Prosim o kontrolu logu

[garlic]

PC se mi zacalo neustale sekat, nekdy nejde nab. start, plocha...
prosim moc o radu..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:27:30, on 10.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\kalymcwv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
c:\windows\explorer.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\addins\UpdaterUI.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\netfix32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\program files\ICQ6\ICQ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\program files\RadarSync\RadarSync 2007\RadarSync2007.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\install\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {AF4EC132-BFF7-40B3-82D3-5260F492D767} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: (no name) - {FD49131F-F916-4764-AD27-F7C1A3106551} - C:\WINDOWS\system32\vtstt.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UpdaterUI.exe] C:\WINDOWS\system32\addins\UpdaterUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\winsystem.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Microsoft] netfix32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [Microsoft] netfix32.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ICQ] "C:\program files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\winsystem.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mobiola Studio for Nokia.lnk = C:\program files\Mobiola Studio for Nokia\MobiolaStudioNokia.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\program files\RALINK\Common\ApUI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\program files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\program files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (file missing)
O20 - Winlogon Notify: mljhecy - mljhecy.dll (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\kalymcwv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Windows Security Manager - Unknown owner - C:\Program Files\Outlook Express\msinm.exe

--
End of file - 6207 bytes

[Reklama]

[fredik]

Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT

[garlic]

tady

SDFix: Version 1.108

Run by G e N on st 10.10.2007 at 14:47

Microsoft Windows XP [Verze 5.1.2600]

Running From: C:\sdfix\SDFix

Safe Mode:
Checking Services:

Name:
Windows Security Manager

ImagePath:
C:\Program Files\Outlook Express\msinm.exe

Windows Security Manager - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Program Files\Ipwindows\UnInstall.exe - Deleted
C:\WINDOWS\system32\netfix32.exe - Deleted
C:\WINDOWS\system32\plugin1.dat - Deleted
C:\WINDOWS\system32\SysPr.prx - Deleted


Folder C:\Program Files\Ipwindows - Removed
Folder C:\WINDOWS\system32\Bifrost - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\dc\\StrongDC.exe"="C:\\dc\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Temp\\MirandaIM\\miranda32.exe"="C:\\Temp\\MirandaIM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\program files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\program files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)"
