prosim o kontrolu logu

[crash40]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:36:45, on 6.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Crash\LOCALS~1\Temp\xxx952.exe
C:\DOCUME~1\Crash\LOCALS~1\Temp\~tmpb.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\DOCUME~1\Crash\LOCALS~1\Temp\~tmpc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - Default URLSearchHook is missing
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [jhdqshvgtcda] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\tonobibuuavyus.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Crash\LOCALS~1\Temp\~tmpb.exe
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\Crash\LOCALS~1\Temp\xxx952.exe
O4 - HKCU\..\Run: [50085430195943656998825734077388] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{228DE9D7-8E81-4FE4-B1C6-2F34B6EB0D49}: NameServer = 193.165.77.60,193.165.192.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{228DE9D7-8E81-4FE4-B1C6-2F34B6EB0D49}: NameServer = 193.165.77.60,193.165.192.9
O17 - HKLM\System\CS2\Services\Tcpip\..\{228DE9D7-8E81-4FE4-B1C6-2F34B6EB0D49}: NameServer = 193.165.77.60,193.165.192.9
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

[Reklama]

[jaro3]

Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT+ mrkni se jestli ti pod Startem nechybí nějaké ikony, zobrazují se ti disky pod Tento počítač....

[crash40]

jak dostanu PC di nouzoveho rezimu... děkuji

[jaro3]

Po restartu a pípnutí drž klávesu F8, objeví se okno najeď na stav nouze ( ne stav nouze se sítí) a potvrď.

[crash40]

Tak tady je prvni log


SDFix: Version 1.240
Run by Crash on źt 06.11.2008 at 20:25

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\wgrwsvxopdeotz.exe - Deleted
C:\Documents and Settings\Crash\Nabˇdka Start\Cheap Pharmacy Online.url - Deleted
C:\Documents and Settings\Crash\Oblˇben‚ polo§ky\Cheap Pharmacy Online.url - Deleted
C:\Documents and Settings\Crash\Nabˇdka Start\SMS TRAP.url - Deleted
C:\Documents and Settings\Crash\Oblˇben‚ polo§ky\SMS TRAP.url - Deleted
C:\Documents and Settings\Crash\Nabˇdka Start\VIP Casino.url - Deleted
C:\Documents and Settings\Crash\Oblˇben‚ polo§ky\VIP Casino.url - Deleted
C:\Program Files\Antivirus 2009\av2009.exe - Deleted
C:\DOCUME~1\Crash\LOCALS~1\Temp\b.exe - Deleted
C:\DOCUME~1\Crash\LOCALS~1\Temp\xxx2001.exe - Deleted
C:\DOCUME~1\Crash\LOCALS~1\Temp\xxx9373.exe - Deleted
C:\DOCUME~1\Crash\LOCALS~1\Temp\xxx952.exe - Deleted
C:\DOCUME~1\Crash\LOCALS~1\Temp\xxx9715.exe - Deleted
C:\WINDOWS\system32\c.ico - Deleted
C:\WINDOWS\system32\m.ico - Deleted
C:\WINDOWS\system32\p.ico - Deleted
C:\WINDOWS\system32\s.ico - Deleted
C:\WINDOWS\k.txt - Deleted
C:\WINDOWS\system32\msxml71.dll - Deleted



Folder C:\Program Files\Antivirus 2009 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 20:40:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\HLSW\\hlsw.exe"="C:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:hlsw"
"C:\\Program Files\\Counter-Strike 1.6\\cstrike.exe"="C:\\Program Files\\Counter-Strike 1.6\\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"C:\\Documents and Settings\\Crash\\Local Settings\\Temp\\Doźasně adres ý 1 pro sdc212.zip\\sdc212\\StrongDC.exe"="C:\\Documents and Settings\\Crash\\Local Settings\\Temp\\Doźasně adres ý 1 pro sdc212.zip\\sdc212\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Documents and Settings\\Crash\\Local Settings\\Temp\\Doźasně adres ý 2 pro sdc212.zip\\sdc212\\StrongDC.exe"="C:\\Documents and Settings\\Crash\\Local Settings\\Temp\\Doźasně adres ý 2 pro sdc212.zip\\sdc212\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Documents and Settings\\Crash\\Plocha\\Miranda IM\\miranda32.exe"="C:\\Documents and Settings\\Crash\\Plocha\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"

Finished!

