otravuje mně "braviax.exe" - zřejmě nějaký vir Vyřešeno

[rados-75]

zde je log z Combo Fixu:

ComboFix 09-08-10.06 - Karajev 13.08.2009 18:52.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1015.627 [GMT 2:00]
Spuštěný z: g:\documents and settings\Karajev\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090812-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: VirusKeeper 2009 Pro antivirus *On-access scanning enabled* (Updated) {165EE528-D666-4745-B14E-AA998BBEC191}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

g:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
g:\windows\system32\braviax.exe
g:\windows\system32\wisdstr.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-13 do 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 16:02 . 2009-08-13 16:02 -------- d-----w- G:\rsit
2009-08-13 16:02 . 2009-08-13 16:02 -------- d-----w- g:\program files\trend micro
2009-08-13 15:32 . 2009-08-13 15:32 -------- d-----w- G:\PC_Antispyware2010
2009-08-13 15:32 . 2009-08-13 15:33 -------- d-----w- g:\program files\PC_Antispyware2010
2009-08-12 22:48 . 2009-08-12 22:48 -------- d-----w- g:\windows\system32\wbem\Repository
2009-08-12 20:36 . 2004-08-18 12:00 221184 ----a-w- g:\windows\system32\wmpns.dll
2009-08-12 19:12 . 2009-08-12 22:04 146 ----a-w- g:\documents and settings\Karajev\delself.bat
2009-08-12 18:27 . 2001-10-25 12:00 2944 -c--a-w- g:\windows\system32\dllcache\null.sys
2009-08-12 18:27 . 2001-10-25 12:00 2944 ----a-w- g:\windows\system32\drivers\null.sys
2009-08-12 18:26 . 2009-08-12 18:26 619584 -c--a-w- g:\windows\system32\dllcache\ntfs.sys
2009-08-12 18:25 . 2009-08-12 18:25 26686 ----a-w- g:\windows\system32\msword98.exe
2009-08-12 18:25 . 2009-08-12 18:25 26686 ----a-w- g:\documents and settings\Karajev\msword98.exe
2009-08-12 17:11 . 2009-07-10 13:28 1315328 -c----w- g:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 205312 -c----w- g:\windows\system32\dllcache\mswebdvd.dll
2009-07-17 19:04 . 2009-07-17 19:04 58880 -c----w- g:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 18:26 . 2004-08-03 22:15 619584 ----a-w- g:\windows\system32\drivers\ntfs.sys
2009-08-05 09:01 . 2004-08-17 14:49 205312 ----a-w- g:\windows\system32\mswebdvd.dll
2009-08-01 20:53 . 2008-07-07 18:55 -------- d-----w- g:\program files\Microsoft Silverlight
2009-07-17 19:04 . 2009-07-17 19:04 58880 ----a-w- g:\windows\system32\SETAD.tmp
2009-07-17 19:04 . 2004-08-17 14:49 58880 ----a-w- g:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-17 14:49 286208 ----a-w- g:\windows\system32\wmpdxm.dll
2009-06-29 16:00 . 2004-08-17 14:49 827392 ----a-w- g:\windows\system32\wininet.dll
2009-06-29 15:59 . 2004-08-17 14:49 78336 ----a-w- g:\windows\system32\ieencode.dll
2009-06-29 15:59 . 2004-08-17 14:49 17408 ----a-w- g:\windows\system32\corpol.dll
2009-06-25 08:27 . 2004-08-17 14:49 54272 ----a-w- g:\windows\system32\wdigest.dll
2009-06-25 08:27 . 2004-08-17 14:49 56832 ----a-w- g:\windows\system32\secur32.dll
2009-06-25 08:27 . 2004-08-17 14:49 147456 ----a-w- g:\windows\system32\schannel.dll
2009-06-25 08:27 . 2004-08-17 14:49 136192 ----a-w- g:\windows\system32\msv1_0.dll
2009-06-25 08:27 . 2004-08-17 14:49 729088 ----a-w- g:\windows\system32\lsasrv.dll
2009-06-25 08:27 . 2004-08-17 14:49 301568 ----a-w- g:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-03 21:59 92928 ----a-w- g:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:40 . 2004-08-17 14:49 119808 ----a-w- g:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- g:\windows\system32\fontsub.dll
2009-06-15 10:45 . 2004-08-17 14:49 78336 ----a-w- g:\windows\system32\telnet.exe
2009-06-15 10:45 . 2004-08-17 14:49 81408 ----a-w- g:\windows\system32\tlntsess.exe
2009-06-10 14:15 . 2004-08-17 14:49 84992 ----a-w- g:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2008-04-18 18:33 2066432 ----a-w- g:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2004-08-17 14:49 132096 ----a-w- g:\windows\system32\wkssvc.dll
2009-06-10 06:16 . 2004-08-17 14:49 132096 ----a-w- g:\windows\system32\wkssvc(2).dll
2009-06-03 19:11 . 2004-08-17 14:49 1293824 ----a-w- g:\windows\system32\quartz.dll
2009-01-25 12:57 . 2009-01-25 12:57 28672 ----a-w- g:\program files\mozilla firefox\components\GooglePlusVideosXPCOM.dll
2008-10-19 09:58 . 2008-10-19 09:58 49152 ----a-w- g:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll
.

