PC-HELP.CZ

Prosím o radu.Avast mi našel toto a já si nejsem jistý jestli to mám odstranit.Děkuji

data aplikací\sun\java\deployment\cache\6.0\28\...\gromozapa.class

Stav HROZBA:Java:Agent-DU (Exp)

Vlož sem log ke kontrole: viewtopic.php?t=5119 a vyčkej až ti to někdo ze znalců zkontroluje.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:41:17, on 1.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\BinarySense\disksvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis 1\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8127399796
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1ca65ff2758f48c) (gupdate1ca65ff2758f48c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HDD & SSD access service - BinarySense Ltd. - C:\Program Files\Common Files\BinarySense\disksvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12546 bytes

Než se ti na to někdo podívá dej sem ještě log z MBAM - zatím nic nemaž.

Co se týče toho Avastu, pak bych mu věřil.

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1.6.2011 18:39:52
mbam-log-2011-06-01 (18-39-52).txt

Typ: Rychlá kontrola
Kontrolované objekty: 6
Uplynulý čas: 12 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole můzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Dr. Web CureIt nic nenašel.
Tady je log z ComboFix

ComboFix 11-06-01.07 - Milan 02.06.2011 15:42:07.3.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1598 [GMT 2:00]
Spuštěný z: c:\documents and settings\Milan\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-02 do 2011-06-02 )))))))))))))))))))))))))))))))
.
.
2011-06-02 13:11 . 2011-06-02 13:11 -------- d-----w- c:\documents and settings\Milan\DoctorWeb
2011-05-25 21:07 . 2011-05-25 21:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 20:00 . 2011-05-24 20:00 388096 ----a-r- c:\documents and settings\Milan\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-24 20:00 . 2011-05-24 20:00 -------- d-----w- c:\program files\HijackThis 1
2011-05-17 19:26 . 2011-05-17 19:26 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-04 10:38 . 2011-05-04 10:38 -------- d-----w- c:\documents and settings\MilanEmailTemplate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 07:11 . 2009-11-17 14:55 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2009-11-17 14:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 12:29 . 2010-06-01 17:00 97504 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-05-10 12:10 . 2010-06-29 16:17 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2009-11-13 14:38 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-02-27 11:02 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2009-11-13 14:39 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2009-11-13 14:39 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2009-11-13 14:39 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2009-11-13 14:39 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2009-11-13 14:39 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2009-11-13 14:39 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2009-11-13 14:39 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-05 16:41 . 2010-06-01 17:00 284744 ----a-w- c:\windows\system32\guard32.dll
2011-05-05 16:41 . 2010-06-01 17:00 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-05-05 16:41 . 2010-06-01 17:00 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-05-05 16:41 . 2010-06-04 09:55 242472 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-03-07 05:33 . 2009-11-11 13:30 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 19:44 . 2011-04-11 17:09 59888 ------w- c:\windows\system32\pxwma.dll
2011-03-04 19:44 . 2009-11-14 07:57 133616 ------w- c:\windows\system32\pxafs.dll
