Trojan,adirka,nuwar(vyřešeno) Vyřešeno

[patricia]

Nod mi identifikoval nejakýho trojskýho koně(toho jsem smazala)a toto:
Soubor C:\System Volume Information\_restore{A0612098-45E8-4974-BA69-0EDE631D6AFD}\RP139\A0095648.exe obsahuje aplikace Win32/PrcView.
A tohle nejde smazat.Nabízí mi jen možnost ponechat.

[Reklama]

[fredik]

Ten soubor se nachází ve složce pro obnovu systému. Mělo by stačit vypnout obnovu systému, to uděláš následovně:

Klikni pravým tlačítkem myši na Tento počítač -> Vlastnosti otevře se ti okno Vlastnosti systému tam zvol záložku Obnovení systému a v ní vypneš obnovu systému (zatrhneš tu volbu a dáš Ano nebo Ok teď přesně nevím co je tam za variantu). Pak restartuj Pc. Po najetí si ji můžeš zapnout opačným způsobem zpět.

[patricia]

vypnuto.Díky moc.Snad už je to vše.

[fredik]

Jestli nemáš nějaké další problémy tak by to bylo vše, možná pak jestli sakiri bude chtít něco s tím nouzovým režimem udělat, ale to když tak ti řekne on.

[sakiri]

Aby jsme zjistily pokud nemáš náhodou poškozený registr a proto se nemůžeš dostat do nouzového režimu.

Tak si stáhni ComboScan
Zavři všechna spuštěná okna, spusť ComboScan postupuj dle pokynů, začne scan tvého PC.

Po skončení scanu by se ti měl otevřít log - ComboScan.txt tak ho sem celý zkopíruj.

Jinak je uložený na C:\ComboScan

V té složcee jsou dva logy jménem ComboScan.txt a Supplementary.txt, Ale my potřebujeme jenom ten ComboScan.txt

[patricia]

Ahoj.Tak jsem tu. Všechno zatím v pořádku.Tady jestě posílám ten ComboScan.



ComboScan v20070306.20 run by Admin on 2007-03-26 at 20:03:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-03-26 18:03:17 UTC - RP1 - Kontrolní bod systému


Performed disk cleanup.


-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:03:24, on 26.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATITool\ATITool.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Plocha\comboscan.exe
C:\DOCUME~1\Admin\Plocha\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: ATITool.lnk = C:\Program Files\ATITool\ATITool.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8ED3CFC8-996F-4C78-B4F7-943AFB1A5974}: NameServer = 192.168.17.254,193.179.148.42
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe


