Trj - HTML:/frame-inf a JS:Agent-CV[Trj]

[tom99cz]

Dobrý den, mam AVAST a ten mi hlásí HTML:/frame-inf a JS:Agent-CV[Trj] - mažou mi příchozí maily, zamrzá PC, vůbec se s tim nedá pracovat. Prosim poraďte mi jakým způsobem se dá těchto chroustů zbavit.
Děkuji

[Reklama]

[mmmartin]

Zkus se inspirovat na http://www.pc-help.cz/viewtopic.php?f=47&t=42545

[jaro3]

Si to řešil s Damnedem zde:
viewtopic.php?f=47&t=42475
Nebo je to jiný PC?

[tom99cz]

Malwarebytes' Anti-Malware 1.39
Verze databáze: 2438
Windows 6.0.6001 Service Pack 1

16.7.2009 10:37:22
mbam-log-2009-07-16 (10-37-22).txt

Typ skenu: Rychlý sken
Objektu skenováno: 78470
Uplynulý cas: 4 minute(s), 6 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:57, on 16.7.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [snpstd] C:\windows\vsnpstd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 7344 bytes

--------------------------------------
ComboFix 09-07-14.08 - Ata 16.07.2009 10:44.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.420.1029.18.1014.315 [GMT 2:00]
Spuštěný z: c:\users\Ata\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1273788737-3191304746-1049877976-500
c:\windows\Installer\a5e85e6.msi
D:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-16 do 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-15 16:10 . 2009-06-16 10:40 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090714.004\naveng32.dll
2009-07-15 16:10 . 2009-06-16 10:40 1181040 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090714.004\navex32a.dll
2009-07-15 16:10 . 2009-06-16 10:40 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090714.004\eeCtrl.sys
2009-07-15 16:10 . 2009-06-16 10:40 259368 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090714.004\ecmsvr32.dll
2009-07-15 16:10 . 2009-06-16 10:40 2414128 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090714.004\cceraser.dll
2009-07-15 16:10 . 2009-06-16 10:40 101936 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090714.004\ERASER.sys
2009-07-15 16:09 . 2009-06-16 10:40 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\eeCtrl.sys
2009-07-15 16:09 . 2009-06-16 10:40 101936 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.sys
2009-07-15 16:09 . 2009-06-16 10:40 89104 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng.sys
2009-07-15 16:09 . 2009-06-16 10:40 259368 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ecmsvr32.dll
2009-07-15 16:09 . 2009-06-16 10:40 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng32.dll
2009-07-15 16:09 . 2009-06-16 10:40 876144 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex15.sys
2009-07-15 16:09 . 2009-06-16 10:40 2414128 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\cceraser.dll
2009-07-15 16:09 . 2009-06-16 10:40 1181040 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex32a.dll
2009-07-15 16:02 . 2009-07-15 16:02 -------- d-----w- c:\programdata\Norton
2009-07-15 16:02 . 2009-07-15 16:02 -------- d-----w- c:\windows\system32\drivers\NSS
2009-07-15 16:01 . 2009-07-15 16:01 -------- d-----w- c:\programdata\NortonInstaller
2009-07-15 16:01 . 2009-07-15 16:01 -------- d-----w- c:\program files\NortonInstaller
2009-07-15 13:12 . 2009-07-15 13:12 -------- d-----w- c:\program files\Trend Micro
2009-07-15 01:09 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 01:09 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 01:09 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 01:09 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 14:11 . 2009-07-15 09:35 -------- d-----w- c:\programdata\NOS
2009-07-14 14:11 . 2009-07-15 09:35 -------- d-----w- c:\program files\NOS
2009-07-14 08:00 . 2009-07-14 08:00 87888 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090714.004\NAVENG.SYS
2009-07-14 08:00 . 2009-07-14 08:00 875728 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090714.004\NAVEX15.SYS
2009-07-13 09:42 . 2009-07-13 09:42 -------- d-----w- c:\users\Ata\AppData\Roaming\Malwarebytes
2009-07-13 09:42 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 09:42 . 2009-07-13 09:42 -------- d-----w- c:\programdata\Malwarebytes
2009-07-13 09:42 . 2009-07-16 08:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 09:42 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 14:20 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-16 14:20 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 16:19 . 2009-01-15 09:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-15 16:02 . 2008-02-04 21:09 -------- d-----w- c:\program files\Norton Security Scan
2009-07-15 16:02 . 2008-02-05 16:40 -------- d-----w- c:\programdata\Symantec
2009-07-15 09:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-09 09:05 . 2007-01-08 21:10 598600 ----a-w- c:\windows\system32\perfh005.dat
2009-07-09 09:05 . 2007-01-08 21:10 114808 ----a-w- c:\windows\system32\perfc005.dat
2009-07-02 08:36 . 2009-02-04 10:18 -------- d-----w- c:\users\Ata\AppData\Roaming\XnView
2009-06-12 08:29 . 2009-06-12 08:29 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb6551.tmp.exe
2009-05-22 08:27 . 2009-05-22 08:25 -------- d-----w- c:\programdata\IM
2009-05-22 08:25 . 2009-05-22 08:25 -------- d-----w- c:\program files\IncrediMail
2009-05-22 08:25 . 2009-05-22 08:25 -------- d-----w- c:\programdata\IncrediMail
2009-04-23 12:43 . 2009-06-11 16:20 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 16:20 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-11 16:20 2033152 ----a-w- c:\windows\system32\win32k.sys
2007-05-31 16:03 . 2007-05-31 16:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-25 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-07-02 23237416]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-04-16 251264]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-04-13 331552]
"SetRefresh"="c:\program files\HP\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-02-15 4390912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D40FB1C2-E940-47BF-9A65-E7D24D27FE1A}f:\\setup.exe"= UDP:F:\setup.exe:Setup
"UDP Query User{5A637017-C246-4E59-B82B-4321222F5FE9}f:\\setup.exe"= TCP:F:\setup.exe:Setup
"{8AE61D5A-E51C-460C-895A-F6C4E20A798E}"= Disabled:UDP:c:\users\Ata\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1P23820\incredimail_install[1].exe:IncrediMail Installer
"{1C7B08F3-C501-47BC-A465-15C6B5B0D046}"= Disabled:TCP:c:\users\Ata\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1P23820\incredimail_install[1].exe:IncrediMail Installer
"TCP Query User{772F7166-B7BD-4A15-A106-DE2C23FD38D8}f:\\setup.exe"= UDP:F:\setup.exe:Setup
"UDP Query User{0F7D2165-38A7-4440-B4EC-0CDF413297B0}f:\\setup.exe"= TCP:F:\setup.exe:Setup
"TCP Query User{E4F50DFB-107A-42E6-96D9-4E487339EBA6}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5564C470-724A-4381-89E6-84490A66B4DE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{368F79D9-8484-4D35-B37F-0415B8199A33}c:\\users\\ata\\desktop\\counter\\valve\\hl.exe"= UDP:c:\users\ata\desktop\counter\valve\hl.exe:hl.exe
"UDP Query User{610C2C9C-560C-4C9C-972C-9ECBCA8F2477}c:\\users\\ata\\desktop\\counter\\valve\\hl.exe"= TCP:c:\users\ata\desktop\counter\valve\hl.exe:hl.exe
"TCP Query User{E0BC2116-E958-4504-AF0C-9F7A9FAF8010}c:\\program files\\world of warcraft\\repair.exe"= UDP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{947A737C-9520-4A1C-82D8-23B3514DEAFB}c:\\program files\\world of warcraft\\repair.exe"= TCP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"{9A364272-E688-4BED-8955-8B23C6320862}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{B5EC7BC3-BAB1-4A04-80C3-DBC2B60A9471}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{A44FE7BC-290C-45BB-863A-EFF05A258B65}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{C8E72758-83A5-4F0F-9470-A5BD7E0FA2C7}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{55632784-17FD-403B-85D1-36840C743C6E}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{E3270C0E-8E34-42D0-8623-B9C210FC3A4D}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{363E4B58-42F2-4379-AD12-24119B6A3EC3}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{1C40C5AB-F98C-448C-8F82-024947A02712}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"{B65D2392-B9F0-4713-945C-E0678A6735D5}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{69DBAEF9-2416-445E-8ADC-2C5149B791D0}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{DE2425B2-EEFF-4A87-B3BD-FE84B60DBFAD}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{081A884E-66B2-42AB-B5B5-FF50F3C66B82}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{9822565D-FD9B-4FD1-B1ED-D2D589D4CEEB}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{2E340CE8-A169-4802-BC93-709E8D904A5B}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [24.3.2009 11:47 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [24.3.2009 11:47 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [24.3.2009 11:46 51792]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [31.5.2007 9:23 540448]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [27.4.2009 16:30 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2.11.2006 12:25 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-07-15 c:\windows\Tasks\Norton Security Scan for Ata.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-15 16:02]

