Prosím o pomoc - mám vira wigon

[Wik_3]

Log z Combofix:

ComboFix 09-12-09.04 - uživatel 10.12.2009 22:25:19.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.2046.1535 [GMT 1:00]
Spuštěný z: c:\documents and settings\uživatel\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\u§ivatel\Dokumenty\zaloha registr… - cc_20091210_211016.reg
c:\windows\TEMP\NOD26.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-10 do 2009-12-10 )))))))))))))))))))))))))))))))
.

2009-12-10 20:42 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-10 20:42 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-10 20:42 . 2009-12-10 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-10 20:24 . 2009-12-10 20:25 -------- d-----w- c:\program files\ATnotes
2009-12-10 20:16 . 2009-12-10 20:16 -------- d--h--w- c:\documents and settings\Administrator\Šablony
2009-12-10 20:07 . 2009-12-10 20:07 -------- d-----w- c:\program files\CCleaner
2009-12-07 14:20 . 2009-12-07 14:20 -------- d-----w- c:\windows\system32\LogFiles
2009-12-07 14:20 . 2009-01-05 13:54 81920 ----a-w- c:\windows\system32\ZDPN50.DLL
2009-12-07 14:20 . 2009-01-05 13:54 20608 ----a-w- c:\windows\system32\drivers\BRGSp50.sys
2009-12-07 14:20 . 2009-01-05 13:54 17664 ----a-w- c:\windows\system32\drivers\ZDPSp50.sys
2009-12-07 14:20 . 2009-01-05 13:54 17151 ----a-w- c:\windows\system32\ZDPNDIS5.SYS
2009-12-07 14:20 . 2009-01-05 13:54 31744 ----a-w- c:\windows\system32\drivers\ZDPSp50a64.sys
2009-12-07 14:20 . 2009-01-05 13:54 29184 ----a-w- c:\windows\system32\drivers\BRGSp50a64.sys
2009-12-07 14:20 . 2009-01-05 13:54 24576 ----a-w- c:\windows\system32\ZyDelReg.exe
2009-12-07 14:20 . 2009-01-05 13:54 28672 ----a-w- c:\windows\system32\InsDrvZD.dll
2009-12-07 14:20 . 2009-01-05 13:54 15872 ----a-w- c:\windows\system32\InsDrvZD64.DLL
2009-12-07 14:20 . 2009-12-07 14:20 -------- d-----w- c:\program files\TP-LINK
2009-11-30 19:07 . 2009-01-05 13:54 500736 ----a-w- c:\windows\system32\drivers\ZD1211BU.sys
2009-11-16 08:06 . 2009-11-16 08:06 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-11-16 08:06 . 2009-11-16 08:06 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-11-16 08:03 . 2009-11-16 08:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 07:56 . 2009-11-16 07:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 14:20 . 2007-12-14 11:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-04 05:08 . 2008-01-31 13:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-24 11:57 . 2006-03-02 12:00 46016 ----a-w- c:\windows\system32\perfc005.dat
2009-11-24 11:57 . 2006-03-02 12:00 309716 ----a-w- c:\windows\system32\perfh005.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]
"ZDWlan.EXE"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE" [2009-01-14 491520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ajr42.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bjr87.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bkr42.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cks32.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cls75.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dmk86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Emt75.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fnv65.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fow64.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gow75.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gpx07.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hqy10.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hqy53.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Iry31.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jra43.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jsa54.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jsa76.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ktc20.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Luc54.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Owf54.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Owf86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qah43.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qyg86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tdk64.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xho31.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 17:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
2006-02-17 09:40 270336 ----a-w- c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-08-11 13:43 7630848 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-08-11 13:43 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-11 13:43 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