-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

0R a347bus - C:\WINDOWS\system32\drivers\a347bus.sys
0R a347scsi - C:\WINDOWS\system32\drivers\a347scsi.sys
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
1R AmdK8 (Ovladač procesoru AMD Athlon64) - C:\WINDOWS\system32\drivers\AmdK8.sys
2R AMON - C:\WINDOWS\system32\drivers\amon.sys
1R AsIO - C:\WINDOWS\system32\drivers\AsIO.sys
2R Aspi32 - C:\WINDOWS\system32\drivers\ASPI32.SYS
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
1R ATITool - C:\Program Files\ATITool\atitool.sys
3R dtscsi - C:\WINDOWS\system32\drivers\dtscsi.sys
3R ElbyCDFL - C:\WINDOWS\system32\drivers\ElbyCDFL.sys
2R ElbyCDIO (ElbyCDIO Driver) - C:\WINDOWS\system32\drivers\ElbyCDIO.sys
3S ENTECH - C:\WINDOWS\system32\drivers\Entech.sys
1R GhPciScan (GhostPciScanner) - C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys
4R InCDfs (InCD File System) - C:\WINDOWS\system32\drivers\InCDfs.sys
1R InCDPass - C:\WINDOWS\system32\drivers\InCDpass.sys
1R incdrm (InCD Reader) - C:\WINDOWS\system32\drivers\InCDrm.sys
3S k750bus (Sony Ericsson 750 driver (WDM)) - C:\WINDOWS\system32\drivers\k750bus.sys
3S k750mdfl (Sony Ericsson 750 USB WMC Modem Filter) - C:\WINDOWS\system32\drivers\k750mdfl.sys
3S k750mdm (Sony Ericsson 750 USB WMC Modem Drivers) - C:\WINDOWS\system32\drivers\k750mdm.sys
3S k750mgmt (Sony Ericsson 750 USB WMC Device Management Drivers) - C:\WINDOWS\system32\drivers\k750mgmt.sys
3S k750obex (Sony Ericsson 750 USB WMC OBEX Interface Drivers) - C:\WINDOWS\system32\drivers\k750obex.sys
3S mdxgthkn - C:\DOCUME~1\Admin\LOCALS~1\Temp\mdxgthkn.sys (not found)
3R ms_mpu401 (Microsoft MPU-401 MIDI UART Driver) - C:\WINDOWS\system32\drivers\msmpu401.sys
3R MTsensor (ATK0110 ACPI UTILITY) - C:\WINDOWS\system32\drivers\ASACPI.sys
1R nod32drv - C:\WINDOWS\system32\drivers\nod32drv.sys
0R nvata - C:\WINDOWS\system32\drivers\nvata.sys
3R NVENETFD (NVIDIA nForce Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENETFD.sys
3R nvnetbus (NVIDIA Network Bus Enumerator) - C:\WINDOWS\system32\drivers\nvnetbus.sys
0R ohci1394 - C:\WINDOWS\system32\drivers\ohci1394.sys
1R PQNTDrv - C:\WINDOWS\system32\drivers\PQNTDRV.sys
0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
0S stwlfbus - C:\WINDOWS\system32\drivers\stwlfbus.sys
3R usbehci (Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB) - C:\WINDOWS\system32\drivers\usbohci.sys
3S USBSTOR (Ovladač velkokapacitního paměťového zařízení USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
1R WS2IFSL (Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
1R sp_rsdrv2 (Spyware Terminator Driver 2) - C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator\sp_rsdrv2.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
2S ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
2R ForceWare Intelligent Application Manager (IAM) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
2R ForcewareWebInterface (Forceware Web Interface) - "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice
4S GhostStartService - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
4S InCDsrv (InCD Helper) - C:\Program Files\Ahead\InCD\InCDsrv.exe
2R NOD32krn (NOD32 Kernel Service) - "C:\Program Files\Eset\nod32krn.exe"
2R nSvcIp (ForceWare IP service) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
2R nSvcLog (ForceWare user log service) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"


