.fne
c:\docume~1\WARPIG\LOCALS~1\Temp\E_N4\spec.fne
c:\windows\system32\drivers\EIO64_xp.sys
c:\windows\thxcfg.ini

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-18 do 2009-03-18 )))))))))))))))))))))))))))))))
.

2009-03-18 13:58 . 2009-03-18 13:58 <DIR> d-------- c:\documents and settings\WARPIG\Data aplikací\DAEMON Tools Pro
2009-03-17 20:38 . 2009-03-17 20:58 <DIR> d-------- C:\Kaspersky
2009-03-17 20:19 . 2009-03-17 21:02 <DIR> d-------- c:\program files\Unlocker
2009-03-17 19:11 . 2009-03-17 19:11 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-03-17 19:10 . 2009-03-17 19:10 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-03-17 19:10 . 2009-03-18 13:58 <DIR> d-------- c:\documents and settings\WARPIG\Data aplikací\DAEMON Tools Lite
2009-03-17 19:06 . 2009-03-17 19:06 <DIR> d-------- c:\documents and settings\WARPIG\Data aplikací\TrojanHunter
2009-03-17 18:58 . 2009-03-17 18:58 <DIR> d-------- c:\documents and settings\WARPIG\Data aplikací\Simply Super Software
2009-03-17 16:46 . 2009-03-17 16:46 <DIR> d-------- c:\program files\Absolute Uninstaller
2009-03-16 17:38 . 2004-08-17 14:49 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-15 16:51 . 2009-03-15 16:51 <DIR> d-------- c:\documents and settings\All Users\Data aplikac
2009-03-14 20:06 . 2009-03-17 16:54 <DIR> d-------- c:\program files\Drakensang
2009-03-13 20:06 . 2009-03-13 20:40 189,072 --a------ c:\windows\system32\PnkBstrB.xtr
2009-03-13 19:26 . 2005-12-16 00:15 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-03-13 19:26 . 2005-12-16 00:15 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2009-03-13 19:26 . 2005-12-16 00:15 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-03-13 19:26 . 2005-12-16 00:15 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2009-03-13 19:26 . 2008-04-14 04:18 6,144 --a------ c:\windows\system32\kbd106.dll
2009-03-13 19:26 . 2005-12-16 00:15 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-03-13 19:26 . 2005-12-16 00:15 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-03-13 19:26 . 2008-04-14 04:18 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2009-03-13 19:26 . 2005-12-16 00:15 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2009-03-13 19:26 . 2005-12-16 00:15 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2009-03-13 19:26 . 2005-12-16 00:15 5,632 --a------ c:\windows\system32\kbd103.dll
2009-03-13 19:26 . 2005-12-16 00:15 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2009-03-12 19:03 . 2009-03-12 19:03 339,456 --a------ c:\windows\UIA200.exe
2009-03-11 16:43 . 2009-03-11 16:43 <DIR> d-------- c:\windows\system32\xlive
2009-03-11 16:43 . 2009-03-11 16:44 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-03-11 16:10 . 2009-03-11 16:26 <DIR> d--h----- c:\windows\system32\94B349
2009-03-11 16:10 . 2009-03-17 19:08 <DIR> d--h----- c:\windows\system32\661E80
2009-03-11 16:10 . 2009-03-17 19:08 <DIR> d--h----- c:\windows\system32\64D596
2009-03-11 16:10 . 2009-03-11 16:25 <DIR> d--h----- c:\windows\system32\6248EA
2009-03-11 14:18 . 2009-03-11 14:26 <DIR> d-------- c:\program files\ICQ6.5
2009-03-10 20:32 . 2009-03-10 21:02 <DIR> d-------- c:\windows\NV31483004.TMP
2009-03-10 20:32 . 2009-02-18 14:44 212,711 --a------ c:\windows\system32\nvapps.nvb
2009-03-10 19:07 . 2009-03-10 19:08 <DIR> d-------- c:\program files\ASUS
2009-03-10 19:00 . 2009-03-18 16:34 206,065 --a------ c:\windows\system32\nvapps.xml
2009-03-10 18:59 . 2009-02-16 23:17 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2009-03-10 18:59 . 2009-02-18 14:44 453,152 --a------ c:\windows\system32\nvudisp.exe
2009-03-10 18:59 . 2009-02-18 14:44 19,021 --a------ c:\windows\system32\nvdisp.nvu
2009-02-18 14:44 . 2009-02-18 14:44 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax
2009-02-18 14:44 . 2009-02-18 14:44 401,408 --a------ c:\windows\system32\nvcuvid.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 13:25 --------- d-----w c:\program files\AVG
2009-03-18 12:58 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\DAEMON Tools
2009-03-17 18:22 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\teamspeak2
2009-03-17 18:04 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-17 17:56 --------- d-----w c:\documents and settings\All Users\Data aplikací\Lavasoft
