Detekován spyware na PC (vyřešeno)

[Mara.]

Ahoj videl jsem ze tu byl tento pripad resen, ale natroufam si do toho moc sam. Po otevreni exploreru se mi jako domovska stranka objevuje http://www.theguardservices.com, obcas "about blank", hlasi to jakysi spyware. Zkousel jsem Spybot, Ad aware, Spyware Doctor, ale vysledek zadny. Posilam vysledek z HijackThis a budu doufat v pomoc od vas:) Diky moc. Kdyztak prosim vysvetleni a postup jako pro laika...:)

Logfile of HijackThis v1.99.1
Scan saved at 22:05:56, on 2.5.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Marek Tůma\Dokumenty\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = devetsil.vse.cz:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpBE09.tmp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.cz/Comp/signer.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/cs/big/1 ... gleNav.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

/změna nadpisu
/mikel

[Reklama]

[iwigirl]

ahoj, doufám, že nebude vadit, že to neřeší mijaja, ale vidím,že tu není, tak ti poradím já:

použij nnncleaner v nouzovém režimu- http://ne-e.eu/down/nnncleaner.exe

[mikel]

Trochu konkrétněji:

V Hijacku fixni tyto položky:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpBE09.tmp
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com

Ten červeně označený soubor najdi na disku a smaž. Vypni si Obnovení systému, pak restartuj do nouzového režimu a smaž tento soubor:
C:\WINDOWS\system32\dcomcfg.exe

Pak sem dej nový log a budem pokračovat dál.

[Mara.]

Takze potom co jsem to udelal tak je tu novy log:

Logfile of HijackThis v1.99.1
Scan saved at 22:08:56, on 3.5.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Marek Tůma\Dokumenty\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = devetsil.vse.cz:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp8C33.tmp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.cz/Comp/signer.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/cs/big/1 ... gleNav.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

[iwigirl]

mám jen takový dotaz: použil jsi ten nnnclaner v nouzovém, co jsem ti radila, nebo ne? protože ten šmejd tam pořád je..

[mikel]

Jak píše iwigirl, objevil se tam znova:
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp8C33.tmp

Použij ten nnncleaner v nouzovém režimu (pomocí F8 při bootování).

[Mara.]

Provedeno podle rady,takze po pouziti nnncleaneru v nouzovem rezimu nasledujici:

Logfile of HijackThis v1.99.1
Scan saved at 22:50:34, on 3.5.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Marek Tůma\Dokumenty\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = devetsil.vse.cz:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp8C33.tmp (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.cz/Comp/signer.cab
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/cs/big/1 ... gleNav.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

[iwigirl]

bezva, je po něm

toto fixni v hijackthis( zaškrtnout + zmáčknout FIX):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp8C33.tmp (file missing)

chybí ti firewall, takže je počítač otevřen útokům z internetu.

[mikel]

Dobře, je pryč. Takže teď už jenom fixni v hijacku ten řádek, ať tam nestraší:
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp8C33.tmp (file missing)

Stáhni si MWAV a zkontroluj jím počítač. Neděs se, protože to může trvat hodně dlouho - je to hodně důkladný scan.
Log, který vyjede bude hooooooooodně dlouhý, takže vyber pouze řádky s textem vir, trojan, adware, spyware, error. Příklad:
File E:\Share\Backup\BearShareINSTALL.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.bo". Action Taken: No Action Taken.
Takto probraný log sem zkopíruj.

Ale před spuštěním MWAVu musíš smazat přebytečné soubory CCleanerem!

[Mara.]

Stahuju mwav, hned to necham projet a davam to sem. Moc obema diky za rady

[Mara.]

Ahoj, posílam tu výsledky z MWAV:

Object "troj/taladra-f BackDoor" found in File System! Action Taken: No Action Taken.
Object "funwebproducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.
File C:\Documents and Settings\Marek Tůma\Data aplikací\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv517.jar-25f34200-7b285e26.zip infected by "Trojan-Downloader.Java.OpenStream.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Marek Tůma\Dokumenty\ccsetup128.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
File C:\Documents and Settings\Marek Tůma\Dokumenty\MOJE\EXE.soubory\ACDSee_v7[1].0_and_v7.0_PowerPack.zip infected by "Trojan-Downloader.Win32.IstBar.ja" Virus! Action Taken: No Action Taken.
File C:\Program Files\ESET\cache\FND1.NFI tagged as not-a-virus:Downloader.Win32.WinFixer.f. No Action Taken.
File C:\Program Files\ESET\cache\FND2.NFI tagged as not-a-virus:Downloader.Win32.WinFixer.f. No Action Taken.
File C:\Program Files\ESET\cache\FND3.NFI tagged as not-a-virus:Downloader.Win32.WinFixer.f. No Action Taken.
File C:\Program Files\ESET\cache\FND4.NFI tagged as not-a-virus:Downloader.Win32.WinFixer.f. No Action Taken.
File C:\Program Files\ESET\cache\FND5.NFI tagged as not-a-virus:Downloader.Win32.WinFixer.f. No Action Taken.
File C:\Program Files\ESET\cache\FND6.NFI tagged as not-a-virus:Downloader.Win32.WinFixer.f. No Action Taken.
File C:\Program Files\ESET\cache\FND7.NFI tagged as not-a-virus:Downloader.Win32.WinFixer.f. No Action Taken.
File C:\Program Files\ESET\cache\FND8.NFI tagged as not-a-virus:Downloader.Win32.WinFixer.f. No Action Taken.
File C:\Program Files\ESET\cache\FND9.NFI tagged as not-a-virus:Downloader.Win32.WinFixer.f. No Action Taken.
File C:\Program Files\ESET\infected\0XPPEFBA.NQF tagged as not-a-virus:Downloader.Win32.WinFixer.f. No Action Taken.
File C:\Program Files\ESET\infected\ECMBMTAA.NQF tagged as not-a-virus:Downloader.Win32.WinFixer.f. No Action Taken.
File C:\Program Files\ESET\infected\ITGEIPBA.NQF tagged as not-a-virus:Downloader.Win32.WinFixer.f. No Action Taken.
File C:\Program Files\ESET\infected\KSCQJGCA.NQF tagged as "not-a-virus:Dialer.Win32.CZDial.a". Action Taken: No Action Taken.
File C:\Program Files\ESET\infected\OXXDLCDA.NQF tagged as not-a-virus:Downloader.Win32.WinFixer.f. No Action Taken.
File C:\Program Files\ESET\infected\QXSP3FAA.NQF tagged as not-a-virus:Downloader.Win32.WinFixer.f. No Action Taken.
File C:\Program Files\ESET\infected\V1SJALAA.NQF tagged as not-a-virus:Downloader.Win32.WinFixer.f. No Action Taken.

[mijaja]

No většina šmejdů je v karanténě NODu - tu dej vymazat, další jsou v cache Javy - tu taky vyčisti -

To jsou všechno nepotřebné soubory.
ccsetup - instalačku CCleaneru taky smaž.

C:\Program Files\ESET\cache - ty soubory FND*.NFI tady v té složce jsou nějaké divné - Určitě nepatří do programu NODu, taky s němi pryč!

C:\Documents and Settings\Marek Tůma\Dokumenty\MOJE\EXE.soubory\ACDSee_v7[1].0_and_v7.0_PowerPack.zip
tohle máš nějaký crack? Pryč s ním!

To je celý výběr z MWAVu? Jestli jo, tak se zbav tady tohoto nahoře a máš komp na chvíli v pořádku.