[crash40]

a tady je log s HiJack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:25, on 6.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - Default URLSearchHook is missing
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [jhdqshvgtcda] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\tonobibuuavyus.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Crash\LOCALS~1\Temp\~tmpb.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{228DE9D7-8E81-4FE4-B1C6-2F34B6EB0D49}: NameServer = 193.165.77.60,193.165.192.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{228DE9D7-8E81-4FE4-B1C6-2F34B6EB0D49}: NameServer = 193.165.77.60,193.165.192.9
O17 - HKLM\System\CS2\Services\Tcpip\..\{228DE9D7-8E81-4FE4-B1C6-2F34B6EB0D49}: NameServer = 193.165.77.60,193.165.192.9
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 6443 bytes

[jaro3]

Najdi a smaž: C:\SDFix
Vypni rez. ochranu u Avastu.
Stáhni si ComboFix (by sUBs)

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[crash40]

ComboFix 08-11-05.02 - Crash 2008-11-06 22:10:38.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.239 [GMT 1:00]
Spuštěný z: c:\documents and settings\Crash\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Crash\Nabídka Start\Search Online.url
c:\documents and settings\Crash\Oblíbené položky\Search Online.url
c:\windows\system32\Cfx32.lic
c:\windows\system32\cfx32.ocx

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-06 do 2008-11-06 )))))))))))))))))))))))))))))))
.