------- Sigcheck -------

[-] 2004-08-17 14:49 541696 96112B362A1F419384CE57E5D92C6267 g:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 03:22 547328 471341D353962A35DA3C6324D59D09C4 g:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 03:22 547328 471341D353962A35DA3C6324D59D09C4 g:\windows\system32\winlogon.exe
[7] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA g:\windows\VistaMizer\old\winlogon.exe

[-] 2009-01-17 18:46 1552384 137A31C90841DB6EF71ABE912E72121E g:\windows\explorer.exe
[-] 2007-06-13 13:11 1033728 9B32416BD5988C97B6397CE0B02CAF97 g:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:23 1551872 3AC47EAC2BD0B93621B55DCD4C547956 g:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-17 14:49 1032704 53114D57AB73A406AC7F602227781A99 g:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 03:22 1552384 137A31C90841DB6EF71ABE912E72121E g:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 g:\windows\VistaMizer\old\explorer.exe

[-] 2004-08-17 14:49 25088 5050A0B550CCF3FFBC3DAD33524A4DC1 g:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 03:22 25088 D8152865F2A59D765AF8317E38AA5FB4 g:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 03:22 25088 D8152865F2A59D765AF8317E38AA5FB4 g:\windows\system32\ctfmon.exe
[7] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 g:\windows\VistaMizer\old\ctfmon.exe

[-] 2004-08-17 14:49 1405440 B26D8B14BFA74CE9C3E3031DDA8DCB6B g:\windows\$NtServicePackUninstall$\comres.dll
[-] 2008-04-14 03:21 1405440 3EF79D1F5B06B29B3C317DFFB8BE0F8F g:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 03:21 1405440 3EF79D1F5B06B29B3C317DFFB8BE0F8F g:\windows\system32\comres.dll
[7] 2008-04-14 03:21 806912 E7B375DFFB68A16659CA66474A280C47 g:\windows\VistaMizer\old\comres.dll


[-] 2006-08-25 15:51 724992 D40513CF64FB1BFDE53A1D346CB95299 g:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2004-08-17 14:49 611328 876C658C44F2BF4AF050E5534A9F066F g:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2008-04-14 03:21 724992 B06B1E696E8B0117EFF67D91E83574AB g:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 03:21 724992 B06B1E696E8B0117EFF67D91E83574AB g:\windows\system32\comctl32.dll
[7] 2008-04-14 03:21 617472 4F993463DC5F3F80D77A3D34D7BFBFED g:\windows\VistaMizer\old\comctl32.dll
[7] 2004-08-18 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 g:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-18 12:00 1050624 F76B3003366A205E05AFC0D034C7D3E9 g:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:51 1054208 6CB1BAC5FA7E692B63C3D5AAA348E76A g:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2008-04-14 03:07 1054208 D7B7AE36A2EBA312AC4B53862019B3F5 g:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 g:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF g:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-03 22:15 574592 B78BE402C3F63DD55521F73876951CDD g:\windows\$NtUninstallKB930916$\ntfs.sys
[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA g:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2009-08-12 18:26 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 g:\windows\system32\dllcache\ntfs.sys
[-] 2009-08-12 18:26 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 g:\windows\system32\drivers\ntfs.sys