2009-03-17 16:12 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\Azureus
2009-03-17 15:54 --------- d-----w c:\program files\World of Warcraft
2009-03-17 15:54 --------- d-----w c:\program files\TmNationsForever
2009-03-17 15:54 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\GetRightToGo
2009-03-16 13:56 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-03-15 18:35 --------- d-----w c:\program files\Steam
2009-03-14 19:15 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\Skype
2009-03-14 18:04 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\skypePM
2009-03-14 16:54 --------- d-----w c:\documents and settings\All Users\Data aplikací\TrackMania
2009-03-13 19:42 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-13 19:06 138,920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-12 18:03 --------- d-----w c:\program files\All Ten Fingers
2009-03-10 19:54 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\Red Alert 3
2009-03-10 19:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-10 19:33 --------- d-----w c:\program files\AGEIA Technologies
2009-03-10 19:13 --------- d-----w c:\program files\Vuze
2009-03-10 18:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-18 13:44 6,308,224 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-02-07 19:23 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\dvdcss
2009-02-07 15:00 --------- d-----w c:\documents and settings\All Users\Data aplikací\Phenomedia
2009-02-04 19:26 --------- d-----w c:\program files\LucasArts
2009-02-04 18:45 --------- d-----w c:\program files\THQ
2009-02-01 11:03 --------- d-----w c:\documents and settings\WARPIG\Data aplikací\Creative
2009-02-01 09:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\XBlades
2009-02-01 09:11 --------- d-----w c:\program files\XBlades
2009-02-01 07:19 --------- d-----w c:\program files\The KMPlayer
2009-01-31 14:24 --------- d-----w c:\program files\Left4Dead
2009-01-31 11:03 --------- d-----w c:\documents and settings\All Users\Data aplikací\Electronic Arts
2009-01-30 17:05 --------- d-----w c:\program files\Electronic Arts
2008-12-26 08:22 22,328 ----a-w c:\documents and settings\WARPIG\Data aplikací\PnkBstrK.sys
2008-11-10 16:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008110320081110\index.dat
2008-11-10 16:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008111020081111\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-18_14.20.08.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-17 18:08:13 22,016 ------w c:\windows\system32\64D596\AK0A2F7.EXE
+ 2009-03-18 13:42:59 22,016 ------w c:\windows\system32\64D596\AK0A2F7.EXE
- 2009-03-17 19:08:25 22,016 --sh--w c:\windows\system32\64D596\nmirnxp.exe
+ 2009-03-18 14:43:16 22,016 --sh--w c:\windows\system32\64D596\nmirnxp.exe
+ 2009-03-18 15:34:28 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_210.dat
+ 2009-03-18 15:34:18 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_758.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-06-30 1150976]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VX3000"="c:\windows\vVX3000.exe" [2008-08-04 721936]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"A76327"="c:\windows\system32\94B349\A76327.EXE" [2009-03-11 1405148]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\WARPIG\Nabˇdka Start\Programy\Po spuçtŘnˇ\
A76327.lnk - c:\windows\system32\94B349\A76327.EXE [2009-03-11 1405148]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-04 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Pure\\Pure.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\RA3.exe"=
"c:\\Program Files\\Left4Dead\\hl2.exe"=
"c:\\Program Files\\XBlades\\xblades.exe"=
"c:\\Program Files\\XBlades\\launcher.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Kaspersky\\kavupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59051:TCP"= 59051:TCP:Pando Media Booster
"59051:UDP"= 59051:UDP:Pando Media Booster
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-11 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-11 20560]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
.
Obsah adresáře 'Naplánované úlohy'