2011-05-02 12:39 . 2011-03-29 18:20 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2006-12-08 241664]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-10 2552648]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-05-10 3459712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX_dx10.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"c:\\Program Files\\Call of Duty Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\NFS11.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.11.2009 18:37 691696]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2.7.2010 16:31 27704]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [19.2.2010 17:00 148744]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [26.11.2009 11:57 17408]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27.2.2011 13:02 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.11.2009 16:39 307928]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [4.6.2010 11:55 242472]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1.6.2010 19:00 29400]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [8.8.2008 11:15 41456]
S2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [23.11.2009 22:19 749912]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.11.2009 16:39 19544]
S2 gupdate1ca65ff2758f48c;Služba Google Update (gupdate1ca65ff2758f48c);c:\program files\Google\Update\GoogleUpdate.exe [15.11.2009 16:23 133104]
S2 HDD & SSD access service;HDD & SSD access service;c:\program files\Common Files\BinarySense\disksvc.exe [5.2.2009 16:41 207104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [17.11.2009 16:55 366640]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.8.2010 11:38 92008]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.11.2009 16:03 1684736]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15.11.2009 16:23 133104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [17.11.2009 16:55 22712]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [16.2.2011 22:56 27064]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [26.11.2009 1:06 34384]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\documents and settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\jic4h0k8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-02 15:53
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,0b,28,a9,2d,10,e1,49,9c,bd,e1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,0b,28,a9,2d,10,e1,49,9c,bd,e1,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="58242A2B4D8FBE45CBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A9C6AECB7A5D14075D575E7D6A3B9808E4465CBBFD04FED1191C7722F0CDF7159938D2DC340A04B644D8B22C6BADA604B9FCE53B449A6D31B4EB2F6C944EE390E9903A7983E48E947823A15C4263FBA4F09B858CDBE061C5617EB30D066E4A0680755D4718DF554D5837DA37F9D506660CBE866A369F1DE82BD5214B12ED10EF91EB4839B652FD98DDBE7D7E6E0FC7DA70563A046BB5A52E7E461A61A620D8FAB44D11B9C7A2EF606BB9AD671FAA0BCB6726F4F9339743592E78C4FD566A91886448CC22564DD444C3FB931AB35BDB349FC48FE1EC4803E1F06AC946D84A66AE00DE164413E29C15902A5AB3F2E509C12820664619E2B675E16B564F884E4935CA668B62D087FA5ADC3FB2C64B2428D9F876DA255F177473FD211D24E41AF11DED0850B709F2E54F1A8BCD564C039094E8DBD17187A59371A904D3C310E3D994F2430A6CD67298601C30665C2B03DE3B3738321102E6B2B7A8E0B3235178BE034BE764A3F9E693B11CA4B54541BB734F04C6695CDEC2B242A7D8FA2793B52381C71D8D6F55C2199A3534FB738B5371045698E9A254B7B7C2B4DFE9AC6510CDDC21DBB859F20EAFA3E87D7EBA2A89423F9610A526BCD92B9B403FC7007A0EC69772F19C5C7DE7248C1CF20265E22E909E11E5979C95CEBA682393DDE7A94BDEE6BC82F268457D84C695DAD4AD1FA64E7079A5BA30014FD7F2964EF897ECF5A6356001F961BD94237A02D0C4C769EDAD39E32E8FFDC42B373DB9B3EABC63D3F49DA639F6A000061980734327D7740F282FC9351C98CAC4527B0EDB0B7551B9E2F3BB482EF0463D40685C75527516AC79BE88C0E8072291E496F9B430D31B14CE3D2E20EA14F0BA38F4967DA12F447B2207E12D81427A9B7229C87E3B614E61DCB1EF85FBBA0591E31CDD4676861FC466DBFBAA77B7AA02BE07294E0A96983671C05A143310A8ECEA08D28F33EDE5664DC45E3DDE4BADF7D2B1AB8C06634CB8368AA8B768AFA8863798786ABF517C51A4FD77BBD0D19F42FB63C7F6962B61A41BE579B37627F52E79DDB9BE088BED0AFAF419D16915443A4B08D81CA9C4724951DACF9CBA7DA3CAA3A16146FAEF662BA54F777F4A547F5017BF1BE2317B3E0A4E28945C192AE753EDDB20120D4136E1BBE3AD9997405D85F6603283A30EA75E4CBD1232F617A1D3D33C8A82B439D26D1A3DB6C6797F8A71C871A58AF8AFB550CB43792EBFA6CE6C92A498CF7005D426E19C76839C2CD8BC2EAFDED7B00713008B115BB6E1AB14D1AE2C27043C4679F27575B09E3354BEA58B0CAAA2CAAE8E2194B5B00650EEB8CCEE9DF67E9D112152FCEC10BC6FF8548009"
