2 trojani-nejdou smazat

Damned · Příspěvekod **Damned** » 04 bře 2010 17:03

Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:B7ADB4DA
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:1D6686D8
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:943D6A82
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:588B60C7
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:4F58D818
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:F01E7F17
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:ADE16379
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:F50F1555
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:997E6AF4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:F4921BC9
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:42228396
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:5711EF65
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:BB48E5A3
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:3AC42987
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:CF5C4195
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:95B8F7F6
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:077CC761
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8FBE0E9C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:4F636E25
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:053BAE56
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:9B52F176
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:9AB338B9
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:5216CD26
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:2FF4577A
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:193426B4
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:4BB26BE9
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:3A925163
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:59D05D9A
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:4D7FCCD3
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:92D18A5E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:567AC0A6
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:1B1330FD
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DF695222
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:6DD87D86
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:FF818E2B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:EB603FE4
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:3447AB86
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:E1F04E8D
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DAFD38AE
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:6BD1DCDD
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:05816AFA
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:C25C9263
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:77846FFE
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:74699137
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:680086AB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:3064D21D
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:38849DE5
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:2B99FE60
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D01AB2FE
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:4220A65C
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:389D51A1
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:EA2FBCA1
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8EEE3BBB
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:41099CE9
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:37CE0F2E
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:7091055F
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:01442FD8
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A42A9F39
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:700CD00E
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:E36F5B57
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:4CF61E54
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:273A8657
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8B90426A
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:0207454C
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:87FA5E8A
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:E71141D2
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:0B61DB9F
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:949483BD
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:18AE7C5A
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:3B3A35EC

:Files
C:\Windows\*.tmp
C:\Windows\System32\*.tmp
C:\RECYCLER
C:\Windows\tasks\SA.DAT
C:\WINDOWS\HKNTDLL.dll
C:\WINDOWS\System32\zlbw.dll_tobedeleted_old
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\fikcyg2p.default\searchplugins\icqplugin.xml
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\fikcyg2p.default\searchplugins\sweetim.xml
C:\Documents and Settings\Admin\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

:Reg

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

Reklama

patricia · Příspěvekod **patricia** » 04 bře 2010 17:44

Po restartu mi tu naskočila cedulka.mHotkey.exe-Součást nelze najít.Aplikace nemohla být spuštěna,protože součást HKNTDLL.dll nelze najít.Potíže pravděpodobně odstraníte opětovnou instalací aplikace.
m.Hotkey vím že se spouštěl při startu,ale co to je vůbec nevím.

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "http://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:B7ADB4DA deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:1D6686D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:943D6A82 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:588B60C7 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:4F58D818 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:F01E7F17 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:ADE16379 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:F50F1555 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:997E6AF4 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:F4921BC9 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:42228396 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:5711EF65 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:BB48E5A3 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:3AC42987 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:CF5C4195 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:95B8F7F6 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:077CC761 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:8FBE0E9C deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:4F636E25 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:053BAE56 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:9B52F176 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:9AB338B9 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:5216CD26 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:2FF4577A deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:193426B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:4BB26BE9 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:3A925163 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:59D05D9A deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:4D7FCCD3 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:92D18A5E deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:567AC0A6 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:1B1330FD deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:DF695222 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:6DD87D86 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:FF818E2B deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:EB603FE4 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:3447AB86 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:E1F04E8D deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:DAFD38AE deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:6BD1DCDD deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:05816AFA deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:C25C9263 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:77846FFE deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:74699137 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:680086AB deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:3064D21D deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:38849DE5 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:2B99FE60 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:D01AB2FE deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:4220A65C deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:389D51A1 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:EA2FBCA1 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:8EEE3BBB deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:41099CE9 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:37CE0F2E deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:7091055F deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:01442FD8 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:A42A9F39 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:700CD00E deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:E36F5B57 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:4CF61E54 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:273A8657 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:8B90426A deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:0207454C deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:87FA5E8A deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:E71141D2 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:0B61DB9F deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:949483BD deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:18AE7C5A deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:3B3A35EC deleted successfully.
========== FILES ==========
C:\Windows\002303_.tmp moved successfully.
C:\Windows\msdownld.tmp folder moved successfully.
C:\Windows\SET3.tmp moved successfully.
C:\Windows\SETA.tmp moved successfully.
C:\Windows\System32\CONFIG.TMP moved successfully.
C:\Windows\System32\SETF4.tmp moved successfully.
C:\Windows\System32\SETF9.tmp moved successfully.
C:\RECYCLER\S-1-5-21-1177238915-573735546-725345543-1003 folder moved successfully.
C:\RECYCLER folder moved successfully.
C:\Windows\tasks\SA.DAT moved successfully.
C:\WINDOWS\HKNTDLL.dll moved successfully.
C:\WINDOWS\System32\zlbw.dll_tobedeleted_old moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\fikcyg2p.default\searchplugins\icqplugin.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\fikcyg2p.default\searchplugins\sweetim.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\#SharedObjects\bin-debug\AppContainer.swf folder moved successfully.
C:\Documents and Settings\Admin\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\#SharedObjects\bin-debug folder moved successfully.
C:\Documents and Settings\Admin\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store\#SharedObjects folder moved successfully.
C:\Documents and Settings\Admin\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1\Local Store folder moved successfully.
C:\Documents and Settings\Admin\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 folder moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 57290160 bytes
->Flash cache emptied: 46068 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 65716 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 3494877 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 58,00 mb