-- Files created between 2007-02-26 and 2007-03-26 -----------------------------

2007-03-26 17:17:26 0 d-------- C:\Program Files\Spyware Terminator<SPYWAR~1>
2007-03-25 20:47:18 0 d-a------ C:\WINDOWS\zts2.exe
2007-03-25 20:47:18 0 d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-03-25 20:47:18 0 d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-03-25 20:47:18 0 d-a------ C:\WINDOWS\rundll16.exe
2007-03-25 20:47:18 0 d-a------ C:\WINDOWS\rundl132.dll
2007-03-25 20:47:18 0 d-a------ C:\WINDOWS\logo1_.exe
2007-03-25 20:45:30 137216 --a------ C:\WINDOWS\system32\TASKMGR.COM
2007-03-25 20:45:30 137216 --a------ C:\WINDOWS\system32\T.COM
2007-03-25 20:45:30 147968 --a------ C:\WINDOWS\REGEDIT.COM
2007-03-25 20:45:30 147968 --a------ C:\WINDOWS\R.COM
2007-03-20 19:41:14 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-03-20 19:41:14 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-03-20 19:41:14 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-03-17 19:19:32 0 d-------- C:\Program Files\Ubisoft
2007-03-17 17:26:57 0 d-------- C:\Program Files\ClamWin
2007-03-14 15:00:48 3 --a------ C:\WINDOWS\system32\sfxzmtwbmail.dll<SFXZMT~3.DLL>
2007-03-14 15:00:48 3 --a------ C:\WINDOWS\system32\sfxzmtsmtspm.dll<SFXZMT~1.DLL>
2007-03-14 15:00:48 3 --a------ C:\WINDOWS\system32\sfxzmtsmt.dll<SFXZMT~2.DLL>
2007-03-14 15:00:48 3 --a------ C:\WINDOWS\system32\sfxzmtforum.dll<SFXZMT~4.DLL>
2007-03-14 15:00:48 51 --a------ C:\WINDOWS\system32\pfxzmtymsg.dll<PFXZMT~4.DLL>
2007-03-14 15:00:48 51 --a------ C:\WINDOWS\system32\pfxzmtwbmail.dll<PF9452~1.DLL>
2007-03-14 15:00:48 3 --a------ C:\WINDOWS\system32\pfxzmtsmtspm.dll<PFCA7F~1.DLL>
2007-03-14 15:00:48 3 --a------ C:\WINDOWS\system32\pfxzmtsmt.dll<PFB0E0~1.DLL>
2007-03-14 15:00:48 51 --a------ C:\WINDOWS\system32\pfxzmticq.dll<PFXZMT~1.DLL>
2007-03-14 15:00:48 51 --a------ C:\WINDOWS\system32\pfxzmtgtal.dll<PFXZMT~3.DLL>
2007-03-14 15:00:48 51 --a------ C:\WINDOWS\system32\pfxzmtforum.dll<PF5607~1.DLL>
2007-03-14 15:00:48 51 --a------ C:\WINDOWS\system32\pfxzmtaim.dll<PFXZMT~2.DLL>
2007-03-11 19:14:55 0 d-------- C:\Program Files\QIP
2007-03-10 19:29:52 0 d-------- C:\Program Files\Pixarra
2007-03-05 21:18:13 682855 --a------ C:\WINDOWS\Magic Kinder Cup 42SS111.scr<MA7A03~1.SCR>
2007-03-05 21:18:00 0 d-------- C:\Program Files\Magic Kinder Cup 42SS111<MA0F7D~1>
2007-03-03 12:08:54 41 ---h----- C:\WINDOWS\dsez1127.dat