"OOSE05.00.00.01PRO"="AEC7426F7D9072C721DE95803784065DA301E5CEE13C4D60114FBD7607F40CA1280ECA6EBBA075F3A651E5811D56D3B5BBB1E0DF2D5B7FE83C9A27BC7332A958B626ABFE72BC744ACA82307BEAEDD8CF59F0CDC6F20FE1117C4FDB915791B5BA59B19C1C52EFEBF4390DBDAA8F9F37E1F5F2ADA07F965CBF38D933937C5BFC058378E70342AA2F1C12B2F08E2DA366A9FE9194CDD190AA62CACA17A360B920711C656DB65B3F63EE68D63DEA9A96B1655648AD719C855B6B80DA066531391345FE07A07C6BE503A046812BC4E0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA9C6AECB7A5D1407C038D530D6EB3452764CEBB8DA787873CA90A49F90BC11C71BC66428CCF44628AFBBD3B1E7C79A2CE022365FB4731674332D1C76F2137DEF0FF92C8EBD2C267281C67989210E5398927BE9622B08217B1D812AC79EE009B24F6D3A0B2A30EB2F22F87C5CAFF9315A70C5615423A1788D9AFE9CD27526D2D2B5B8EAAC093715FD51AC68A54515360E46C2F93EA8BEBC649C6C3FCD78F5BCC5FDC41CF4780966B13512CD53B8FCA78441079519EA7555EE7C6265DED079EEB849D232D6B984E852D62C434602E30E42F47A1954BAE96C4EF4CF66A1CB6DD3071B7395BC2F1AE69CA4D4DFD54190B57ED7D9EE5391D8EE5625F51DA8D6A19B45DC8EB103E4CEF27EEFB5BF4C36DD31A7C2B785ED09120F12906A677508FA38B8D9DDF6FB06BCDD1CEC5084E5C83955DD7676CC6D60F744BE9E97288096EFE1DD43F1D56B6411C3CBB6F552D502243BF392CF3A137A82C84E1AB9C537DC8F93E0AC2CC98AF38BFD9BC85152438E36BF749F514A10DDBB1964B3E3AB78DCF70CA58FC34C86CD042DC8865DB1454299859B86D9778BB5C4F8DDFDFB4718B9DDCEC147C3DC80AFE1364734E79FEC128C6F589721C5A0514F6DC470BB8C5E3B892201150B818DF8A2C13FF918D1B9986127D0042DB9DFA222C1DC66B07208CD5892619DCBBE3731583A0CE7628024927D9ADC62DB5C4A421B839AA0BBF1C480B8ED94E78C2278FD27513D6E946894E25C7B0AAC5E3CD8E8A7842840158AB887314882E0293BC52EC97917E1CCCAE80F8BBD97C1B76BF376CA5AE24EC3BEFA3B58F7C4DA4F1E80330CEC8FFC816BF3C02D1B7AE3C37E7CEE9CE15C35A5169896D99A2A0703E0042050A6D25C77927B477710DA39AC104677C8B55945EE99903BF78BB5001A9F9CAF8BE640814C8FB912365E96CCF33C165C8D3BD4B0A459586B85EF1D423F7A0BBCC5316CD1EF2F5CB8C50CBC0CEEA6A80CBD957B909EE6D6106CAF4B2D7295844A1FCE9D18A54906751960134A46F3AB1843B12E5F8CDAE7B327745F840597B27C464CD07F04B3CB25B66911BEF5CD"
"OOCC06.00.00.01WSSV"="A0CD61EC64AB23ACF4F86D13D5812BC711D9C26A12255916A7DB95EE66F5AB425D1E55795151FE606E93BE0BAD97EE5CD67BFC67608D3D4011A4DFF6A6094EBD697F1906E9E7B114D706164C26E4BDBE706FD93F5DAB3A74E0B2F4C2254D9AF8015E0A1DB6F5C7406EB9D840197C7D593D3A6662D3402F32B5C930E7BCD1882A23D9E89843F4756E31C952A9E3E6B92BDD141999137D218F715F4CD24C18B69A14C6DBA8A1D20E3C6807301DE81DA0C7B96CC7FB6D8DB7333D9D69C03792E4A5DCAAEC51E4728C5C1BF586830D0F06D6F963ADF7B8893E5902648C4566AC763F494387E9A6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CC038D530D6EB3452BA7FD869164D6794F508665A23A202D4991A715A9F3AB0957EF53FC19EA0C0D635EE5407B43EFC26D0188488C9592DF058023C9D681687977D83A936E78A821AAF12A7055B60E54972AF7EC3DC8838920F63F57E1BFBF24F8E45B771428E90B183987B79AE53DE3A2DF10990F38B2E395FFA095F2BAFC16D3E3329D81F791EA14C5184693C0C23EACA29EB35D6A3EDEADC2A72E9BDDC16A60F66CE95A17FB4ED99AF8A9F45E73FD185BF85BD06F52A2C9276C308311069B2779C0F9523B63120EDC9E72A3FA5946A0EC543783588EA8AFB86A1EB933A874F61B764082F98C346C05C8B5C5369DAB3886FABF8C7C909950AA8C408A9318EBCAABE5EE30884F173FAC3F9C9DFB9992F0D955617DA88B461A1CE7B96E92E744026591CE1A0BC93BA7E0549CEF50330E4A7B16F6C3C7BEF041D0C27917F4E7F2297D6577F23E6D6B79DC42609DA92CE5ED8E437586D389299C89A3C3AC9934CAE3B29597B6A0EBA079DD0CED9899E7DA992F28100A63D45C2E4D545955E634AB63F66FEDE08A095CA3B151768AC3D145B3F45B7C7526A882327C0DD6A0386BD0FC3473BEF3FF00E2826A6651FA969C088BA6555DD8C032FE0397F384533AB3E1060AB953D8AB524C9FEBBB5AA1282864D53056A2FAAB15F29B8D91AF59FE236961F1327179488A5DCDE2F177D32CCB9464E771B6EB10194AAB3BC5C912BA166837CA59E12BEE8B8924F002DCE86EE851864B32194DCE11D1AB13BEB6FED4263BB6C2C3D0A1EB7562051D02F98C1F465E73F57C65C9A291BAD2B88CA2C310194A6D4935A997A3D4BC156E86718C7CD2D618121ED440D8E06228D7D0D28F60134B18DEF6022502238B24532B5D0324E82B23D758A8E0A30A8B7B797DC86F146D44E66F5CDC951F59034793D0E07CE2B5E8E7C5AA4C51E8B22308278F72F0ABAD76FA17F34F8602B9E0EC23B77C6A0810FAC39FED7B08686645533E2AE515AAAF58FF48AB85E1697FE08E2848DDD5BCFB5C564B256E2B5E937700941E5"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(304)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(360)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(1792)
c:\windows\system32\msi.dll
.
Celkový čas: 2011-06-02 15:56:02
ComboFix-quarantined-files.txt 2011-06-02 13:56
ComboFix2.txt 2011-05-25 16:48
.
Před spuštěním: Volných bajtů: 159 644 381 184
Po spuštění: Volných bajtů: 159 677 292 544
.
- - End Of File - - 5FA199DB729238E8B6CD43BD113C3A1D

