prosím o preventivku

[Damned]

Příště smazat i drivery, nebo použít utilitu.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

sc config aswUpdSv start= disabled
sc config ashServ start= disabled
sc config ashMaiSv start= disabled
sc config ashWebSv start= disabled
sc stop aswUpdSv
sc stop ashServ
sc stop ashMaiSv
sc stop ashWebSv
sc delete aswUpdSv
sc delete ashServ
sc delete ashMaiSv
sc delete ashWebSv

ulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.
Otevře se Dosovské okno a zavře. Restartuj comp.

Spusť si HJT a vlož sem nový log.

[Pikulinto]

U avast! utilitka nepomohla tak se holt musel odstranit tímto způsobem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:15, on 15.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005" onclick="window.open(this.href);return false;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Nokia Ovi Suite.lnk = C:\Program Files\Nokia\Ovi\Suite\RunLauncher.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C" onclick="window.open(this.href);return false;:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6755 bytes

[Damned]

Ze čtyř zmizela jen jedna služba avastu

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

sc avast! Antivirus start= disabled
sc config ashServ start= disabled
sc confis avast! Mail Scanner start= disabled
sc config ashMaiSv start= disabled
sc config avast! Web Scanner start= disabled
sc config ashWebSv start= disabled
sc stop avast! Antivirus
sc stop ashServ
sc stop ashMaiSv
sc stop avast! Mail Scanner
sc stop ashWebSv
sc stop avast! Web Scanner
sc delete avast! Antivirus
sc delete ashServ
sc delete ashMaiSv
sc delete avast! Mail Scanner
sc delete ashWebSv
sc delete avast! Web Scanner

ulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.
Otevře se Dosovské okno a zavře. Restartuj comp.

Spusť si HJT a vlož log.

[Pikulinto]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:20, on 15.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005" onclick="window.open(this.href);return false;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Nokia Ovi Suite.lnk = C:\Program Files\Nokia\Ovi\Suite\RunLauncher.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C" onclick="window.open(this.href);return false;:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6755 bytes

[Damned]

Logy jsou v pořádku až na reflexi služeb avastu. Pokud ho nemáš, neměli by být by viděny.

Stáhni si:
Registry Search Tady: Registry Search

Rozbal si soubor do složky a potom poklepej na regsearch.exe ke startu programu.
Do volné linky(linek) nad Enter search string case independent zkopíruj a vlož:

Kód: Vybrat vše

 avast 

A klikni na OK.Otevře se notepad s textem a celý text z něho sem vlož.

[Pikulinto]

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 15.8.2009 22:07:04 for strings:
; 'avast '
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

[Damned]

Do volných linek nad Enter search string case independent přepiš:

Kód: Vybrat vše

 ashServ 

Kód: Vybrat vše

ashMaiSv

Kód: Vybrat vše

ashWebSv

A klikni na OK.Otevře se notepad s textem a celý text z něho sem vlož.

[Damned]

Pak ještě najdi a napiš mi cestu všech složek s názven avast a Alwil

[Pikulinto]

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 15.8.2009 22:43:32 for strings:
; 'ashserv '
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...


Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 15.8.2009 22:45:14 for strings:
; 'ashmaisv'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avast! Mail Scanner]
; Contents of value:
; "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,\
00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,\
61,00,73,00,74,00,34,00,5c,00,61,00,73,00,68,00,4d,00,61,00,69,00,53,00,76,\
00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,00,73,00,65,00,72,00,76,00,69,00,\
63,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\avast! Mail Scanner]
; Contents of value:
; "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,\
00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,\
61,00,73,00,74,00,34,00,5c,00,61,00,73,00,68,00,4d,00,61,00,69,00,53,00,76,\
00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,00,73,00,65,00,72,00,76,00,69,00,\
63,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\Firewall\Policy\58]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\143\Rules\1\Allowed\14]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\144\Rules\1\Allowed\14]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\145\Rules\1\Allowed\14]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\146\Rules\1\Allowed\14]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\201\Rules\10\Allowed\22]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\202\Rules\10\Allowed\22]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\203\Rules\10\Allowed\22]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\204\Rules\10\Allowed\22]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\215]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\253\Rules\10\Allowed\14]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\254\Rules\10\Allowed\14]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\255\Rules\10\Allowed\14]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\256\Rules\10\Allowed\14]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Mail Scanner]
; Contents of value:
; "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,\
00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,\
61,00,73,00,74,00,34,00,5c,00,61,00,73,00,68,00,4d,00,61,00,69,00,53,00,76,\
00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,00,73,00,65,00,72,00,76,00,69,00,\
63,00,65,00,00,00

; End Of The Log...



Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 15.8.2009 22:47:25 for strings:
; 'ashwebsv'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avast! Web Scanner]
; Contents of value:
; "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,\
00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,\
61,00,73,00,74,00,34,00,5c,00,61,00,73,00,68,00,57,00,65,00,62,00,53,00,76,\
00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,00,73,00,65,00,72,00,76,00,69,00,\
63,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\avast! Web Scanner]
; Contents of value:
; "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,\
00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,\
61,00,73,00,74,00,34,00,5c,00,61,00,73,00,68,00,57,00,65,00,62,00,53,00,76,\
00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,00,73,00,65,00,72,00,76,00,69,00,\
63,00,65,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\Firewall\Policy\43]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\143\Rules\1\Allowed\15]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\144\Rules\1\Allowed\15]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\145\Rules\1\Allowed\15]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\146\Rules\1\Allowed\15]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\201\Rules\10\Allowed\23]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\202\Rules\10\Allowed\23]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\203\Rules\10\Allowed\23]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\204\Rules\10\Allowed\23]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\214]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\253\Rules\10\Allowed\15]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\254\Rules\10\Allowed\15]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\255\Rules\10\Allowed\15]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\256\Rules\10\Allowed\15]
"Filename"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"
"DeviceName"="C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Web Scanner]
; Contents of value:
; "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,77,00,69,00,6c,\
00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,76,00,\
61,00,73,00,74,00,34,00,5c,00,61,00,73,00,68,00,57,00,65,00,62,00,53,00,76,\
00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,00,73,00,65,00,72,00,76,00,69,00,\
63,00,65,00,00,00

; End Of The Log...

[Pikulinto]

alwil negativní,avas jedině avastSS, spořič obrazovky C:\WINDOWS\system32

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

Driver::
ashServ
ashMaiSv
ashWebSv

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avast! Web Scanner]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\avast! Web Scanner]
[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\Firewall\Policy\43]
[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\143\Rules\1\Allowed\15]
[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\144\Rules\1\Allowed\15]
[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\145\Rules\1\Allowed\15]
[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\146\Rules\1\Allowed\15]
[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\201\Rules\10\Allowed\23]
[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\202\Rules\10\Allowed\23]
[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\203\Rules\10\Allowed\23]
[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\204\Rules\10\Allowed\23]
[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\214]
[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\253\Rules\10\Allowed\15]
[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\254\Rules\10\Allowed\15]
[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\255\Rules\10\Allowed\15]
[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\256\Rules\10\Allowed\15]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Web Scanner]



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Pikulinto]

tak script mě akorát shodil okna s touto chybou --> BCCode : 1000000a BCP1 : 00000166 BCP2 : 00000002 BCP3 : 00000000
BCP4 : 804FAADA OSVer : 5_1_2600 SP : 3_0 Product : 256_1