2009-03-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
.
.
------- Doplňkový sken -------
.
mStart Page = about:blank
FF - ProfilePath - c:\documents and settings\WARPIG\Data aplikací\Mozilla\Firefox\Profiles\o8bmsqi5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 16:35:04
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1417001333-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:3c,52,e6,3c,79,94,3c,b2,72,4e,3b,92,0d,60,7d,3e,fa,74,4a,b2,b6,
7c,a3,46,db,f3,63,76,08,e6,55,a3,5b,6e,2b,db,94,2d,37,d7,85,96,b7,8e,1f,5b,\
"rkeysecu"=hex:43,f3,aa,9f,21,6c,4b,dd,45,a2,00,f9,87,61,78,b2
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\ATKKBService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-03-18 16:39:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-03-18 15:39:31
ComboFix2.txt 2009-03-18 13:20:55

Před spuštěním: Volných bajtů: 142 574 915 584
Po spuštění: Volných bajtů: 142,561,792,000

242 --- E O F --- 2009-03-16 16:41:49



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:27, on 18.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\94B349\A76327.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [A76327] C:\WINDOWS\system32\94B349\A76327.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: A76327.lnk = C:\WINDOWS\system32\94B349\A76327.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 7326 bytes

[ASTRO]

Soubor AK0A2F7.EXE přijatý 2009.03.18 16:48:28 (CET)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.03.18 Trojan.Dloader!IK
AhnLab-V3 5.0.0.2 2009.03.18 -
AntiVir 7.9.0.116 2009.03.18 -
Authentium 5.1.2.4 2009.03.18 W32/Agent.CM.gen!Eldorado
Avast 4.8.1335.0 2009.03.17 -
AVG 8.0.0.237 2009.03.18 -
BitDefender 7.2 2009.03.18 -
CAT-QuickHeal 10.00 2009.03.18 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.03.18 -
Comodo 1066 2009.03.18 -
DrWeb 4.44.0.09170 2009.03.18 Win32.HLLW.Autoruner.5073
eSafe 7.0.17.0 2009.03.18 Win32.DLoader.Ldby
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.17 W32/Agent.CM.gen!Eldorado
F-Secure 8.0.14470.0 2009.03.18 W32/DLoader.LDBY
Fortinet 3.117.0.0 2009.03.18 -
GData 19 2009.03.18 -
Ikarus T3.1.1.48.0 2009.03.18 Trojan.Dloader
K7AntiVirus 7.10.674 2009.03.17 -
Kaspersky 7.0.0.125 2009.03.18 -
McAfee 5556 2009.03.17 -
McAfee+Artemis 5556 2009.03.17 -
McAfee-GW-Edition 6.7.6 2009.03.18 -
Microsoft 1.4502 2009.03.18 -
NOD32 3944 2009.03.17 -
Norman 6.00.06 2009.03.18 W32/DLoader.LDBY
nProtect 2009.1.8.0 2009.03.18 -
Panda 10.0.0.10 2009.03.18 -
PCTools 4.4.2.0 2009.03.18 -
Prevx1 V2 2009.03.18 -
Rising 21.21.22.00 2009.03.18 -
Sophos 4.39.0 2009.03.18 Mal/EncPk-GF
Sunbelt 3.2.1858.2 2009.03.18 -
Symantec 1.4.4.12 2009.03.18 -
TheHacker 6.3.3.0.283 2009.03.16 -
TrendMicro 8.700.0.1004 2009.03.18 PAK_Generic.001
VBA32 3.12.10.1 2009.03.17 -
ViRobot 2009.3.18.1654 2009.03.18 -
VirusBuster 4.6.5.0 2009.03.17 -
Rozšiřující informace
packers (Kaspersky): PE-Crypt.CF