OTL by OldTimer - Version 3.1.33.0 log created on 03042010_173339

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5c4.dat not found!

Registry entries deleted on Reboot...

Damned · Příspěvekod **Damned** » 04 bře 2010 18:17

Tak jí vrátíme zpět.
V C:\_OTl\MovedFiles\03042010_173339\ je složka s názvem C_Windows a v ní je ta knihovna "HKNTDLL.dll". Přesuň jí zpět do C:\Windows.

Restartuj a vlož mi sem nový log z HJT.

patricia · Příspěvekod **patricia** » 04 bře 2010 18:41

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 18:41:03, on 4.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\mHotkey.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [combofix] "C:\ComboFix\" /c "C:\ComboFix\C.bat"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED3CFC8-996F-4C78-B4F7-943AFB1A5974}: NameServer = 192.168.17.254,193.179.148.42
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe

--
End of file - 7145 bytes

Damned · Příspěvekod **Damned** » 04 bře 2010 18:52

Combofix si odinstalovala? Zmizel soubor Combofix.exe z Plochy?

Pokud ne tak najdi a smaž:
C:\327882R2FWJFW
C:\ComboFix
C:\Qoobox
C:\Combofix.txt
a Combofix.exe
Pak si stáhni OTCleanIt.
- Připoj se k internetu a dvojklikem spusť program
- Klikni na tlačítko CleanUp
- Po dokončení povol restart PC
- Po restartu tento nástroj smaž - není určen pro běžné používání
*****************************************************************************************************************************************
Smaž složku C:\_OTL

Stáhni si ToolsCleaner2 (by de A.Rothstein & Dj Quiou) na Plochu a spusť ho.

Klikni na Pt. Restauration (obnova) a poté na OK.
Klikni na Corbeille (koš) a poté na OK.
Klikni na Fichiers temp (temp složky) a poté na OK.
Klikni na Recherche (hledání) a nech Cleaner pracovat. Může se během čištění zastavit , ale nech ho pokračovat.
Když program skončí , klikni na Suppression (odstranění) a odstraň nalezené.
Zavři a smaž program.
*****************************************************************************************************************************************
Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [combofix] "C:\ComboFix\" /c "C:\ComboFix\C.bat"

Kdyby se něco zase objevilo, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se. :bigups:

patricia · Příspěvekod **patricia** » 04 bře 2010 20:04

Tak snad se mi to všechno povedlo.
Moc díky za pomoc a určitě se tu zase stavím.Mějte se všichni,zatím ahoj.

2 trojani-nejdou smazat Vyřešeno

Re: 2 trojani-nejdou smazat

Re: 2 trojani-nejdou smazat

Re: 2 trojani-nejdou smazat

Re: 2 trojani-nejdou smazat

Re: 2 trojani-nejdou smazat

Re: 2 trojani-nejdou smazat

Kdo je online