Spybot hlasi trojan Virtumonde Vyřešeno

[SM4JL]

Diky, tohle uz se povedlo, log zde:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\Alcmtr.exe moved successfully.
C:\32788R22FWJFW\N_ moved successfully.
C:\32788R22FWJFW moved successfully.
C:\WINDOWS\system32\cmd.execf moved successfully.
File/Folder C:\Windows\System32\AutoRun.bat not found.
File/Folder F:\autorun.bat not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03112009_114509

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

[Reklama]

[SM4JL]

Jeste logy z virustotal:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.03.11 -
AhnLab-V3 5.0.0.2 2009.03.11 -
AntiVir 7.9.0.109 2009.03.11 -
Authentium 5.1.0.4 2009.03.10 -
Avast 4.8.1335.0 2009.03.10 -
AVG 8.0.0.237 2009.03.10 -
BitDefender 7.2 2009.03.11 -
CAT-QuickHeal 10.00 2009.03.11 -
ClamAV 0.94.1 2009.03.11 -
Comodo 1046 2009.03.10 -
DrWeb 4.44.0.09170 2009.03.11 -
eSafe 7.0.17.0 2009.03.11 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.10 -
F-Secure 8.0.14470.0 2009.03.11 -
Fortinet 3.117.0.0 2009.03.11 -
GData 19 2009.03.11 -
Ikarus T3.1.1.45.0 2009.03.11 -
K7AntiVirus 7.10.665 2009.03.10 -
Kaspersky 7.0.0.125 2009.03.11 -
McAfee 5549 2009.03.10 -
McAfee+Artemis 5549 2009.03.10 -
Microsoft 1.4405 2009.03.11 -
NOD32 3925 2009.03.11 -
Norman 6.00.06 2009.03.10 -
nProtect 2009.1.8.0 2009.03.11 -
Panda 10.0.0.10 2009.03.11 -
PCTools 4.4.2.0 2009.03.10 -
Prevx1 V2 2009.03.11 -
Rising 21.20.22.00 2009.03.11 -
SecureWeb-Gateway 6.7.6 2009.03.11 -
Sophos 4.39.0 2009.03.11 -
Sunbelt 3.2.1858.2 2009.03.10 -
Symantec 1.4.4.12 2009.03.11 -
TheHacker 6.3.3.0.278 2009.03.11 -
TrendMicro 8.700.0.1004 2009.03.11 -
VBA32 3.12.10.1 2009.03.11 -
ViRobot 2009.3.11.1645 2009.03.11 -
VirusBuster 4.5.11.0 2009.03.10 -
Rozšiřující informace
File size: 81920 bytes
MD5...: 49ead7a2e700a436591d9bdc72870db0
SHA1..: 48c9c4f939c6fc21df51adfbb08379b94a44b33d
SHA256: 66368689733e5faf118530a25fc897fea15d0b2df73e6532242d57bad9199395
SHA512: a55317504d0ec0ee6c06078c42ef97c6b72f2976ac0804193804587fb36b409a
1fc95680ba77a239c3487c78c802c376ad735041b2fe8c3157c9340e4d04b95f
ssdeep: 1536:9II6nk9SeLy47ddf+FQB/W9+KKI5W0xhSYB0FXyqtvt+F:9INk9SeLy450F
5+2WEhLghoF
PEiD..: -
TrID..: File type identification
Generic CIL Executable (.NET, Mono, etc.) (83.3%)
Win32 Executable Generic (9.7%)
Win16/32 Executable Delphi generic (2.3%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x12b7e
timedatestamp.....: 0x491c2df2 (Thu Nov 13 13:38:58 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2000 0x10b84 0x11000 5.26 50a6bbd2b7eaf4a34a184e909e53e4af
.rsrc 0x14000 0x2e8 0x1000 0.78 e377fe144948ac7003fd4486c8d75182
.reloc 0x16000 0xc 0x1000 0.02 f42f835c5092c183ba48d5a1358cb2f7

( 1 imports )
> mscoree.dll: _CorExeMain

( 0 exports )

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.101 2009.03.11 -
AhnLab-V3 5.0.0.2 2009.03.11 -
AntiVir 7.9.0.109 2009.03.11 -
Authentium 5.1.0.4 2009.03.10 -
Avast 4.8.1335.0 2009.03.10 -
AVG 8.0.0.237 2009.03.10 -
BitDefender 7.2 2009.03.11 -
CAT-QuickHeal 10.00 2009.03.11 -
ClamAV 0.94.1 2009.03.11 -
Comodo 1046 2009.03.10 -
DrWeb 4.44.0.09170 2009.03.11 -
eSafe 7.0.17.0 2009.03.11 Suspicious File
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.10 -
F-Secure 8.0.14470.0 2009.03.11 -
Fortinet 3.117.0.0 2009.03.11 -
GData 19 2009.03.11 -
Ikarus T3.1.1.45.0 2009.03.11 -
K7AntiVirus 7.10.665 2009.03.10 -
Kaspersky 7.0.0.125 2009.03.11 -
McAfee 5549 2009.03.10 -
McAfee+Artemis 5549 2009.03.10 -
Microsoft 1.4405 2009.03.11 -
NOD32 3925 2009.03.11 -
Norman 6.00.06 2009.03.10 -
nProtect 2009.1.8.0 2009.03.11 -
Panda 10.0.0.10 2009.03.11 -
PCTools 4.4.2.0 2009.03.10 -
Prevx1 V2 2009.03.11 -
Rising 21.20.22.00 2009.03.11 -
SecureWeb-Gateway 6.7.6 2009.03.11 -
Sophos 4.39.0 2009.03.11 -
Sunbelt 3.2.1858.2 2009.03.10 -
Symantec 1.4.4.12 2009.03.11 -
TheHacker 6.3.3.0.278 2009.03.11 -
TrendMicro 8.700.0.1004 2009.03.11 -
VBA32 3.12.10.1 2009.03.11 -
ViRobot 2009.3.11.1645 2009.03.11 -
VirusBuster 4.5.11.0 2009.03.10 -
Rozšiřující informace
File size: 396288 bytes
MD5...: c4ca7416a6df6d95075f81d9e3b41ad1
SHA1..: 6ebbb54156e21ac20c27ca1fb8b3ddcacc919fa8
SHA256: 825fd88fe258b67759ca3b55063956510d65a536568b54ca8d2717efbe91cbc6
SHA512: 7b3519b6e8b0d15484d41dfcd324c10dab863e640e9f145a43016da0b61b74f3
646bf9f4b9a88f849f3467e7abb2a15578a51b85b2d10fe8abb4217da190886c
ssdeep: 6144:+CjUfQ7DbE66sVHdkyUkEYn+nVewn+ob/xIytqi20dcUSGreicGGSzMZY:+
CjUSbEAVG95YnNsr2ytL2cc3Gr1
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x142830
timedatestamp.....: 0x466838c1 (Thu Jun 07 16:56:33 2007)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0xfc000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xfd000 0x46000 0x45a00 7.93 8764d7eac0301131e6c79e4aa30317bf
.rsrc 0x143000 0x1b000 0x1ae00 4.69 5f1a0873640fcdb4a281dbf91049814f

( 2 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess
> MSVBVM60.DLL: -

( 0 exports )
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=c4ca7416a6df6d95075f81d9e3b41ad1' target='_blank'>http://www.threatexpert.com/report.aspx?md5=c4ca7416a6df6d95075f81d9e3b41ad1</a>
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX

[jaro3]

Byl jsem mimo net....
Takže zkus ještě jeden script v OTMoveIt3:

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A4BE052-1ACC-4F61-A0B9-31CB7E513108}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3D8AD9DE-0949-402E-9829-5AAA0446FB34}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8B733F2-5CC6-4A54-A1D2-2AF3D079E3B2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9681C1C-C1DF-4970-97BB-86C3E716AFA3}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mygbbbzj]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyApNe]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5e37548-6dba-11dd-a829-001d6057da83}]
 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Postup stejný jako minule, zase log z OTMoveIt3.

[drazor]

Přečti si tohle a vyzkoušej to podle návodu,mě to pomohlo na podobný šnejd.
http://www.antivirovecentrum.cz/clanky/ ... lware.aspx

[SM4JL]

Tak tentokrat uz se to povedlo.Diky za trpelivost. Log zde:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A4BE052-1ACC-4F61-A0B9-31CB7E513108}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3D8AD9DE-0949-402E-9829-5AAA0446FB34}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E8B733F2-5CC6-4A54-A1D2-2AF3D079E3B2}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9681C1C-C1DF-4970-97BB-86C3E716AFA3}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mygbbbzj\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyApNe\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5e37548-6dba-11dd-a829-001d6057da83}\\ deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03172009_133158

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

[SM4JL]

Malwarebytes' Anti-Malware 1.34
Database version: 1831
Windows 5.1.2600 Service Pack 3

17.3.2009 14:51:42
mbam-log-2009-03-17 (14-51-36).txt

Scan type: Quick Scan
Objects scanned: 108441
Time elapsed: 2 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[jaro3]

Vlož sem ještě nový log z HJT.