g:\windows\system32\drivers\beep.sys ... chybí !!
.
((((((((((((((((((((((((((((( SnapShot@2009-08-13_15.51.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-13 16:46 . 2009-08-13 16:46 16384 g:\windows\Temp\Perflib_Perfdata_5f4.dat
+ 2009-08-13 16:47 . 2009-08-13 16:47 16384 g:\windows\Temp\Perflib_Perfdata_188.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}"= "g:\program files\Softonic_English_TC\tbSof1.dll" [2009-03-27 1883672]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "g:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4FF5F6EA-FFAF-43E5-9A01-361C0893C3E8}"= "g:\program files\Softonic_English_TC\tbSof1.dll" [2009-03-27 1883672]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "g:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="g:\documents and settings\Karajev\Plocha\Svátky a výročí\Vyroci.exe" [1998-04-14 485888]
"SmartClock"="g:\program files\SmartClock\SmartClock.exe" [2002-11-02 177664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="g:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Windows Defender"="g:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

g:\documents and settings\Karajev\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ikowin32.exe [2008-4-14 24064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0aswBoot.exe /M:4ebdbc2a

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=g:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=g:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vkservice"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="g:\program files\Common Files\Ahead\lib\NMBgMonitor.exe"
"CTFMON.EXE"=g:\windows\system32\ctfmon.exe
"365dni"=g:\program files\365dníNET\365dniNET.exe
"Google Update"="g:\documents and settings\Karajev\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
"SpybotSD TeaTimer"=g:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Easy-PrintToolBox"=g:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"igfxtray"=g:\windows\system32\igfxtray.exe
"igfxhkcmd"=g:\windows\system32\hkcmd.exe
"NeroFilterCheck"=g:\windows\system32\NeroCheck.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"TkBellExe"="g:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"VirusKeeper"=g:\program files\AxBx\VirusKeeper 2009 Pro Trial\VirusKeeper.exe
"SiteVacuum"=g:\program files\EasySearch\SiteVacuumClient.exe
"SunJavaUpdateSched"="g:\program files\Java\jre6\bin\jusched.exe"
"braviax"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"g:\\Program Files\\SDC212\\StrongDC.exe"=
"g:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\WINDOWS\\system32\\mmc.exe"=
"g:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\explorer.exe"=
"g:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"g:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=

R1 aswSP;avast! Self Protection;g:\windows\system32\drivers\aswSP.sys [25.1.2009 14:10 114768]
R2 aswFsBlk;aswFsBlk;g:\windows\system32\drivers\aswFsBlk.sys [25.1.2009 14:10 20560]
R2 WinDefend;Windows Defender;g:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 CrystalSysInfo;CrystalSysInfo;g:\program files\MediaCoder\SysInfo.sys [25.9.2007 16:59 15152]
S4 vkservice;VirusKeeper antivirus/antispyware;g:\program files\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe --> g:\program files\AxBx\VirusKeeper 2009 Pro Trial\vk_service.exe [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-07-10 g:\windows\Tasks\1-Click Maintenance.job
- g:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]

