Zavirováno nebo ne?

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\eEmpty.exe

Folder::
c:\windows\VDLL.DLL
c:\windows\system32\runouce.exe
c:\windows\rundll16.exe
c:\windows\RUNDL132.EXE
c:\windows\logo1_.exe
c:\windows\logo_1.exe
c:\program files\AskBarDis
C:\Program Files\Common Files\Symantec Shared

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

RegLockDel::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[Reklama]

[hele]

tak sem udelala s to s combofixem presne podle navodu...a ted mi nejde spustit jakykoli program a pri pokusu neco spustit mi vyskoci hlaska - Pokud pouzit neplatnou operaci na klic registru, ktery je oznacem k odstraneni


co s tim??

[Damned]

Určitě byl vypnutý i antivir?

Restartuj počítač, najdi log Combofix2.txt a vlož mi ho sem.

Zkus mi vyfotit tu hlášku

[hele]

no nevim...snazila sem se ho vypnout, ale psalo to tam neco ze to neni uplne vyply... :( pokusim se o to, ale nejde mi otevrit ani zadnej soubor...zkusim ho zkopcit vedle do kompu...jestli ho najdu...

[hele]

tak po restartu aspon muzu spoustet..du hledat :)

[hele]

tak log ComboFix2.txt

ComboFix 10-03-02.08 - Chuligan 03.03.2010 16:54:54.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.1013.433 [GMT 1:00]
Spuštěný z: c:\users\Chuligan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1068986692-2423982232-1815644557-500

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-03 do 2010-03-03 )))))))))))))))))))))))))))))))
.

2010-03-03 16:07 . 2010-03-03 16:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-01 16:40 . 2010-03-01 16:40 -------- d-----w- c:\users\Chuligan\AppData\Roaming\Malwarebytes
2010-03-01 16:40 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-01 16:40 . 2010-03-01 16:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-01 16:40 . 2010-03-01 16:40 -------- d-----w- c:\programdata\Malwarebytes
2010-03-01 16:40 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-01 14:18 . 2010-03-01 14:18 -------- d---a-w- c:\windows\VDLL.DLL
2010-03-01 14:18 . 2010-03-01 14:18 -------- d---a-w- c:\windows\system32\runouce.exe
2010-03-01 14:18 . 2010-03-01 14:18 -------- d---a-w- c:\windows\rundll16.exe
2010-03-01 14:18 . 2010-03-01 14:18 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-03-01 14:18 . 2010-03-01 14:18 -------- d---a-w- c:\windows\logo1_.exe
2010-03-01 14:18 . 2010-03-01 14:18 -------- d---a-w- c:\windows\logo_1.exe
2010-03-01 14:02 . 2010-03-01 14:01 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-03-01 14:01 . 2010-03-01 14:01 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-03-01 14:01 . 2010-03-01 14:01 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-03-01 14:01 . 2010-03-01 14:01 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-03-01 14:01 . 2010-03-01 14:01 -------- d-----w- c:\programdata\MicroWorld
2010-03-01 13:52 . 2010-03-01 13:52 388096 ----a-r- c:\users\Chuligan\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-01 13:52 . 2010-03-01 13:52 -------- d-----w- c:\program files\TrendMicro
2010-02-07 16:28 . 2010-02-07 16:28 -------- d-----w- c:\program files\AskBarDis

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 16:08 . 2007-09-08 15:13 3932160 --sha-w- c:\users\Chuligan\ntuser.dat
2010-03-01 16:40 . 2010-03-01 16:40 -------- d-----w- c:\users\Chuligan\AppData\Roaming\Malwarebytes
2010-03-01 13:52 . 2010-03-01 13:52 388096 ----a-r- c:\users\Chuligan\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-01 13:52 . 2007-09-08 15:13 -------- d-s---w- c:\users\Chuligan\AppData\Roaming\Microsoft
2010-03-01 12:14 . 2007-05-21 23:04 -------- d-----w- c:\programdata\CyberLink
2010-02-24 22:37 . 2009-01-20 13:25 -------- d-----w- c:\users\Chuligan\AppData\Roaming\dvdcss
2010-02-07 16:28 . 2009-10-21 20:40 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-01-27 19:14 . 2007-01-08 21:09 615270 ----a-w- c:\windows\system32\perfh005.dat
2010-01-27 19:14 . 2007-01-08 21:09 120798 ----a-w- c:\windows\system32\perfc005.dat
2010-01-14 10:12 . 2009-10-04 20:45 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 18:20 . 2009-06-23 20:01 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-01-03 14:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 09:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-14 2043160]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2008-02-21 453936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-05 198160]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 21:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-03-28 15:45 176128 ----a-w- c:\program files\Hp\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-01-11 08:55 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-05 13:56 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-19 07:36 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [11.1.2009 21:18 335240]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-02 c:\windows\Tasks\User_Feed_Synchronization-{6192F4C0-352B-48A2-BCD1-569B9000716D}.job
- c:\windows\system32\msfeedssync.exe [2010-01-03 04:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Download with Go!Zilla - file://c:\program files\Go!Zilla\download-with-gozilla.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 17:07
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-03-03 17:13:47
ComboFix-quarantined-files.txt 2010-03-03 16:13