-- Find3M Report ---------------------------------------------------------------

2007-03-26 19:02:49 0 d-------- C:\Documents and Settings\Admin\Data aplikací\Skype
2007-03-26 18:04:48 0 d-------- C:\Documents and Settings\Admin\Data aplikací\Free Download Manager<FREEDO~1>
2007-03-25 22:23:56 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-25 13:05:16 379568 --a------ C:\WINDOWS\system32\perfh005.dat
2007-03-25 13:05:16 62138 --a------ C:\WINDOWS\system32\perfc005.dat
2007-03-17 18:39:06 0 d-------- C:\Documents and Settings\Admin\Data aplikací\BSplayer
2007-03-15 12:38:21 95 --a------ C:\WINDOWS\popcinfo.dat
2007-03-11 18:54:01 0 d-------- C:\Program Files\ICQLite
2007-03-02 16:27:58 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-02 16:27:58 0 d-------- C:\Program Files\BSP Multimedia<BSPMUL~1>
2007-02-26 20:24:56 0 d-------- C:\Documents and Settings\Admin\Data aplikací\Zoner
2007-02-16 22:14:43 0 d-------- C:\Program Files\Java
2007-02-08 18:15:33 0 d-------- C:\Program Files\Magic Kinder Cup 42SS107<MA6F6D~1>
2007-02-08 18:15:31 542619 --a------ C:\WINDOWS\Magic Kinder Cup 42SS107.scr<MA960B~1.SCR>
2007-02-07 18:05:49 0 d-------- C:\Program Files\Magic Kinder Cup 42SS103<MA2F6D~1>
2007-02-07 18:05:46 605287 --a------ C:\WINDOWS\Magic Kinder Cup 42SS103.scr<MA860B~1.SCR>
2007-02-07 17:55:14 513134 --a------ C:\WINDOWS\Magic Kinder Cup 49SS059.scr<MA9121~1.SCR>
2007-02-07 17:50:46 0 d-------- C:\Program Files\Magic Kinder Cup 41SS019<MA8B75~1>
2007-02-07 17:50:44 549608 --a------ C:\WINDOWS\Magic Kinder Cup 41SS019.scr<MA9901~1.SCR>
2007-02-07 17:24:05 0 d-------- C:\Program Files\screen_44SS022<SCREEN~1>
2007-02-07 17:24:03 397053 --a------ C:\WINDOWS\screen_44SS022.scr<SCREEN~1.SCR>
2007-02-07 17:11:47 516629 --a------ C:\WINDOWS\Magic Kinder Cup 41SS001.scr<MA7501~1.SCR>
2007-02-06 21:12:25 0 d-------- C:\Program Files\Magic Kinder Cup 41SS001<MA0B65~1>
2007-02-06 21:02:31 0 d-------- C:\Program Files\Magic Kinder Cup 45SS038<MA7BA5~1>
2007-02-06 21:02:28 830049 --a------ C:\WINDOWS\Magic Kinder Cup 45SS038.scr<MA951D~1.SCR>
2007-02-06 20:57:26 0 d-------- C:\Program Files\Magic Kinder Cup 49SS059<MA8BD5~1>
2007-02-06 20:55:23 0 d-------- C:\Program Files\Magic Kinder Cup 49SS058<MA7BD5~1>
2007-02-06 20:55:21 568222 --a------ C:\WINDOWS\Magic Kinder Cup 49SS058.scr<MA912D~1.SCR>
2007-02-06 20:49:00 0 d-------- C:\Program Files\Magic Kinder Cup 50SS077<MA67DF~1>
2007-02-06 20:48:58 742333 --a------ C:\WINDOWS\Magic Kinder Cup 50SS077.scr<MA90AB~1.SCR>
2007-02-06 20:43:06 0 d-------- C:\Program Files\Magic Kinder Cup 45SS042<MA1BB5~1>
2007-02-06 20:43:05 468428 --a------ C:\WINDOWS\Magic Kinder Cup 45SS042.scr<MA7915~1.SCR>
2007-02-06 20:38:15 0 d-------- C:\Program Files\Magic Kinder Cup 41SS003<MAGICK~4>
2007-02-06 20:38:13 591579 --a------ C:\WINDOWS\Magic Kinder Cup 41SS003.scr<MAGICK~4.SCR>
2007-02-06 20:36:43 0 d-------- C:\Program Files\Magic Kinder Cup 44SS023<MAGICK~3>
2007-02-06 20:36:41 469974 --a------ C:\WINDOWS\Magic Kinder Cup 44SS023.scr<MAGICK~3.SCR>
2007-02-06 20:32:29 0 d-------- C:\Program Files\Magic Kinder Cup 41SS002<MAGICK~2>
2007-02-06 20:32:27 574234 --a------ C:\WINDOWS\Magic Kinder Cup 41SS002.scr<MAGICK~2.SCR>
2007-02-06 20:27:31 0 d-------- C:\Program Files\Magic Kinder Cup 45SS037<MAGICK~1>
2007-02-06 20:27:30 621395 --a------ C:\WINDOWS\Magic Kinder Cup 45SS037.scr<MAGICK~1.SCR>
2007-01-12 20:20:23 356352 --a------ C:\putty.exe


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Program Files\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nTrayFw"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nTrayFw.exe"
"SoundMan"="SOUNDMAN.EXE"
@=""
"ATIPTA"="atiptaxx.exe"
"CHotkey"="mHotkey.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"SpywareTerminator"="\"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ElbyCheck"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Elaborate Bytes\\CloneCD\\CloneCDTray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostStartTrayApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Symantec\\Norton Ghost 2003\\GhostStartTrayApp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OverClk"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ASUS\\Ai Booster\\OverClk.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=dword:00000002
"TapiSrv"=dword:00000003
"InCDsrv"=dword:00000002
"helpsvc"=dword:00000002
"GhostStartService"=dword:00000002
"ERSvc"=dword:00000002