2009-08-13 g:\windows\Tasks\MP Scheduled Scan.job
- g:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.google.com
FF - ProfilePath - g:\documents and settings\Karajev\Data aplikací\Mozilla\Firefox\Profiles\clbey63a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - About:Blank
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: g:\program files\Mozilla Firefox\components\GooglePlusVideosXPCOM.dll
FF - component: g:\program files\Mozilla Firefox\components\SiteVacuumXPCOM.dll
FF - plugin: g:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
g:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 18:56
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(532)
g:\windows\system32\SETUPAPI.dll
g:\windows\system32\sfc_os.dll
g:\windows\system32\COMRes.dll
g:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(588)
g:\windows\system32\SETUPAPI.dll
.
Celkový čas: 2009-08-13 18:59
ComboFix-quarantined-files.txt 2009-08-13 16:59
ComboFix2.txt 2009-08-13 15:54

Před spuštěním: Volných bajtů: 10 328 666 112
Po spuštění: Volných bajtů: 10 283 409 408

239 --- E O F --- 2009-08-12 23:16

[Reklama]

[Damned]

Můžeš mi říci, proč si použil ComboFix?????
Umíš to s ním?????
Neumíš číst podmínky použití ComboFixu? Autor tam jasně říká: Nepoužívej, nebo si můžeš rozbít počítač! Používej POUZE pod dohledem zkušeného uživatele!

ComboFix není utilita jako nějakej prohlížeč obrázků!!!!

Z mého podpisu si stáhni HijackThis a podle návodu udělej log a vlož ho sem. A doufej, že ComboFix ti nesmazal nějakej systémovej soubor, nebo odkaz na něj, na kterej se vir mohl navázat. V tom případě ComboFox totiž maže i systémové soubory, proto ho sám, pokud mu nerozumíš nepoužívej!

[rados-75]

OK, Combo občas po mně chtěli na viry.cz

Nicméně zde je log z HiJack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:35, on 13.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
G:\windows\System32\smss.exe
G:\windows\system32\winlogon.exe
G:\windows\system32\services.exe
G:\windows\system32\lsass.exe
G:\windows\system32\svchost.exe
G:\Program Files\Windows Defender\MsMpEng.exe
G:\windows\System32\svchost.exe
G:\windows\system32\svchost.exe
G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\Program Files\SmartClock\SmartClock.exe
G:\windows\system32\spoolsv.exe
G:\Program Files\Java\jre6\bin\jqs.exe
G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
G:\Program Files\CyberLink\Shared files\RichVideo.exe
G:\windows\system32\svchost.exe
G:\windows\explorer.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\windows\system32\mmc.exe
G:\windows\system32\dmremote.exe
G:\windows\System32\dmadmin.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Softonic English TC Toolbar - {4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8} - G:\Program Files\Softonic_English_TC\tbSof1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - G:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "G:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSConfig] G:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [Svátky a výročí] G:\Documents and Settings\Karajev\Plocha\Svátky a výročí\Vyroci.exe
O4 - HKCU\..\Run: [SmartClock] G:\Program Files\SmartClock\SmartClock.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - G:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - G:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - G:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - G:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4000336625
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - G:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - G:\windows\System32\TuneUpDefragService.exe

--
End of file - 5806 bytes

[Damned]

Chtěli, ale určitě ne jako první. Vždy první sem dávej HijackThis a na virech RSIT.

Odinstaluj si: Softonic English TC Toolbar, ICQ Toolbar, Ask Toolbar (AskBarDis).
*****************************************************************************************************************************************
Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - G:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Softonic English TC Toolbar - {4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8} - G:\Program Files\Softonic_English_TC\tbSof1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - G:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - Startup: ikowin32.exe
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[rados-75]

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2616
Windows 5.1.2600 Service Pack 3

13.8.2009 20:04:33
mbam-log-2009-08-13 (20-04-23).txt

Typ skenu: Rychlý sken
Objektu skenováno: 93187
Uplynulý cas: 4 minute(s), 7 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 2
Infikované hodnoty registru: 0
Infikované položky dat registru: 1
Infikované složky: 4
Infikované soubory: 16

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc_antispyware2010 (Rogue.PC_Antispyware2010) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
G:\Program Files\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> No action taken.
G:\Program Files\PC_Antispyware2010\data (Rogue.PC_Antispyware2010) -> No action taken.
G:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT (Rogue.PC_Antispyware2010) -> No action taken.
G:\Documents and Settings\Karajev\Nabídka Start\Programy\WhenU (Adware.WhenUSave) -> No action taken.