Před spuštěním: Volných bajtů: 107 859 333 120
Po spuštění: Volných bajtů: 107 901 616 128

- - End Of File - - E4A522DB633CB8202ABA4CF8418C7020



a vedle byl este nejakej soubor - ComboFix - quarantine.txt....toho si nemam vsimat?

[Damned]

Zkopíruj mi sem, nebo přilož v archívu všechny texťáky co najdeš s názvem combofix (i ty ve složce "C:\Qoobox"). Tedy i ten s karanténou, Combofix3.txt atd

Pokud napíše něco chybové hlášení, potřebuji ho doslovně znát. Termín "někde, něco, nějak" je asi jako víš co....

[hele]

jojo, du na to, a se svoji komunikaci bojuju porad tak diky za pomoc i trpelivost :))

[hele]

tak tady je text ze souboru Add-Remove Programms.txt

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Ask Toolbar
AutoUpdate
AVG Free 8.5
CCleaner (remove only)
Codec Pack - All In 1 6.0.3.0
Conexant HD Audio
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
ESU for Microsoft Vista
Free Studio version 4.1
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Pavilion Webcam Driver for Vista v061.001.00005
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Update
HP User Guides 0082
HP Wireless Assistant
ICQ6
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 11
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
LG PC Suite
LG USB Modem driver
LightScribe 1.4.136.1
Lingea Lexicon 2002
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 Language Pack SP1 - csy
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
PSSWCORE
RealPlayer
Red Shark
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Seagate Manager Installer
Security Update for Windows Media Encoder (KB954156)
Seznam Pošťák
Skype™ 3.8
Synaptics Pointing Device Driver
Ulead Photo Explorer 8.5 SE Basic
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Winamp
Windows Media Encoder 9 Series





dále z CFScript_used_2010-03-06_17.22.16.txt

File::
c:\windows\system32\eEmpty.exe

Folder::
c:\windows\VDLL.DLL
c:\windows\system32\runouce.exe
c:\windows\rundll16.exe
c:\windows\RUNDL132.EXE
c:\windows\logo1_.exe
c:\windows\logo_1.exe
c:\program files\AskBarDis
C:\Program Files\Common Files\Symantec Shared

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

RegLockDel::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]


