Trojský kůň

[Joker93]

Dobrý den, dnes mi z Micosoft Security Essentials vyskočila hláška o trojském koni, takže jsem jej přesunul do karantény. Jedná se o Trojan:Win32/Reveton!Ink a Trojan:Win32/Reveton.V. Dále je antivir po operaci neaktivní a žádá restart, což jsem udělal, ale vir/y neodstranil ale nechal v karanténě. Před restartem jsem ale zkoušel zapnout RSIT, který se zasekl a antivir vždy opětovně hlásil vir, který jsem tedy musel vždy dát do karantény a nyní jich tam mám 8, z toho 6 Reveton!Ink a 2 Reveton.V. Chci se ujistit že v PC už nemám žánou havěť a zjistit, co mohl tento virus napáchat. Předem děkuji za odpověď.

Log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2013-12-25 14:23:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 45 GB (74%) free of 60 GB
Total RAM: 3325 MB (85% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:24:23, on 25.12.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Adobe\Reader 11.0\Reader\Reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Admin\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{04FE91B6-1F6F-496E-A9C0-EBABAC64204D}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{04FE91B6-1F6F-496E-A9C0-EBABAC64204D}: NameServer = 192.168.1.254
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

[vyosek]

Zdravim

Zkuste udelat log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100

[Joker93]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-12-2013 01
Ran by Admin (administrator) on ADMIN on 25-12-2013 14:34:42
Running from C:\Documents and Settings\Admin\Plocha
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(forum.viry.cz) C:\Documents and Settings\Admin\Plocha\FRSTLauncher.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\ping.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20065936 2012-06-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-04-05] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Tcpip\..\Interfaces\{04FE91B6-1F6F-496E-A9C0-EBABAC64204D}: [NameServer]192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\rz9xrwqd.default-1380989125015
FF Homepage: seznam.cz
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

========================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 L1c; C:\Windows\System32\DRIVERS\l1c51x86.sys [82032 2012-04-25] (Atheros Communications, Inc.)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtKHDMI.sys [4125352 2011-12-02] (Realtek Semiconductor Corp.)
S1 akludgrm; \??\C:\WINDOWS\system32\drivers\akludgrm.sys [x]
S1 bdousemo; \??\C:\WINDOWS\system32\drivers\bdousemo.sys [x]
S1 bqjtnyhs; \??\C:\WINDOWS\system32\drivers\bqjtnyhs.sys [x]
S1 foaqmyrd; \??\C:\WINDOWS\system32\drivers\foaqmyrd.sys [x]
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [x]
S4 IntelIde; No ImagePath
S1 itqnjbci; \??\C:\WINDOWS\system32\drivers\itqnjbci.sys [x]
S1 pmvgpvmn; \??\C:\WINDOWS\system32\drivers\pmvgpvmn.sys [x]
S1 qvlogdgn; \??\C:\WINDOWS\system32\drivers\qvlogdgn.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-25 14:34 - 2013-12-25 14:34 - 00005516 _____ C:\Documents and Settings\Admin\Plocha\FRST.txt
2013-12-25 14:34 - 2013-12-25 14:34 - 00000000 ____D C:\FRST
2013-12-25 14:33 - 2013-12-25 14:33 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Admin\Plocha\FRSTLauncher.exe
2013-12-25 14:33 - 2013-12-25 14:33 - 00029696 _____ C:\Documents and Settings\Admin\Local Settings\Data aplikací\MSGBOX.EXE
2013-12-25 14:33 - 2013-12-25 14:33 - 00015327 _____ C:\Documents and Settings\Admin\Plocha\LM.bat
2013-12-25 14:32 - 2013-12-25 14:32 - 01061545 _____ (Farbar) C:\Documents and Settings\Admin\Plocha\FRST.exe
2013-12-25 14:10 - 2013-12-25 14:24 - 00000000 ____D C:\rsit
2013-12-25 14:05 - 2013-12-25 14:20 - 00012600 _____ C:\Documents and Settings\All Users\Data aplikací\oaod7t9l.fee
2013-12-25 14:00 - 2013-12-25 14:00 - 00228864 _____ (http://tortoisesvn.net) C:\Documents and Settings\All Users\Data aplikací\l9t7doao.jss
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 _____ C:\Documents and Settings\All Users\Data aplikací\oaod7t9l.odd
2013-12-21 13:51 - 2013-12-21 13:51 - 00000667 _____ C:\Documents and Settings\All Users\Plocha\Vietcong - Fist Alpha.lnk
2013-12-21 13:51 - 2013-12-21 13:51 - 00000633 _____ C:\Documents and Settings\All Users\Plocha\Vietcong.lnk
2013-12-21 13:51 - 2013-12-21 13:51 - 00000000 ____D C:\Program Files\Cenega Czech
2013-12-21 13:51 - 2013-12-21 13:51 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Vietcong
2013-12-11 16:11 - 2013-12-11 16:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-11 16:11 - 2013-12-11 16:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-11 16:10 - 2013-12-11 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-11 16:10 - 2013-12-11 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-11 16:10 - 2013-12-11 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-06 18:39 - 2013-12-06 21:01 - 00002315 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Adobe Reader XI.lnk
2013-12-06 18:39 - 2013-12-06 18:39 - 00001734 _____ C:\Documents and Settings\All Users\Plocha\Adobe Reader XI.lnk
2013-12-06 18:39 - 2013-12-06 18:39 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-06 18:39 - 2013-12-06 18:39 - 00000000 ____D C:\Program Files\Adobe