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
Schedule


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9bfc006-626e-11da-8b1d-0013d4cfcaf7}]
Shell\AutoRun\command F:\FarCryAutoCD.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8c4b741-5603-11db-860e-0013d4cfcaf7}]
Shell\AutoRun\command G:\autorun.exe


-- End of ComboScan: finished at 2007-03-26 at 20:04:08

[O.P.i]

Mohli by jste se mi prosim mrknout na muj log. Maj totiž v kompu vir, který se hlásí pokaždym zapnutí počítače a vždy ho přesunu do truhly a po dalším zapnutí tam je znovu. A když chci zapnout ad- aware SE tak mi naběhne vypnutí počítače za 1 minutu. Díky moc. Antivir mi hlasí že je to Win322:Trojan-gen a je to nějaký adirka.dll

Logfile of HijackThis v1.99.1
Scan saved at 21:06:55, on 26.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\MEDIAK~1\MagicKey.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MEDIAK~1\OSD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\adirka.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Petr a Lenka\Dokumenty\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O1 - Hosts: 212.71.145.115 L2authd.lineage2.com
O1 - Hosts: 212.71.145.115 L2testauthd.lineage2.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MagicKey] C:\PROGRA~1\MEDIAK~1\MagicKey.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\system32\lnwin.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [adirka] C:\WINDOWS\system32\adirka.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://82.99.161.66/activex/AxisCamControl.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{745736B9-D19A-4460-8C17-274EFA1FCB21}: NameServer = 160.218.10.200 160.218.43.200
O17 - HKLM\System\CS3\Services\Tcpip\..\{745736B9-D19A-4460-8C17-274EFA1FCB21}: NameServer = 160.218.10.200 160.218.43.200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Firebird Guardian Service (InterBaseGuardian) - FirebirdSQL Project - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: Firebird Server (InterBaseServer) - FirebirdSQL Project - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

[fredik]

Pro O.P.i
Založ si vlastní téma, toto ještě není uzavřené a svůj příspěvek odsud smaž!
Postupuj podle tohoto návodu V logu není vidět ale radši první krok proveď. Když tam nebude ten soubor tak pokračuj druhým bodem.

[O.P.i]

Oki diky ale me to smazat nejde

[sakiri]

Pro patricia

ComboScan nám odhalil další šmejdy. Ty zlikvidujeme.

Ale nenašel že by nešel nouzový režim.

Ale prvně odstraníme šmejdy.

Stáhni si Avenger a spusť ho pod účtem administrátora.

Zvol možnost - Input script manually a klikni na ikonku Lupy vyskočí prázdné okno kam zkopíruj ten tučně označený text:
Folders to delete:
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\logo1_.exe

Pak klikni na Done.
Poté vyskočí hláška kde odklikni Yes poté další kde odklikni Yes.
PC se restartuje po restartu se objeví výpis avengeru ten nás ale nezajímá.

Po aplikaci Avengeru si stáhni Combofix a spusť ho.
postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.

Pak opět prosím o nový log z ComboScanu.

+ zkus po všech aplikací těch nástrojí zkusit se dostat do nouzového režimu.

Pokud by nešel zkusíme ještě něco.

Jinak jsem se nedíval na celý log z ComboScanu podívám se na ten nový. Na ten starý jsem neměl moc času

Takže vlož sem do fóra log z ComboFixu a Comboscanu u toho comboscanu chci ten ComboScan.txt nový.

[patricia]

avanger se mi nepodařilo spustit.Nenaskočili mi ty okna na potvrzení.Zapsalo se pod
Load script from file:Type script name here or click button at right.
Load script from InternetURL:Type URL here.
Tyhle okna nejsou zatrhnutá,jen to Input script manualy.
Nespustí se to tím semaforem?

[patricia]

avanger jsem spustila.Proběhl restart.Odkaz na Combofix mě vyhazuje na prázdnou stránku.Nenašla jsem ho ani na internetu.