a poslední textak - ComboFix-quarantined-files.txt

2010-03-06 16:50:51 . 2010-03-06 16:50:51 1,512 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Ask Toolbar_is1.reg.dat
2010-03-06 16:50:16 . 2010-03-06 16:50:17 335 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Symantec PIF AlertEng.reg.dat
2010-03-06 16:50:14 . 2010-03-06 16:50:14 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98}.reg.dat
2010-03-06 16:34:11 . 2010-03-06 16:34:11 3,378 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_LiveUpdate Notice Service.reg.dat
2010-03-06 16:22:16 . 2010-03-06 16:22:16 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2010-03-03 16:04:55 . 2010-03-06 16:32:24 5,710 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-03-03 15:52:57 . 2010-03-06 16:22:16 124 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-03-01 14:01:57 . 2010-03-01 14:01:56 34,048 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\eEmpty.exe.vir
2010-02-07 16:28:09 . 2008-06-10 16:32:24 36,864 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\bin\psvince.dll.vir
2010-02-07 16:28:09 . 2008-08-26 09:32:14 116,104 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\bin\askPopStp.dll.vir
2010-02-07 16:28:09 . 2008-08-26 09:32:12 279,944 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\bin\askBar.dll.vir
2010-02-07 16:28:09 . 2008-06-12 21:37:16 0 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\Settings\config.dat.bak.vir
2010-02-07 16:28:09 . 2010-02-07 16:28:16 3 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\bar\Settings\config.dat.vir
2010-02-07 16:28:09 . 2010-02-07 16:28:04 695,204 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\unins000.exe.vir
2010-02-07 16:28:09 . 2010-02-07 16:28:14 25,650 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AskBarDis\unins000.dat.vir
2008-08-19 06:50:55 . 2007-01-26 14:36:29 276,064 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\COH\ses3305.tmp.vir
2008-08-19 06:50:55 . 2008-07-30 15:42:16 158,544 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\COH\COHClean.dll.vir
2008-08-19 06:50:54 . 2008-07-30 15:42:18 398,672 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\COH\sH0007.dll.vir
2008-08-19 06:50:54 . 2008-07-30 15:42:20 1,227,600 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\COH\COH32.exe.vir
2008-08-12 03:19:10 . 2008-04-10 21:17:34 607,624 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollMgr.dll.vir
2008-08-12 03:19:09 . 2008-04-10 21:17:26 537,992 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll.vir
2008-07-13 13:48:12 . 2007-01-26 14:53:56 1,992,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\COH\COH64.exe.vir
2008-04-29 13:10:18 . 2008-04-29 13:10:18 4 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\fallback.dat.vir
2008-04-29 12:07:30 . 2008-04-29 12:07:30 1,013,088 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\05\01\AlertEng.loc.vir
2008-01-29 15:38:34 . 2008-01-29 15:38:34 8,749 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\readme.txt.vir
2008-01-29 15:38:34 . 2008-01-29 15:38:34 1,592,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\SymHTML.dll.vir
2008-01-29 15:38:32 . 2008-01-29 15:38:32 1,344,904 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\pifCrawl.exe.vir
2008-01-29 15:38:32 . 2008-01-29 15:38:32 316,808 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifPep06.dll.vir
2008-01-29 15:38:32 . 2008-01-29 15:38:32 284,040 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifPep07.dll.vir
2008-01-29 15:38:32 . 2008-01-29 15:38:32 583,048 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe.vir
2008-01-29 15:38:30 . 2008-01-29 15:38:30 355,574 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\lun.ico.vir
2008-01-29 15:38:30 . 2008-01-29 15:38:30 406,920 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhDSA.dll.vir
2008-01-29 15:38:30 . 2008-01-29 15:38:30 247,176 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhSched.dll.vir
2008-01-29 15:38:30 . 2008-01-29 15:38:30 238,984 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhUpgr.dll.vir
2008-01-29 15:38:28 . 2008-01-29 15:38:28 353,672 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertUi.dll.vir
2008-01-29 15:38:28 . 2008-01-29 15:38:28 218,504 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcGlobal.dll.vir
2008-01-29 15:38:28 . 2008-01-29 15:38:28 251,272 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcmhSvar.dll.vir
2008-01-29 15:38:28 . 2008-01-29 15:38:28 173,448 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcProd.dll.vir
2008-01-29 15:38:26 . 2008-01-29 15:38:26 398,728 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll.vir
2008-01-29 15:38:26 . 2008-01-29 15:38:26 560 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\SPManifests\AlertEng.spm.vir
2008-01-29 15:38:26 . 2008-01-29 15:38:26 233 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\SPManifests\PifCore.grd.vir
2008-01-29 15:38:26 . 2008-01-29 15:38:26 2,267 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\SPManifests\PifCore.sig.vir
2008-01-29 15:38:26 . 2008-01-29 15:38:26 1,552 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\SPManifests\PifCore.spm.vir
2008-01-29 15:38:24 . 2008-01-29 15:38:24 234 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\SPManifests\AlertEng.grd.vir
2008-01-29 15:38:24 . 2008-01-29 15:38:24 2,267 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\SPManifests\AlertEng.sig.vir
2007-05-21 22:50:42 . 2009-01-11 18:24:28 475,064 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll.vir
2006-12-15 23:38:02 . 2006-12-15 23:38:02 935,528 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\DecABI\dec2713.tmp.vir




cela slozka Qoobox obsahuje jeste dve slozky BackEnv a Quarantine a jeste soubor SnapShot@2010-03-06_16.39.33.dat

[Damned]

Smazal vše, co měl.

Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Všechny ostatní nastavení ponech jak jsou. Klikni na Run Scan. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

[hele]

blbej dotaz - ale jak poradne vypnu AVG? chci to udelat uz poradne :) kdyz dam exit tak je furt aktivovanej jen neni v liste...kdyz na nej najedu a dam ignore status u komponenty antivirus a antispyware tak mi to tam ukazuje porad active ale s vykricnikem...a furt mi prijde ze to hlida, ale jinej "vypinac" sem nikde neobjevila :(

[jaro3]

Vsuvka:

AVG 8
Otevři AVG 8 Control Center, pravým klikni na ikonu AVG 8 task bar.
Klikni na nástroje ( Tools)
Vyber Pokročilé (Advanced)
V levé části panelu najeď dole na rezidentní štít (Resident Shield).
V hlavním panelu zruš zatržítko u rezidentního štítu zapnut (Enable Resident Shield).
Když budeš potřebovat zase štít zapnout dej zase zatržítko u rezidentního štítu zapnut (Enable Resident Shield).