[ASTRO]

tento druhy soubor mi označil(znenadani avast! a uz je odstranen )

Soubor AN0A2F7.EXE přijatý 2009.03.18 16:52:58 (CET)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.03.18 Trojan.Dloader!IK
AhnLab-V3 5.0.0.2 2009.03.18 -
AntiVir 7.9.0.116 2009.03.18 -
Authentium 5.1.2.4 2009.03.18 W32/Agent.CM.gen!Eldorado
Avast 4.8.1335.0 2009.03.17 Win32:Adware-gen
AVG 8.0.0.237 2009.03.18 -
BitDefender 7.2 2009.03.18 Trojan.Generic.1561618
CAT-QuickHeal 10.00 2009.03.18 Trojan.Agent.gen
ClamAV 0.94.1 2009.03.18 -
Comodo 1066 2009.03.18 -
DrWeb 4.44.0.09170 2009.03.18 Win32.HLLW.Autoruner.5073
eSafe 7.0.17.0 2009.03.18 Win32.DLoader.Ldby
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.17 W32/Agent.CM.gen!Eldorado
F-Secure 8.0.14470.0 2009.03.18 W32/DLoader.LDBY
Fortinet 3.117.0.0 2009.03.18 PossibleThreat
GData 19 2009.03.18 Trojan.Generic.1561618
Ikarus T3.1.1.48.0 2009.03.18 Trojan.Dloader
K7AntiVirus 7.10.674 2009.03.17 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.03.18 not-a-virus:AdWare.Win32.FlyStudio.a
McAfee 5556 2009.03.17 Spy-Agent.do
McAfee+Artemis 5556 2009.03.17 Spy-Agent.do
McAfee-GW-Edition 6.7.6 2009.03.18 -
Microsoft 1.4502 2009.03.18 -
NOD32 3944 2009.03.17 Win32/FlyStudio.NHN
Norman 6.00.06 2009.03.18 W32/DLoader.LDBY
nProtect 2009.1.8.0 2009.03.18 -
Panda 10.0.0.10 2009.03.18 Generic Trojan
PCTools 4.4.2.0 2009.03.18 -
Prevx1 V2 2009.03.18 -
Rising 21.21.22.00 2009.03.18 -
Sophos 4.39.0 2009.03.18 Mal/EncPk-GF
Sunbelt 3.2.1858.2 2009.03.18 -
Symantec 1.4.4.12 2009.03.18 Trojan Horse
TheHacker 6.3.3.0.283 2009.03.16 -
TrendMicro 8.700.0.1004 2009.03.18 TROJ_DLOADER.WSV
VBA32 3.12.10.1 2009.03.17 -
ViRobot 2009.3.18.1654 2009.03.18 -
VirusBuster 4.6.5.0 2009.03.17

[jaro3]

Nenapsal jsi co je v těch složkách..kouknem se.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\94B349\A76327.EXE

DirLook::
c:\windows\system32\94B349
c:\windows\system32\661E80
c:\windows\system32\64D596
c:\windows\system32\6248EA

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[ASTRO]

mno v te jedne byl jakysi textak(smazano) v dalsich dvou nic a v posledni byly jakysi dva zavirovany soubory(alespon podle Virustotal) - oba uspesne smazany. Jakysi Aol...EXE a jeste jeden podobnej

[jaro3]

Fajn , takže jsi smazal všechny tyto složky:
c:\windows\system32\94B349
c:\windows\system32\661E80
c:\windows\system32\64D596
c:\windows\system32\6248EA

Takže můžeš ještě dát nový log z HJT.