==================== One Month Modified Files and Folders =======

2013-12-25 14:34 - 2013-12-25 14:34 - 00005516 _____ C:\Documents and Settings\Admin\Plocha\FRST.txt
2013-12-25 14:34 - 2013-12-25 14:34 - 00000000 ____D C:\FRST
2013-12-25 14:34 - 2013-05-11 22:36 - 00000000 ____D C:\Documents and Settings\Admin\Plocha
2013-12-25 14:33 - 2013-12-25 14:33 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Admin\Plocha\FRSTLauncher.exe
2013-12-25 14:33 - 2013-12-25 14:33 - 00029696 _____ C:\Documents and Settings\Admin\Local Settings\Data aplikací\MSGBOX.EXE
2013-12-25 14:33 - 2013-12-25 14:33 - 00015327 _____ C:\Documents and Settings\Admin\Plocha\LM.bat
2013-12-25 14:33 - 2013-09-27 18:49 - 00000366 ____H C:\WINDOWS\Tasks\MpIdleTask.job
2013-12-25 14:33 - 2013-05-16 14:09 - 00000000 ____D C:\Documents and Settings\Admin\Dokumenty\Stažené soubory
2013-12-25 14:33 - 2013-05-11 22:36 - 00000000 ___HD C:\Documents and Settings\Admin\Local Settings\Data aplikací
2013-12-25 14:32 - 2013-12-25 14:32 - 01061545 _____ (Farbar) C:\Documents and Settings\Admin\Plocha\FRST.exe
2013-12-25 14:27 - 2013-05-12 00:25 - 01023836 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-25 14:25 - 2013-05-11 22:32 - 01750612 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-25 14:24 - 2013-12-25 14:10 - 00000000 ____D C:\rsit
2013-12-25 14:24 - 2013-09-27 05:54 - 00000000 ____D C:\Program Files\trend micro
2013-12-25 14:23 - 2013-05-11 22:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-25 14:23 - 2013-05-11 22:36 - 00000000 ___RD C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění
2013-12-25 14:22 - 2013-05-11 22:36 - 00032404 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-25 14:22 - 2013-05-11 22:36 - 00000178 ___SH C:\Documents and Settings\Admin\ntuser.ini
2013-12-25 14:22 - 2013-05-11 17:18 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-12-25 14:20 - 2013-12-25 14:05 - 00012600 _____ C:\Documents and Settings\All Users\Data aplikací\oaod7t9l.fee
2013-12-25 14:05 - 2013-05-12 00:24 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2013-12-25 14:00 - 2013-12-25 14:00 - 00228864 _____ (http://tortoisesvn.net) C:\Documents and Settings\All Users\Data aplikací\l9t7doao.jss
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 _____ C:\Documents and Settings\All Users\Data aplikací\oaod7t9l.odd
2013-12-25 13:59 - 2013-05-11 22:36 - 00000000 ____D C:\Documents and Settings\Admin
2013-12-25 11:44 - 2013-10-05 15:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-24 11:59 - 2006-03-02 13:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-21 13:51 - 2013-12-21 13:51 - 00000667 _____ C:\Documents and Settings\All Users\Plocha\Vietcong - Fist Alpha.lnk
2013-12-21 13:51 - 2013-12-21 13:51 - 00000633 _____ C:\Documents and Settings\All Users\Plocha\Vietcong.lnk
2013-12-21 13:51 - 2013-12-21 13:51 - 00000000 ____D C:\Program Files\Cenega Czech
2013-12-21 13:51 - 2013-12-21 13:51 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Vietcong