Infikované soubory:
G:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> No action taken.
G:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.PC_Antispyware2010) -> No action taken.
G:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg (Rogue.PC_Antispyware2010) -> No action taken.
G:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> No action taken.
G:\Program Files\PC_Antispyware2010\Uninstall.exe (Rogue.PC_Antispyware2010) -> No action taken.
G:\Program Files\PC_Antispyware2010\wscui.cpl (Rogue.PC_Antispyware2010) -> No action taken.
G:\Program Files\PC_Antispyware2010\data\daily.cvd (Rogue.PC_Antispyware2010) -> No action taken.
G:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.PC_Antispyware2010) -> No action taken.
G:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.PC_Antispyware2010) -> No action taken.
G:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.PC_Antispyware2010) -> No action taken.
G:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.PC_Antispyware2010) -> No action taken.
G:\Documents and Settings\Karajev\Nabídka Start\Programy\WhenU\Learn More About WhenU Save.url (Adware.WhenUSave) -> No action taken.
G:\Documents and Settings\Karajev\Nabídka Start\Programy\WhenU\Learn More About WhenU SaveNow.url (Adware.WhenUSave) -> No action taken.
G:\Documents and Settings\Karajev\Nabídka Start\Programy\WhenU\WhenU.com Website.url (Adware.WhenUSave) -> No action taken.
G:\Documents and Settings\Karajev\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
G:\Documents and Settings\Karajev\delself.bat (Malware.Trace) -> No action taken.

[Damned]

Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Odinstaluj si starý ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si nový ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[rados-75]

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2616
Windows 5.1.2600 Service Pack 3

13.8.2009 20:27:10
mbam-log-2009-08-13 (20-27-10).txt

Typ skenu: Rychlý sken
Objektu skenováno: 93272
Uplynulý cas: 3 minute(s), 35 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 2
Infikované hodnoty registru: 0
Infikované položky dat registru: 1
Infikované složky: 4
Infikované soubory: 16

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc_antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
G:\Program Files\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
G:\Program Files\PC_Antispyware2010\data (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
G:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
G:\Documents and Settings\Karajev\Nabídka Start\Programy\WhenU (Adware.WhenUSave) -> Quarantined and deleted successfully.

Infikované soubory:
G:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
G:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
G:\Program Files\PC_Antispyware2010\PC_Antispyware2010.cfg (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
G:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
G:\Program Files\PC_Antispyware2010\Uninstall.exe (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
G:\Program Files\PC_Antispyware2010\wscui.cpl (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
G:\Program Files\PC_Antispyware2010\data\daily.cvd (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
G:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
G:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
G:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
G:\Program Files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
G:\Documents and Settings\Karajev\Nabídka Start\Programy\WhenU\Learn More About WhenU Save.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
G:\Documents and Settings\Karajev\Nabídka Start\Programy\WhenU\Learn More About WhenU SaveNow.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
G:\Documents and Settings\Karajev\Nabídka Start\Programy\WhenU\WhenU.com Website.url (Adware.WhenUSave) -> Quarantined and deleted successfully.
G:\Documents and Settings\Karajev\Data aplikací\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
G:\Documents and Settings\Karajev\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.

[Damned]

Fajn, ještě ten nový ComboFix.

[Damned]

Kdyby si nelítal na viry.cz, už si to mohl mít opravený.

[rados-75]

S tím Combem mám problém, nejde spustit.

[Damned]

Napíše nějaké chybové hlášení?

Stáhni si T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG (i rezidenta, Aviru), následně T-Cleaner smaž a zapni si AVG (Aviru).)

Pak si stáhni nový ComboFix a spusť ho v nouzovém režimu. Potom mi sem vlož log z ComboFixu i HJT.

[rados-75]

ozvu se zítra večer, zatím díky.