2008-11-06 20:19 . 2008-11-06 20:19 <DIR> d-------- c:\windows\ERUNT
2008-11-06 09:14 . 2008-11-06 09:14 102,172 --a------ c:\windows\system32\cont_offersfortoday-remove.exe
2008-11-02 18:09 . 2008-11-02 18:09 126,976 --a------ c:\windows\War3Unin.exe
2008-11-02 18:09 . 2008-11-02 18:12 16,771 --a------ c:\windows\War3Unin.dat
2008-11-02 18:09 . 2008-11-02 18:09 2,829 --a------ c:\windows\War3Unin.pif
2008-11-02 18:02 . 2008-11-06 22:00 <DIR> d-------- c:\program files\Warcraft III
2008-10-27 12:47 . 2008-10-27 12:47 <DIR> d-a------ c:\program files\sound
2008-10-27 12:47 . 2008-10-27 12:47 <DIR> d-a------ c:\program files\smiles
2008-10-27 12:47 . 2008-10-27 12:47 <DIR> d-a------ c:\program files\skins
2008-10-27 12:47 . 2008-10-27 12:47 <DIR> d-a------ c:\program files\profile
2008-10-27 12:47 . 2008-10-27 12:47 <DIR> d-a------ c:\program files\plugins
2008-10-27 12:47 . 2008-10-27 12:47 <DIR> d-a------ c:\program files\ICQ 6
2008-10-27 12:47 . 2008-10-27 12:47 <DIR> d-a------ c:\program files\icons
2008-10-27 12:47 . 2008-10-27 12:47 <DIR> d-a------ c:\program files\docs
2008-10-27 12:47 . 2008-10-09 16:59 639,045 --a------ c:\program files\miranda32.exe
2008-10-27 12:47 . 2008-10-26 22:07 62,527 --a------ c:\program files\Uninstall.exe
2008-10-27 12:47 . 2008-10-07 23:34 61,440 --a------ c:\program files\dbtool.exe
2008-10-27 12:47 . 2008-10-07 23:35 52,809 --a------ c:\program files\zlib.dll
2008-10-27 12:47 . 2008-09-04 02:35 6,144 --a------ c:\program files\winssl.dll
2008-10-26 18:20 . 2008-10-26 18:20 <DIR> d-------- c:\program files\AskPBar
2008-10-26 18:17 . 2008-10-26 18:30 <DIR> d-------- c:\program files\Trillian
2008-10-15 19:48 . 2008-10-15 19:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-10-15 19:48 . 2008-10-15 19:48 <DIR> d-------- c:\documents and settings\Crash\Data aplikací\Malwarebytes
2008-10-15 19:48 . 2008-10-15 19:48 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-10-15 19:48 . 2008-09-09 23:04 38,528 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-15 19:48 . 2008-09-09 23:03 17,200 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-15 18:01 . 2008-10-15 18:01 <DIR> d-------- c:\program files\Trend Micro
2008-10-15 17:40 . 2008-10-15 19:37 <DIR> d-------- c:\program files\rajce
2008-10-11 09:59 . 2008-10-11 09:59 <DIR> d-------- c:\program files\HD Tune Pro
2008-10-10 17:39 . 2008-07-18 21:07 270,880 --a------ c:\windows\system32\mucltui.dll
2008-10-10 17:39 . 2008-07-18 21:07 210,976 --a------ c:\windows\system32\muweb.dll
2008-10-10 17:39 . 2008-07-18 21:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-10 17:36 . 2006-10-26 18:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-10-10 17:34 . 2008-10-10 17:34 <DIR> d-------- c:\program files\Microsoft Works
2008-10-10 17:28 . 2008-10-10 17:29 <DIR> d-------- c:\windows\SHELLNEW
2008-10-10 17:26 . 2008-10-17 06:46 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-10-10 17:25 . 2008-10-10 17:25 <DIR> dr-h----- C:\MSOCache
2008-10-08 15:55 . 2008-10-08 15:55 364,544 --a------ c:\windows\system32\nsb101.dll
2008-10-07 19:39 . 2008-10-07 19:39 <DIR> d-------- c:\documents and settings\Crash\.thumbnails
2008-10-07 19:33 . 2008-10-07 20:18 <DIR> d-------- c:\documents and settings\Crash\Data aplikací\gtk-2.0
2008-10-07 18:01 . 2008-10-27 10:42 <DIR> d-------- c:\documents and settings\Crash\.gimp-2.6
2008-10-07 18:00 . 2008-10-07 18:00 <DIR> d-------- c:\documents and settings\Crash\.gegl-0.0
2008-10-07 17:58 . 2008-10-07 17:58 <DIR> d-------- c:\program files\Gimp-2.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 20:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 17:56 --------- d-----w c:\program files\HLSW
2008-10-26 17:45 --------- d-----w c:\documents and settings\Crash\Data aplikací\Miranda
2008-10-18 13:36 --------- d-----w c:\program files\EA GAMES
2008-10-14 17:52 --------- d-----w c:\program files\ICQToolbar
2008-09-28 01:30 925,543 ----a-w c:\program files\langpack_czech.txt
2008-09-22 15:01 --------- d-----w c:\program files\ICQ6
2008-09-16 19:52 --------- d-----w c:\program files\Java
2008-09-15 15:40 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-06 18:31 --------- d-----w c:\program files\Safari
2008-09-06 18:31 --------- d-----w c:\documents and settings\Crash\Data aplikací\Apple Computer
2008-09-06 18:30 --------- d-----w c:\program files\Bonjour
2008-09-06 18:29 --------- d-----w c:\program files\Apple Software Update
2008-09-06 18:29 --------- d-----w c:\documents and settings\All Users\Data aplikací\Apple
2008-09-04 01:28 45,962 ----a-w c:\program files\readme.txt
2008-08-29 16:57 18,955 ----a-w c:\program files\license.txt
2008-08-29 16:57 1,580 ----a-w c:\program files\contributors.txt
2008-08-20 05:38 660,480 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:46 2,182,528 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:46 2,059,904 ----a-w c:\windows\system32\ntkrnlpa.exe
2007-03-23 18:22 22,486 ----a-w c:\program files\miranda.ico
2006-09-14 10:01 186 ----a-w c:\program files\mirandaboot.ini
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\cstrike.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Crash\\Plocha\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14904:TCP"= 14904:TCP:BitComet 14904 TCP
"14904:UDP"= 14904:UDP:BitComet 14904 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 hhdusbh;USB Monitor Filter driver;c:\program files\HHD Software\USB Monitor\hhdusbh.sys [2004-07-09 22304]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2004-08-04 69120]
S1 ensqio;ensqio;c:\windows\system32\DRIVERS\ensqio.sys [ ]
S1 sbpcint4;SB AudioPCI 128;c:\windows\system32\DRIVERS\sbpcint4.sys [ ]
S3 MaRdPnp;MaRdPnp;c:\windows\system32\DRIVERS\MaRdP2K.sys [2005-08-18 49867]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c9e204-60be-11dd-889e-000acd122d11}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d281785-2273-11dd-87a6-000acd122d11}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