[SM4JL]

Omlouvam se, ze mi to trvalo tak dlouho, ale jsem v praci jako brigadnik a chodim podle toho jak muzu a jak je/neni prace.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23:45, on 31.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\wamp\mysql\bin\mysqld-nt.exe
C:\Program Files\wamp\apache2\bin\httpd.exe
C:\Program Files\wamp\apache2\bin\httpd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {3A4BE052-1ACC-4F61-A0B9-31CB7E513108} - (no file)
O2 - BHO: (no name) - {3D8AD9DE-0949-402E-9829-5AAA0446FB34} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: (no name) - {E8B733F2-5CC6-4A54-A1D2-2AF3D079E3B2} - (no file)
O2 - BHO: (no name) - {E9681C1C-C1DF-4970-97BB-86C3E716AFA3} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cops.lan
O17 - HKLM\Software\..\Telephony: DomainName = cops.lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AE0C5BB-F912-4522-A177-33C89A1BFF59}: NameServer = 172.16.1.10,172.16.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cops.lan
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = cops.lan
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = cops.lan
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = cops.lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = cops.lan
O20 - Winlogon Notify: mygbbbzj - C:\WINDOWS\
O20 - Winlogon Notify: yayyApNe - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PmsControllerForAIS - cops Ges. m. b. H. - c:\Services\PmsControllerForAIS\Sti32ExeService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Ssvzo - Unknown owner - C:\_Cops\Projects\GEOS\GeosExe\Ssvzo.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe

--
End of file - 7476 bytes

[jaro3]

Jak si dával poslední log z MbAM , tak to můžeš vše smazat.
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O2 - BHO: (no name) - {3A4BE052-1ACC-4F61-A0B9-31CB7E513108} - (no file)
O2 - BHO: (no name) - {3D8AD9DE-0949-402E-9829-5AAA0446FB34} - (no file)
O2 - BHO: (no name) - {E8B733F2-5CC6-4A54-A1D2-2AF3D079E3B2} - (no file)    
O2 - BHO: (no name) - {E9681C1C-C1DF-4970-97BB-86C3E716AFA3} - (no file)
O20 - Winlogon Notify: mygbbbzj - C:\WINDOWS\
O20 - Winlogon Notify: yayyApNe - C:\WINDOWS\


Tuto službu znáš:
O23 - Service: PmsControllerForAIS - cops Ges. m. b. H. - c:\Services\PmsControllerForAIS\Sti32ExeService.exe
?

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Aktualizuj javu:
Java SE Runtime Environment 6u12
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u12-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
pokud nejsou problémy , je to vše.

[SM4JL]

Tuto službu znáš:
O23 - Service: PmsControllerForAIS - cops Ges. m. b. H. - c:\Services\PmsControllerForAIS\Sti32ExeService.exe
?

Ano znam, to je nase vlastni.

[SM4JL]

Tak PC se zda byt ciste, moc diky za pomoc.

Jeste jeden "problem" tu porad mam a nevim proc. Kdyz chci spustit treba Start->Control Panel->Administrative Tools->Services, tak mi to nahlasi, ze pristup k services.msc byl odepren. Divny je, ze kdyz dam na "Services" Run As... a zvolim current user, tak to jde(sice to nejak divne zobrazuje, ale funguje) a kdyz navic odskrtnu "Protec my computer and data from unauthorized program activity", tak to jede uplne normalne. Stejny je to s ostatnimi Administrative Tools:(
Prihlasuju se domeny. Nevim, jestli mi s tim muzes pomoct. Kdyz ne, tak nevadi.

[jaro3]

Leda opravit , viry to již není..
Stáhni si Dial-a-fix
Control Panel applets - Pokusí se o opravu Ovládacích panelů.
Nebo:
Klikni na kladívko-další možnosti:
SFC scan - Spustí nástroj pro kontrolu systémových souborů (případná potřeba instalačního media Windows).
Dej zatržítko na službu a potom na GO.
Jinak opravit pomocí konzole s CD s Win.