"C:\\program files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\program files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)"
"C:\\program files\\uTorrent\\utorrent.exe"="C:\\program files\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"C:\\program files\\Hamachi\\hamachi.exe"="C:\\program files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Garry's Mod 10\\hl2.exe"="C:\\Garry's Mod 10\\hl2.exe:*:Enabled:hl2"
"C:\\Documents and Settings\\G e N\\Plocha\\Mir4nda-IM-0.6.7-Pack-v1.82\\miranda32.exe"="C:\\Documents and Settings\\G e N\\Plocha\\Mir4nda-IM-0.6.7-Pack-v1.82\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Documents and Settings\\G e N\\Plocha\\MirandaIM\\miranda32.exe"="C:\\Documents and Settings\\G e N\\Plocha\\MirandaIM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\UT2004\\System\\UT2004.exe"="C:\\UT2004\\System\\UT2004.exe:*:Enabled:UT2004"
"C:\\Documents and Settings\\G e N\\Plocha\\Mir4nda-IM-0.6.8-Pack-v1.8.2\\miranda32.exe"="C:\\Documents and Settings\\G e N\\Plocha\\Mir4nda-IM-0.6.8-Pack-v1.8.2\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\program files\\VideoLAN\\VLC\\vlc.exe"="C:\\program files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\totalcmd\\TOTALCMD.EXE"="C:\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\symb\\starftp.exe"="C:\\symb\\starftp.exe:*:Enabled:Star FTP Server"
"C:\\program files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\program files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\program files\\common files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\program files\\common files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\WINDOWS\\system32\\kalymcwv.exe"="C:\\WINDOWS\\system32\\kal"
"C:\\program files\\ICQ6\\ICQ.exe"="C:\\program files\\ICQ6\\ICQ.exe:*:Enabled:ICQ Library"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\sdfix\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 1 Jan 2000 18,241 A.SH. --- "C:\RECYCLER\syslog.exe"
Sat 1 Jan 2000 69,632 A.SH. --- "C:\RECYCLER\Update.exe"
Mon 25 Jun 2007 0 A.SH. --- "C:\WINDOWS\Coffee Bean.bmp.bak"
Thu 25 Oct 2001 34,824 A..H. --- "C:\WINDOWS\WINWORD.exe"
Thu 25 Oct 2001 69,632 A.SH. --- "C:\program files\outlook express\msinm.exe"
Sat 1 Jan 2000 18,241 A.SH. --- "C:\WINDOWS\repair\security.bak"
Mon 23 Jul 2007 891,831 A.SH. --- "C:\WINDOWS\system32\ttstv.tmp"
Mon 17 Sep 2007 695,513 ..SH. --- "C:\WINDOWS\system32\ttstv.bak1"
Mon 17 Sep 2007 695,088 ..SH. --- "C:\WINDOWS\system32\ttstv.bak2"
Mon 28 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 1 Jan 2000 18,241 A.SH. --- "C:\WINDOWS\system32\addins\UpdaterUI.exe"
Sun 22 Jan 2006 0 A.SH. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\$b17a2e8.tmp"
Sun 22 Jan 2006 0 A.SH. --- "C:\Documents and Settings\x\Local Settings\Temp\$b17a2e8.tmp"
Tue 24 Jul 2007 1,167,360 A.SH. --- "C:\Documents and Settings\G e N\Plocha\DCIM\100OLYMP\SIV1B.tmp"
Mon 2 Apr 2007 2,473,984 A.SH. --- "C:\Documents and Settings\G e N\Plocha\DCIM\100OLYMP\SIV4.tmp"

Finished!

a tady

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:33, on 10.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\kalymcwv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\addins\UpdaterUI.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\program files\ICQ6\ICQ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\RALINK\Common\ApUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\install\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {AF4EC132-BFF7-40B3-82D3-5260F492D767} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: (no name) - {FD49131F-F916-4764-AD27-F7C1A3106551} - C:\WINDOWS\system32\vtstt.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UpdaterUI.exe] C:\WINDOWS\system32\addins\UpdaterUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ICQ] "C:\program files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mobiola Studio for Nokia.lnk = C:\program files\Mobiola Studio for Nokia\MobiolaStudioNokia.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\program files\RALINK\Common\ApUI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\program files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\program files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll (file missing)
O20 - Winlogon Notify: mljhecy - mljhecy.dll (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\kalymcwv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5819 bytes

[fredik]

Otestuj tento soubor na VirusTotall a vlož sem pak výsledek:
C:\WINDOWS\system32\addins\UpdaterUI.exe
pro lepši nalezení soubor si zapni zobrazení skrytých souborů a složek.

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[garlic]

ComboFix 07-10-10.1 - G e N 2007-10-10 17:08:28.1 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.273 [GMT 2:00]
Running from: C:\install\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\GarlicElNegro\err.log
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\Companion Wizard\compwiz.exe
C:\Program Files\Common Files\companion wizard\compwiz.exe
C:\Program Files\Common Files\Companion Wizard\CompWiz.xml
C:\Program Files\Common Files\companion wizard\CompWiz.xml
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
C:\Program Files\Common Files\companion wizard\WapCHK.dll
C:\Program Files\Common Files\winantivirus pro 2007
C:\Program Files\Common Files\winantivirus pro 2007\atl71.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007\atl71.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007\err.log
C:\Program Files\Common Files\winantivirus pro 2007\err.log
C:\Program Files\Common Files\winantivirus pro 2007\mav_startupmon.exe
C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe
C:\Program Files\Common Files\WinAntiVirus Pro 2007\mfc71.dll
C:\Program Files\Common Files\winantivirus pro 2007\mfc71.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007\msvcp71.dll
C:\Program Files\Common Files\winantivirus pro 2007\msvcp71.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007\msvcr71.dll
C:\Program Files\Common Files\winantivirus pro 2007\msvcr71.dll
C:\Program Files\Common Files\winantivirus pro 2007\SpOrder.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007\SpOrder.dll
C:\Program Files\Common Files\winantivirus pro 2007\uwa7pcw.exe
C:\Program Files\Common Files\WinAntiVirus Pro 2007\uwa7pcw.exe
C:\Program Files\Common Files\winantivirus pro 2007\WAPChk.dll
C:\Program Files\Common Files\WinAntiVirus Pro 2007\WAPChk.dll
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe
C:\Program Files\screensavers.com\SSSInstaller\bin\SSSInstaller.dll
C:\Program Files\screensavers.com\SSSInstaller\temp\Koi Fish 3D.exe
C:\Program Files\screensavers.com\SSSUninst.exe
C:\RECYCLER\syslog.exe
C:\RECYCLER\Update.exe
C:\UWA7P
C:\WA7P
C:\WA7P\Quar\b1ptafbh
C:\WA7P\Quar\gagvczsx
C:\WA7P\Quar\gagznmvc
C:\WA7P\Quar\gajnteqz
C:\WA7P\Quar\gajqejtd
C:\WA7P\Quar\gaptafbh
C:\WA7P\Quar\gashfxpm
C:\WA7P\Quar\Index.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awhjxstk.exe
C:\WINDOWS\system32\cxqblfoi.exe
C:\WINDOWS\system32\flyjylqb.exe
C:\WINDOWS\system32\fricufgb.exe
C:\WINDOWS\system32\iqplrerj.exe
C:\WINDOWS\system32\kalymcwv.exe
C:\WINDOWS\system32\khffcbc.dll
C:\WINDOWS\system32\lrdrxpxi.exe
C:\WINDOWS\system32\mbppvrkp.exe
C:\WINDOWS\system32\mlejievx.exe
C:\WINDOWS\system32\pydveale.exe
C:\WINDOWS\system32\ssqrron.dll
C:\WINDOWS\system32\ttstv.bak1
C:\WINDOWS\system32\ttstv.bak1
C:\WINDOWS\system32\ttstv.bak2
C:\WINDOWS\system32\ttstv.bak2
C:\WINDOWS\system32\ttstv.ini
C:\WINDOWS\system32\ttstv.ini
C:\WINDOWS\system32\ttstv.ini2
C:\WINDOWS\system32\ttstv.ini2
C:\WINDOWS\system32\ttstv.tmp
C:\WINDOWS\system32\ttstv.tmp
C:\WINDOWS\system32\vbdcrjfl.exe
C:\WINDOWS\system32\vspckmpw.exe
C:\WINDOWS\system32\wbkqvpry.exe
C:\WINDOWS\system32\wkatddly.exe
C:\WINDOWS\system32\wvuvvuv.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-10 17:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 14:46 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-10 14:05 <DIR> d----c--- C:\RadarSync Downloads
2007-10-10 14:05 <DIR> d----c--- C:\program files\RadarSync
2007-10-04 23:55 1,032,704 --a--c--- C:\notepad.exe
2007-10-02 19:28 <DIR> d----c--- C:\Temp\garrysmod
2007-10-02 18:52 401,920 --a--c--- C:\Temp\GMod10[Final].exe
2007-10-02 18:52 106,496 --a--c--- C:\Temp\hl2.exe
2007-10-02 18:51 <DIR> d----c--- C:\Temp\platform
2007-10-02 18:51 <DIR> d----c--- C:\Temp\hl2
2007-10-02 18:51 <DIR> d----c--- C:\Temp\bin
2007-10-02 18:45 <DIR> d--h-c--- C:\Documents and Settings\Administrator.GEN\ćablony
2007-10-02 18:45 <DIR> d----c--- C:\Documents and Settings\Administrator.GEN\Plocha
2007-10-02 18:45 <DIR> d--h-c--- C:\Documents and Settings\Administrator.GEN\Okolnˇ tisk rny
2007-10-02 18:45 <DIR> d--h-c--- C:\Documents and Settings\Administrator.GEN\Okolnˇ sˇś
2007-10-02 18:45 <DIR> dr---c--- C:\Documents and Settings\Administrator.GEN\Oblˇben‚ polo§ky
2007-10-02 18:45 <DIR> dr---c--- C:\Documents and Settings\Administrator.GEN\Nabˇdka Start
2007-10-02 18:45 <DIR> dr---c--- C:\Documents and Settings\Administrator.GEN\Dokumenty
2007-10-02 18:45 <DIR> dr-h-c--- C:\Documents and Settings\Administrator.GEN\Data aplikacˇ
2007-10-02 18:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-01 23:39 <DIR> d----c--- C:\Videos
2007-10-01 21:00 <DIR> d----c--- C:\program files\PhotoFiltre
2007-09-30 21:05 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-09-30 21:05 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-09-30 21:05 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-09-30 18:46 <DIR> d----c--- C:\ram
2007-09-26 22:16 <DIR> d----c--- C:\program files\Zoner
2007-09-26 22:15 <DIR> d----c--- C:\program files\common files\Wise Installation Wizard
2007-09-15 23:30 <DIR> d----c--- C:\photo
2007-09-13 20:41 <DIR> d----c--- C:\program files\K-Lite Codec Pack
2007-09-13 20:41 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-09-13 20:41 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-09-13 20:41 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-09-13 20:41 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-09-10 15:50 <DIR> d----c--- C:\program files\ICQ6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-02 05:13 --------- dc----w C:\Program Files\DAEMON Tools
2007-10-01 19:16 --------- dc----w C:\Program Files\Winamp
2007-09-25 21:33 --------- dc----w C:\Program Files\EA SPORTS
2007-09-09 09:20 --------- dc----w C:\Program Files\Nokia
2007-09-09 09:20 --------- dc----w C:\Program Files\Common Files\PCSuite
2007-09-09 09:19 --------- dc----w C:\Program Files\Common Files\Nokia
2007-09-09 09:16 --------- dc----w C:\Program Files\PC Connectivity Solution
2007-09-09 09:16 --------- dc----w C:\Program Files\DIFX
2007-08-22 22:20 --------- dc----w C:\Program Files\Lonely Cat Games
2007-08-21 12:38 --------- dc----w C:\Program Files\uTorrent
2007-08-19 18:18 --------- dc----w C:\Program Files\QuickTime
2007-08-19 17:56 --------- dc----w C:\Program Files\ffdshow
2007-08-19 17:37 --------- dc----w C:\Program Files\Apple Software Update
2007-08-19 17:15 --------- dc----w C:\Program Files\Vstplugins
2007-08-19 17:13 --------- dc----w C:\Program Files\Sony
2007-08-19 16:42 --------- dc----w C:\Program Files\Sony Setup
2000-01-01 11:10:08 16,896 --sha-w C:\WINDOWS\repair\setup.dat
2000-01-01 11:10:08 18,241 --sha-w C:\WINDOWS\system32\addins\UpdaterUI.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF4EC132-BFF7-40B3-82D3-5260F492D767}]
C:\WINDOWS\system32\ddayx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD49131F-F916-4764-AD27-F7C1A3106551}]
C:\WINDOWS\system32\vtstt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-30 21:03]
"UpdaterUI.exe"="C:\WINDOWS\system32\addins\UpdaterUI.exe" [2000-01-01 13:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-30 15:14]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]
"ICQ"="C:\program files\ICQ6\ICQ.exe" [2007-08-08 17:03]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 15:58]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayx]
C:\WINDOWS\system32\ddayx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhecy]
mljhecy.dll