R0 Ktc20;Ktc20;c:\windows\system32\drivers\Ktc20.sys [29.4.2008 8:12 27136]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R2 ekrn;ESET Service;c:\program files\Eset\ESET Smart Security\ekrn.exe [16.11.2009 9:04 735960]
S0 Ajr42;Ajr42;c:\windows\system32\Drivers\Ajr42.sys --> c:\windows\system32\Drivers\Ajr42.sys [?]
S0 Bjr87;Bjr87;c:\windows\system32\Drivers\Bjr87.sys --> c:\windows\system32\Drivers\Bjr87.sys [?]
S0 Bkr42;Bkr42;c:\windows\system32\Drivers\Bkr42.sys --> c:\windows\system32\Drivers\Bkr42.sys [?]
S0 Cks32;Cks32;c:\windows\system32\Drivers\Cks32.sys --> c:\windows\system32\Drivers\Cks32.sys [?]
S0 Cls75;Cls75;c:\windows\system32\Drivers\Cls75.sys --> c:\windows\system32\Drivers\Cls75.sys [?]
S0 Dmk86;Dmk86;c:\windows\system32\Drivers\Dmk86.sys --> c:\windows\system32\Drivers\Dmk86.sys [?]
S0 Emt75;Emt75;c:\windows\system32\Drivers\Emt75.sys --> c:\windows\system32\Drivers\Emt75.sys [?]
S0 Fnv65;Fnv65;c:\windows\system32\Drivers\Fnv65.sys --> c:\windows\system32\Drivers\Fnv65.sys [?]
S0 Fow64;Fow64;c:\windows\system32\Drivers\Fow64.sys --> c:\windows\system32\Drivers\Fow64.sys [?]
S0 Gow75;Gow75;c:\windows\system32\Drivers\Gow75.sys --> c:\windows\system32\Drivers\Gow75.sys [?]
S0 Gpx07;Gpx07;c:\windows\system32\Drivers\Gpx07.sys --> c:\windows\system32\Drivers\Gpx07.sys [?]
S0 Hqy10;Hqy10;c:\windows\system32\Drivers\Hqy10.sys --> c:\windows\system32\Drivers\Hqy10.sys [?]
S0 Hqy53;Hqy53;c:\windows\system32\Drivers\Hqy53.sys --> c:\windows\system32\Drivers\Hqy53.sys [?]
S0 Iry31;Iry31;c:\windows\system32\Drivers\Iry31.sys --> c:\windows\system32\Drivers\Iry31.sys [?]
S0 Jra43;Jra43;c:\windows\system32\Drivers\Jra43.sys --> c:\windows\system32\Drivers\Jra43.sys [?]
S0 Jsa54;Jsa54;c:\windows\system32\Drivers\Jsa54.sys --> c:\windows\system32\Drivers\Jsa54.sys [?]
S0 Jsa76;Jsa76;c:\windows\system32\Drivers\Jsa76.sys --> c:\windows\system32\Drivers\Jsa76.sys [?]
S0 Luc54;Luc54;c:\windows\system32\Drivers\Luc54.sys --> c:\windows\system32\Drivers\Luc54.sys [?]
S0 Owf54;Owf54;c:\windows\system32\Drivers\Owf54.sys --> c:\windows\system32\Drivers\Owf54.sys [?]
S0 Owf86;Owf86;c:\windows\system32\Drivers\Owf86.sys --> c:\windows\system32\Drivers\Owf86.sys [?]
S0 Qah43;Qah43;c:\windows\system32\Drivers\Qah43.sys --> c:\windows\system32\Drivers\Qah43.sys [?]
S0 Qyg86;Qyg86;c:\windows\system32\Drivers\Qyg86.sys --> c:\windows\system32\Drivers\Qyg86.sys [?]
S0 Tdk64;Tdk64;c:\windows\system32\Drivers\Tdk64.sys --> c:\windows\system32\Drivers\Tdk64.sys [?]
S0 Xho31;Xho31;c:\windows\system32\Drivers\Xho31.sys --> c:\windows\system32\Drivers\Xho31.sys [?]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\Axtmvflt.sys [8.1.2009 19:25 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\Axtmvmdm.sys [8.1.2009 19:25 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\Axtmvprt.sys [8.1.2009 22:42 38784]
S3 Dmt54;Dmt54;c:\windows\system32\drivers\Dmt54.sys [18.4.2008 8:04 0]
S3 Fov43;Fov43;c:\windows\system32\drivers\Fov43.sys [23.4.2008 8:10 0]
S3 Iry08;Iry08;c:\windows\system32\drivers\Iry08.sys [21.4.2008 8:51 0]
S3 Scj53;Scj53;c:\windows\system32\drivers\Scj53.sys [24.4.2008 8:16 0]
S3 Vfm65;Vfm65;c:\windows\system32\drivers\Vfm65.sys [21.4.2008 8:09 0]
S3 ZD1211BU(TP-LINK);TP-LINK Wireless USB Adapter Driver(TP-LINK);c:\windows\system32\drivers\ZD1211BU.sys [30.11.2009 20:07 500736]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\1buikhuh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-10 22:27
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\WinNt32.dll
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'lsass.exe'(620)
c:\windows\system32\nvappfilter.dll
.
Celkový čas: 2009-12-10 22:28:53
ComboFix-quarantined-files.txt 2009-12-10 21:28
ComboFix2.txt 2009-12-10 21:17

Před spuštěním: Volných bajtů: 237 173 014 528
Po spuštění: Volných bajtů: 237 166 743 552

- - End Of File - - F6CDD7AB3FC3C145A3CD2440779D5042

[Reklama]

[Damned]

S důvěrou se obrať k tomu, co ti poradil Combofix

[fNxXx]

No tak to sis dobře zavařil Wigon je ted nejrozšířenější a nadělá kotel neplechy.

[pitimir]

Ehm...
@Wik: http://viry.cz/forum/viewtopic.php?f=13&t=94752
Pokial to mienis riesit kade-tade, taxa daleko nedostanes a zbytocne nutis ludi robit tu istu robotu 2x...

@fNxXx: Neviem z kade mas statistiku, ale Wigon bol "in"pred par mesiacmi a nie teraz - tento pripad je skor vynimka...

[Damned]

Tak jak si se rozholdl? Kde to budeš řešit?

[Wik_3]

Zde je teda log z hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:18, on 12.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\uživatel\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ZDWlan.EXE] "C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\ZDWlan.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5197 bytes

[Damned]

A co říká ten, co ti poradil ComboFix?

Jináč tam máš pěkný stádo šmejdů.

NOD je cracklej?

[Wik_3]

Nikdo mi combofix neporadil, viml jsem si, že jeho logy se tady objevují, tak jsem ho sem hodil taky.
ESET mám zakoupený

[Damned]

Tak sis určitě přečetl i varování před jeho spuštěním?

[Wik_3]

No něco jsem si přečetl,proč?

Tak vidím, že se tady asi pomoci nedočkám.

[Damned]

Protože tam je psáno:

Pokud Combofixu nerozumíte, NESPOUŠTĚJTE HO. Combofix používejte POUZE pod dohledem zkušeného uživatele ComboFixu.

Tohle je to málo co sis měl přečíst.
Takže, pokud já předpokládám a zcela správně, že ComboFixu rozumíš, dívím se, že si pohoršen, de facto svým chováním.

Jaký byl stav před použitím ComboFixu? (Hlavně mi sem nestrkej log z MWAV)