2009-07-16 c:\windows\Tasks\User_Feed_Synchronization-{AD0DB630-49F2-48AB-9F0E-D4B02C62D57B}.job
- c:\windows\system32\msfeedssync.exe [2009-06-16 11:31]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 10:50
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\windows\TEMP\TMP0000007DAAC680C05774C8C9 524288 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
Celkový čas: 2009-07-16 10:52
ComboFix-quarantined-files.txt 2009-07-16 08:52

Před spuštěním: Volných bajtů: 188 052 627 456
Po spuštění: Volných bajtů: 188 159 524 864

167 --- E O F --- 2009-07-15 09:22

[tom99cz]

No vsechno toto jsem udelal, muzete se na to prosim podivat a poradit mi jak dal? Dekuji

[jaro3]

Nic závadného tam již nevidím, kromě toho , že tam straší Symantec/Norton..
deaktivuj štíty:
Spybot
Windows Defender

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\Tasks\Norton Security Scan for Ata.job
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe

Folder::
c:\programdata\Symantec
c:\programdata\Norton
c:\program files\NortonInstaller
c:\program files\Common Files\Symantec Shared
c:\program files\Norton Security Scan


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto znáš: F:\setup.exe ? fleška?

Toto otestuj na Virustotal
c:\programdata\Google\Google Toolbar\Update\gtb6551.tmp.exe
Vlož sem pak odkaz výsledku.

[tom99cz]

Toto znáš: F:\setup.exe ? fleška?
... to by měla byt fleška nebo čtečka karet.
Co s ni?

[jaro3]

No raději udělej toto:
Stáhni tento program: Flash Disinfector (by sUBs)
http://www.techsupportforum.com/sectool ... fector.exe
http://download.bleepingcomputer.com/sU ... fector.exe

- připoj k Pc tu flešku.
- Spusť Flash Disinfector a počkej až tě program bude informovat o ukončení své činnosti.
- po té můžeš výměnné zařízení odpojit.

pak ten Combofix.