R1 raddrvv3;raddrvv3;\??\C:\WINDOWS\system32\rserver30\raddrvv3.sys
R2 RServer3;Radmin Server V3;"C:\WINDOWS\system32\rserver30\RServer3.exe" /service
R3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{876718e0-230d-11dc-8b37-00046152b4a6}]
Auto\command - F:\RECYCLER\usbdriver.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\usbdriver.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f748808-7699-11dc-8bd0-00046152b4a6}]
Auto\command - F:\RECYCLER\usbdriver.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\usbdriver.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bc3478f-2698-11dc-8b41-00046152b4a6}]
Auto\command - F:\RECYCLER\usbdriver.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\usbdriver.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1fd6ce0-3857-11dc-8b67-00046152b4a6}]
Auto\command - J:\RECYCLER\usbdriver.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\usbdriver.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-02 16:56:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 17:17:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-10 17:18:51
.
--- E O F ---

[garlic]

Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Polski | Español | English
Virus Total
Virustotal je služba, která analyzuje podezřelé soubory na přítomnost virů, červů, trojanů a dalšího malware, pomocí detekčního jádra mnoha antivirů. Více informací...

* Analýza
* Statistiky
* Email/Uploader
* O VirusTotal

Soubor UpdaterUI.exe_ přijatý 2007.10.10 18:18:55 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 26/32 (81.25%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2007.10.10.1 2007.10.10 Win32/Autorun.worm.40960
AntiVir 7.6.0.20 2007.10.10 TR/Agent.18241
Authentium 4.93.8 2007.10.09 W32/Agent.DJY
Avast 4.7.1051.0 2007.10.09 Win32:Small-FIC-FSG
AVG 7.5.0.488 2007.10.10 Worm/Generic.BLC
BitDefender 7.2 2007.10.10 Trojan.Small.AAY
CAT-QuickHeal 9.00 2007.10.10 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.10.10 -
DrWeb 4.44.0.09170 2007.10.10 -
eSafe 7.0.15.0 2007.10.09 Virus.Win32.Small.z
eTrust-Vet 31.2.5201 2007.10.10 Win32/Hopusb.A
Ewido 4.0 2007.10.10 Trojan.Small
FileAdvisor 1 2007.10.10 High threat detected
Fortinet 3.11.0.0 2007.10.10 W32/Small.Z
F-Prot 4.3.2.48 2007.10.09 W32/Agent.DJY
F-Secure 6.70.13030.0 2007.10.10 Virus.Win32.Small.z
Ikarus T3.1.1.12 2007.10.10 Virus.Win32.Small.z
Kaspersky 7.0.0.125 2007.10.10 Virus.Win32.Small.z
McAfee 5137 2007.10.09 W32/Autorun.worm.d
Microsoft 1.2908 2007.10.10 -
NOD32v2 2584 2007.10.10 Win32/Small.NCU
Norman 5.80.02 2007.10.10 Suspicious_F.gen
Panda 9.0.0.4 2007.10.10 Trj/Agent.FDU
Prevx1 V2 2007.10.10 Heuristic: Suspicious File With Code Injection Technology
Rising 19.44.22.00 2007.10.10 Worm.Agent.tm
Sophos 4.22.0 2007.10.10 Mal/Packer
Sunbelt 2.2.907.0 2007.10.10 VIPRE.Suspicious
Symantec 10 2007.10.10 -
TheHacker 6.2.6.082 2007.10.10 -
VBA32 3.12.2.4 2007.10.10 -
VirusBuster 4.3.26:9 2007.10.10 Packed/FSG
Webwasher-Gateway 6.0.1 2007.10.10 Trojan.Agent.18241
Rozšiřující informace
File size: 18241 bytes
MD5: 8293216c5e5ae74c6e29ffd7f3fea55d
SHA1: 6476462a86edff873017f46bcdebce027c3b430d
Bit9 info: http://fileadvisor.bit9.com/services/ex ... d7f3fea55d
packers: FSG
Prevx info: http://fileinfo.prevx.com/fileinfo.asp? ... 004EF69488
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

VAROVÁNÍ VAROVÁNÍ: VirusTotal je služba poskytovaná zdarma společnosti Hispasec Sistemas. Kvalita výsledků není nijak zaručena. Výsledky jsou závislé na tvůrci daného produktu. Vysledky testů nemusí být 100% správné. Tyto výsledky nemusí znamenat, že daný soubor je infikován, nebo čistý!

Scan another file
VirusTotal © Hispasec Sistemas - Blog - Kontakt: info@virustotal.com

[fredik]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\WINDOWS\WINWORD.exe
C:\program files\outlook express\msinm.exe
C:\WINDOWS\repair\setup.dat
C:\WINDOWS\repair\security.bak
C:\WINDOWS\system32\addins\UpdaterUI.exe
C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\vtstt.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF4EC132-BFF7-40B3-82D3-5260F492D767}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD49131F-F916-4764-AD27-F7C1A3106551}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdaterUI.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayx]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhecy]


Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Pak si stáhni Mwav, proveď update a vlož sem log ze spodního okna Virus Log Information. Nic v logu nehledej jak je uvedeno v návodu. Nastav si Mwav jak je tady na tom obrázku


Dej sem pak i nový log z HJT.