*Newly Created Service* - PROCEXP90
.
Obsah adresáře 'Naplánované úlohy'

2008-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-jhdqshvgtcda - c:\windows\system32\tonobibuuavyus.dll
MSConfigStartUp-50085430195943656998825734077388 - c:\program files\Antivirus 2009\av2009.exe


.
------- Doplňkový sken -------
.
FireFox -: Profile - c:\documents and settings\Crash\Data aplikací\Mozilla\Firefox\Profiles\2hlde727.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 22:12:59
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


**************************************************************************
.
Celkový čas: 2008-11-06 22:16:22
ComboFix-quarantined-files.txt 2008-11-06 21:15:18

Před spuštěním: 1 427 558 400
Po spuštění: 1,419,644,928

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

165 --- E O F --- 2008-10-24 07:45:59

[jaro3]

Toto otestuj na Virustotal
c:\program files\Uninstall.exe
c:\windows\system32\nsb101.dll


Vlož sem pak výsledky.

[crash40]

Soubor Uninstall.exe přijatý 2008.11.07 17:42:11 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 1/36 (2.78%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 38 a 55 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.11.7.1 2008.11.07 -
AntiVir 7.9.0.26 2008.11.07 -
Authentium 5.1.0.4 2008.11.07 -
Avast 4.8.1248.0 2008.11.06 -
AVG 8.0.0.161 2008.11.07 -
BitDefender 7.2 2008.11.07 -
CAT-QuickHeal 9.50 2008.11.07 -
ClamAV 0.94.1 2008.11.07 -
DrWeb 4.44.0.09170 2008.11.07 -
eSafe 7.0.17.0 2008.11.06 -
eTrust-Vet 31.6.6195 2008.11.06 -
Ewido 4.0 2008.11.07 -
F-Prot 4.4.4.56 2008.11.07 -
F-Secure 8.0.14332.0 2008.11.07 -
Fortinet 3.117.0.0 2008.11.07 -
GData 19 2008.11.07 -
Ikarus T3.1.1.45.0 2008.11.07 -
K7AntiVirus 7.10.519 2008.11.07 -
Kaspersky 7.0.0.125 2008.11.07 -
McAfee 5426 2008.11.06 -
Microsoft 1.4104 2008.11.07 -
NOD32 3595 2008.11.07 -
Norman 5.80.02 2008.11.07 -
Panda 9.0.0.4 2008.11.07 -
PCTools 4.4.2.0 2008.11.07 -
Prevx1 V2 2008.11.07 Suspicious
Rising 21.02.42.00 2008.11.07 -
SecureWeb-Gateway 6.7.6 2008.11.07 -
Sophos 4.35.0 2008.11.07 -
Sunbelt 3.1.1783.2 2008.11.05 -
Symantec 10 2008.11.07 -
TheHacker 6.3.1.1.143 2008.11.07 -
TrendMicro 8.700.0.1004 2008.11.07 -
VBA32 3.12.8.9 2008.11.06 -
ViRobot 2008.11.7.1457 2008.11.07 -
VirusBuster 4.5.11.0 2008.11.06 -

[crash40]

A ten druhý soubor když sem ho chtěl uploudovat tak mi Avast našel v něm vira tak byl přesunut do truhly....

[jaro3]

Vypni zase ochrany.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\cont_offersfortoday-remove.exe
c:\windows\system32\nsb101.dll
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c9e204-60be-11dd-889e-000acd122d11}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d281785-2273-11dd-87a6-000acd122d11}]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT