Prosím o kontrolu logu - Warning Dangerous Spyware na ploše

[bajola]

Dostala se mi do PC ňáka mrcha, která mi na ploše zobrazuje varovný okno Warning Dangerous Spyware a v levym dolnim rohu na liste cervenou ikonu s krizkem Warning! Security report Your computer is infected! It is recommended to start spyware cleanear tool. Odkazuje to na web nakyho Antivirus XP Pro.

Udělala jsem logy z HijackThis a Combofix podle nějakýho návodu tady a potřebovala bych, aby se na to někdo podíval a napsal mi příkazy, ze kterých si mám vytvořit reg soubor (obdobně jako viewtopic.php?f=47&t=29115&p=180607).

Moc díky!

Log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:21:31, on 2.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Avast4\aswUpdSv.exe
G:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
G:\Program Files\Avast4\ashServ.exe
G:\WINDOWS\system32\RunDll32.exe
G:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
G:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
G:\PROGRA~1\Avast4\ashDisp.exe
G:\Program Files\Java\jre6\bin\jusched.exe
G:\WINDOWS\system32\frmwrk32.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\ICQPlus\vplus.exe
G:\Program Files\Skype\Phone\Skype.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Java\jre6\bin\jqs.exe
G:\Program Files\NetLimiter 2 Pro\nlsvc.exe
G:\WINDOWS\system32\HPZipm12.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Avast4\ashMaiSv.exe
G:\Program Files\Avast4\ashWebSv.exe
G:\Program Files\Skype\Plugin Manager\skypePM.exe
G:\Program Files\NetLimiter 2 Pro\NLClient.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\wuauclt.exe
G:\WINDOWS\system32\frmwrk32.exe
G:\Documents and Settings\Olga\Data aplikací\Microsoft\Windows\lsass.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe
G:\Documents and Settings\Olga\Olga.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - G:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LVCOMS] G:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] G:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Enterra Icon Keeper] "G:\Program Files\Enterra\Icon Keeper\IcnKeepr.exe" ssp /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] G:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ Plus] "G:\Program Files\ICQPlus\vplus.exe"
O4 - HKCU\..\Run: [Skype] "G:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Olga] G:\Documents and Settings\Olga\Olga.exe /i
O4 - HKLM\..\Policies\Explorer\Run: [Lsass Service] G:\Documents and Settings\Olga\Data aplikací\Microsoft\Windows\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - G:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - G:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - G:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: 1235904601_m7d_opf_260209 - 1235904601_m7d_opf_260209.dll (file missing)
O20 - Winlogon Notify: c00E4450 - G:\WINDOWS\SYSTEM32\c00E4450.mat
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - G:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - G:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - G:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe
O23 - Service: ServiceLayer - Nokia. - G:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 6331 bytes


Log z Combofix:

ComboFix 09-03-01.01 - Olga 2009-03-02 13:31:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.2047.1650 [GMT 1:00]
Spuštěný z: g:\documents and settings\Olga\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090301-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

g:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
g:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
g:\documents and settings\Olga\Data aplikací\Microsoft\Windows\lsass.exe
g:\documents and settings\Olga\Olga.exe
g:\windows\system32\ahtn.htm
g:\windows\system32\drivers\140.exe
g:\windows\system32\drivers\31.exe
g:\windows\system32\frmwrk32.exe
g:\windows\system32\test.ttt
g:\windows\system32\uniq.tll
g:\windows\system32\warning.gif

----- BITS: Možné infikované stránky -----

hxxp://miragenetworks.net
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-02 do 2009-03-02 )))))))))))))))))))))))))))))))
.

2009-03-02 13:21 . 2009-03-02 13:21 <DIR> d-------- g:\program files\Trend Micro
2009-03-02 13:21 . 2009-03-02 13:21 20,992 --ahs---- g:\windows\system32\c007DD8E.mat
2009-03-02 11:16 . 2009-02-23 00:13 15,688 --a------ g:\windows\system32\lsdelete.exe
2009-03-02 11:14 . 2009-03-02 11:14 <DIR> d-------- g:\documents and settings\LocalService\Plocha
2009-03-02 11:13 . 2009-03-02 11:13 20,992 --ahs---- g:\windows\system32\c00E4450.mat
2009-02-25 14:35 . 2009-02-25 14:35 <DIR> d-------- g:\program files\Windows Media Connect 2
2009-02-25 14:35 . 2008-04-14 13:00 221,184 --a------ g:\windows\system32\wmpns.dll
2009-02-25 14:32 . 2009-02-25 14:32 <DIR> d-------- g:\windows\system32\LogFiles
2009-02-25 14:32 . 2009-02-25 14:33 <DIR> d-------- g:\windows\system32\drivers\UMDF
2009-02-20 00:01 . 2009-02-20 00:00 410,984 --a------ g:\windows\system32\deploytk.dll
2009-02-20 00:01 . 2009-02-20 00:00 73,728 --a------ g:\windows\system32\javacpl.cpl
2009-02-20 00:00 . 2009-02-20 00:00 <DIR> d-------- g:\program files\Java
2009-02-15 20:00 . 2009-02-15 20:00 <DIR> d-------- g:\documents and settings\Olga\Data aplikací\Datalayer
2009-02-12 00:35 . 2009-02-12 00:35 59,854 --a------ g:\windows\ATMREG.ATM
2009-02-12 00:33 . 2009-02-12 00:33 <DIR> d-------- G:\PSFONTS
2009-02-12 00:33 . 2009-02-12 00:33 <DIR> d-------- g:\program files\Adobe Type Manager
2009-02-12 00:33 . 2000-05-24 15:20 15,360 --a------ g:\windows\system32\ATMsrvc.exe
2009-02-12 00:32 . 2009-02-12 00:32 <DIR> d-------- g:\documents and settings\Olga\WINDOWS
2009-02-12 00:32 . 2000-05-24 15:02 299,520 --a------ g:\windows\uninst.exe
2009-02-08 16:29 . 2009-02-08 16:29 <DIR> d-------- g:\documents and settings\Olga\Data aplikací\Nero
2009-02-03 12:03 . 2009-02-03 12:03 <DIR> d-------- g:\program files\Jalbum8.1

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 12:27 --------- d-----w g:\documents and settings\Olga\Data aplikací\Skype
2009-03-02 11:04 --------- d-----w g:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-03-02 09:11 --------- d-----w g:\documents and settings\Olga\Data aplikací\skypePM
2009-02-28 19:24 --------- d-----w g:\program files\ICQ
2009-02-28 18:48 --------- d-----w g:\program files\DCC++
2009-02-15 17:37 --------- d-----w g:\program files\Safari
2009-02-15 17:35 --------- d-----w g:\program files\QuickTime
2009-02-13 10:11 --------- d-----w g:\program files\Avast4
2009-02-09 13:17 --------- d-----w g:\program files\IETester
2009-02-05 23:50 --------- d-----w g:\program files\TC UP
2009-02-05 11:09 --------- d-----w g:\program files\Common Files\Adobe
2009-02-03 12:26 --------- d-----w g:\program files\SpeedFan
2009-01-31 19:43 --------- d-----w g:\program files\DreamCom
2009-01-27 15:34 --------- d-----w g:\documents and settings\Olga\Data aplikací\Thinstall
2009-01-27 15:05 --------- d-----w g:\documents and settings\Olga\Data aplikací\Winamp
2009-01-26 00:01 --------- d-----w g:\documents and settings\Olga\Data aplikací\OpenOffice.org
2009-01-25 23:58 --------- d-----w g:\program files\OpenOffice.org 3
2009-01-25 23:29 --------- d-----w g:\program files\Microsoft
2009-01-25 23:13 64,160 ----a-w g:\windows\system32\drivers\Lbd.sys
2009-01-25 23:11 --------- dc-h--w g:\documents and settings\All Users\Data aplikací\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-25 23:11 --------- d-----w g:\program files\Lavasoft
2009-01-25 23:11 --------- d-----w g:\documents and settings\All Users\Data aplikací\Lavasoft
2009-01-25 22:46 --------- d-----w g:\program files\Spybot - Search & Destroy
2009-01-25 22:27 --------- d-----w g:\documents and settings\Olga\Data aplikací\Locktime
2009-01-25 22:26 --------- d-----w g:\program files\NetLimiter 2 Pro
2009-01-25 22:26 --------- d-----w g:\documents and settings\All Users\Data aplikací\Locktime
2009-01-25 22:20 --------- d-----w g:\program files\SiSoftware
2009-01-25 22:13 --------- d-----w g:\program files\Winamp
2009-01-25 22:10 --------- d-----w g:\program files\Apple Software Update
2009-01-25 22:10 --------- d-----w g:\documents and settings\All Users\Data aplikací\Apple Computer
2009-01-25 22:10 --------- d-----w g:\documents and settings\All Users\Data aplikací\Apple
2009-01-25 21:55 --------- d-----w g:\program files\MSXML 4.0
2009-01-25 21:17 --------- d-----w g:\program files\Enterra
2009-01-25 20:55 --------- d-----w g:\program files\Opera
2009-01-25 20:47 --------- d-----w g:\program files\Skype
2009-01-25 20:47 --------- d-----w g:\program files\Common Files\Skype
2009-01-25 20:47 --------- d-----w g:\documents and settings\All Users\Data aplikací\Skype
2009-01-25 20:39 --------- d-----w g:\program files\ICQPlus
2009-01-25 20:21 --------- d--h--w g:\program files\InstallShield Installation Information
2009-01-25 20:21 --------- d-----w g:\program files\Realtek Sound Manager
2009-01-25 20:21 --------- d-----w g:\program files\AvRack
2009-01-25 20:20 --------- d-----w g:\program files\Marvell
2009-01-25 19:17 --------- d-----w g:\program files\directx
2009-01-25 19:17 --------- d-----w g:\program files\Common Files\Logitech
2009-01-25 19:16 --------- d-----w g:\program files\Windows Media Components
2009-01-25 19:16 --------- d-----w g:\program files\Logitech
2009-01-25 19:12 --------- d-----w g:\program files\Canon
2009-01-25 19:09 --------- d-----w g:\program files\Common Files\InstallShield
2009-01-25 19:02 --------- d-----w g:\program files\DIFX
2009-01-25 19:02 --------- d-----w g:\program files\Common Files\PCSuite
2009-01-25 19:02 --------- d-----w g:\program files\Common Files\Nokia
2009-01-25 19:02 --------- d-----w g:\documents and settings\All Users\Data aplikací\PC Suite
2009-01-25 19:01 --------- d-----w g:\program files\Nokia
2009-01-25 19:01 --------- d-----w g:\documents and settings\Olga\Data aplikací\PC Suite
2009-01-25 19:01 --------- d-----w g:\documents and settings\All Users\Data aplikací\Downloaded Installations
2009-01-25 18:43 --------- d-----w g:\program files\USB Headset
2009-01-25 18:40 --------- d-----w g:\program files\Neat Image
2009-01-25 18:38 --------- d-----w g:\program files\Advanced Fonts Viewer v1.8
2009-01-25 18:18 --------- d-----w g:\program files\Intel
2009-01-25 16:48 --------- d-----w g:\documents and settings\Olga\Data aplikací\HP
2009-01-25 16:46 --------- d-----w g:\documents and settings\All Users\Data aplikací\HP
2009-01-25 16:44 --------- d-----w g:\program files\HP
2009-01-25 16:43 --------- d-----w g:\program files\Hewlett-Packard
2009-01-25 16:43 --------- d-----w g:\program files\Common Files\Hewlett-Packard
2009-01-25 16:20 --------- d-----w g:\program files\microsoft frontpage
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ICQ Plus"="g:\program files\ICQPlus\vplus.exe" [2002-12-04 11776]
"Skype"="g:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="g:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 90112]
"LogitechGalleryRepair"="g:\program files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 155648]
"Enterra Icon Keeper"="g:\program files\Enterra\Icon Keeper\IcnKeepr.exe" [2006-08-18 57344]
"Adobe Reader Speed Launcher"="g:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Ad-Watch"="g:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-23 509784]
"avast!"="g:\progra~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="g:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="g:\program files\Java\jre6\bin\jusched.exe" [2009-02-20 148888]
"Framework Windows"="frmwrk32.exe" [2009-03-02 g:\windows\system32\frmwrk32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Lsass Service"="g:\documents and settings\Olga\Data aplikací\Microsoft\Windows\lsass.exe" [2009-03-02 77824]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c00E4450]
2009-03-02 11:13 20992 g:\windows\system32\c00E4450.mat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"g:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"g:\\Program Files\\ICQ\\Icq.exe"=
"g:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\sandra.exe"=
"g:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcSandraSrv.exe"=
"g:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional 2005\\RpcDataSrv.exe"=
"g:\\Program Files\\DCC++\\CZDCPlusPlus.exe"=
"g:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\WINDOWS\\system32\\userinit.exe"=
"g:\\Program Files\\Common Files\\Logitech\\QCDriver2\\LVComS.exe"=

R0 Lbd;Lbd;g:\windows\system32\drivers\Lbd.sys [2009-01-26 64160]
R1 aswSP;avast! Self Protection;g:\windows\system32\drivers\aswSP.sys [2009-01-26 114768]
R1 nltdi;nltdi;g:\windows\system32\drivers\nltdi.sys [2007-04-23 82200]
R2 aswFsBlk;aswFsBlk;g:\windows\system32\drivers\aswFsBlk.sys [2009-01-26 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;g:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R3 PSched;Plánovač paketů technologie QoS;g:\windows\system32\drivers\psched.sys [2008-04-14 69120]
S2 amd64si;amd64si;g:\windows\system32\drivers\amd64si.sys [2009-03-02 22784]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - AMD64SI
*NewlyCreated* - WS2IFSL
*Deregistered* - WS2IFSL
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5c84339-eafc-11dd-9eaf-eaf2fe1c46a2}]
\Shell\AutoRun\command - wdsync.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-02-22 g:\windows\Tasks\Ad-Aware Update (Weekly).job
- g:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-23 00:13]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Olga - g:\documents and settings\Olga\Olga.exe
HKLM-Run-CmUsbSound - cmcnfgu.cpl
Notify-1235904601_m7d_opf_260209 - 1235904601_m7d_opf_260209.dll


.
------- Doplňkový sken -------
.
LSP: g:\docume~1\Olga\LOCALS~1\Temp\ntdll64.dll
FF - ProfilePath - g:\documents and settings\Olga\Data aplikací\Mozilla\Firefox\Profiles\ppculrad.default\
FF - prefs.js: browser.startup.homepage - http://www.seznam.cz

---- NASTAVENÍ FIREFOXU ----
g:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 13:33:05
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Lsass Service = g:\documents and settings\Olga\Data aplikac?\Microsoft\Windows\lsass.exe???????????????????????????????????????????????????????

skenování skrytých souborů ...


g:\windows\system32\uniq.tll 1 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(692)
g:\windows\system32\c00E4450.mat
g:\windows\system32\c007DD8E.mat
.
Celkový čas: 2009-03-02 13:35:13
ComboFix-quarantined-files.txt 2009-03-02 12:35:10

Před spuštěním: Volných bajtů: 25 905 811 456
Po spuštění: Volných bajtů: 26,044,862,464

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

231 --- E O F --- 2009-02-27 00:38:58

[Reklama]

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
g:\windows\system32\c007DD8E.mat
g:\windows\system32\c00E4450.mat

DirLook::
g:\documents and settings\Olga\WINDOWS

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c00E4450]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5c84339-eafc-11dd-9eaf-eaf2fe1c46a2}]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[jaro3]

Ten script už nedělej, protože jsi použila před scriptem návod z netu, tak je tady každá rada drahá.
Těžko říct , ale něco jsi smazala cos neměla, pak Ti to dělá ty problémy. Tak bych Ti asi poradil to dořešit tam.