Odinstaluj:
Ashampoo AntiSpyWare ( stačí Avast)

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner

http://www.edisk.cz/stahni/29485/T-Clea ... 8.5KB.html

smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.


Stáhni AVP Tools
na svojí plochu.

Zaškrtni :
Hidden startup objects
System Memory
Disk boot sectors
Dokumenty
My email
Počítač
Místní disk C
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)
A jiné , např. Flash disky , které máš připojeny.

Pokračuj podle instrukcí.Na konci se objeví textový soubor , který si hned ulož (save log) na svojí plochu pod názvem KAS.txt .Poté sem vlož celý obsah toho logu.

Pokud se Ti log nezobrazí:
Pokud máš AVPtool stále zapnutý, zkus zmáčknout tlačítko Zpráva (Report).
Pokud se Ti zobrazí tabulka, klikni na ní pravým myšítkem a dej Maximalize a měli by se Ti zobrazit výsledky.

data aplikací\sun\java\deployment\cache\6.0\28\...\gromozapa.class

Stav HROZBA:Java:Agent-DU (Exp)

Kaspersky Virus Removal TOOL tohle neoznačil jako vir takže avast zřejmě toto pokládá mylně za vir.
Je to tak?Mám to ignorovat?

LOG Kaspersky Virus Removal TOOL

Automatická kontrola: dokončeno před 2 min. (události: 6, objekty: 1262978, čas: 03:16:26)
2.6.2011 20:17:59 Úloha byla spuštěna
2.6.2011 21:28:48 Zjištěno: Backdoor.Win32.SdBot.tsw C:\Program Files\GTR 2 game\GTR2.exe
2.6.2011 21:47:05 Odstraněno: Backdoor.Win32.SdBot.tsw C:\Program Files\GTR 2 game\GTR2.exe
2.6.2011 21:49:46 Zjištěno: Backdoor.Win32.SdBot.tsw C:\System Volume Information\_restore{C36C42B0-4EAB-4E82-A629-1B3A89A2708B}\RP9\A0001043.exe
2.6.2011 21:50:46 Odstraněno: Backdoor.Win32.SdBot.tsw C:\System Volume Information\_restore{C36C42B0-4EAB-4E82-A629-1B3A89A2708B}\RP9\A0001043.exe
2.6.2011 23:34:26 Úloha byla dokončena

kaspersky odstranil nákazy...

data aplikací\sun\java\deployment\cache\6.0\28\...\gromozapa.class:
asi to bude false positive (omyl) , ale:

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
data aplikací\sun\java\deployment\cache\6.0\28\...\gromozapa.class
najdi sám , neznám přesnou cestu..
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.