2013-12-21 13:51 - 2013-05-12 00:24 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2013-12-21 13:51 - 2013-05-12 00:24 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2013-12-16 18:37 - 2013-09-29 20:04 - 00000000 ____D C:\Documents and Settings\Admin\Dokumenty\Historie
2013-12-14 18:24 - 2013-05-11 22:36 - 00000000 ___RD C:\Documents and Settings\Admin\Dokumenty\Obrázky
2013-12-11 16:13 - 2013-05-12 00:23 - 00294072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-11 16:11 - 2013-12-11 16:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-11 16:11 - 2013-12-11 16:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-11 16:11 - 2013-08-14 07:22 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-11 16:11 - 2013-05-12 12:07 - 00019306 _____ C:\WINDOWS\system32\TZLog.log
2013-12-11 16:10 - 2013-12-11 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-11 16:10 - 2013-12-11 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-11 16:10 - 2013-12-11 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-11 16:10 - 2013-05-12 12:13 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-07 16:32 - 2013-05-11 22:36 - 00000000 ___RD C:\Documents and Settings\Admin\Dokumenty
2013-12-06 21:01 - 2013-12-06 18:39 - 00002315 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Adobe Reader XI.lnk
2013-12-06 18:39 - 2013-12-06 18:39 - 00001734 _____ C:\Documents and Settings\All Users\Plocha\Adobe Reader XI.lnk
2013-12-06 18:39 - 2013-12-06 18:39 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-12-06 18:39 - 2013-12-06 18:39 - 00000000 ____D C:\Program Files\Adobe
2013-12-06 18:39 - 2013-05-12 10:10 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Adobe
2013-12-04 21:32 - 2013-05-11 22:42 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-04 21:32 - 2013-05-11 22:36 - 00000000 __RHD C:\Documents and Settings\Admin\Data aplikací
2013-11-29 23:08 - 2013-05-12 10:48 - 00000000 ___RD C:\Documents and Settings\Admin\Dokumenty\Filmy

Some content of TEMP:
====================
C:\Documents and Settings\Admin\Local Settings\temp\ITal.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2006-03-02 13:00] - [2008-04-14 07:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\Windows\System32\winlogon.exe
[2006-03-02 13:00] - [2008-04-14 07:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\Windows\System32\svchost.exe
[2006-03-02 13:00] - [2008-04-14 07:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\Windows\System32\services.exe
[2006-03-02 13:00] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\Windows\System32\User32.dll
[2006-03-02 13:00] - [2008-04-14 07:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\Windows\System32\userinit.exe
[2006-03-02 13:00] - [2008-04-14 07:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\Windows\System32\Drivers\volsnap.sys
[2006-03-02 13:00] - [2008-04-14 06:42] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1


==================== End Of Log ============================

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
  HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
  
  HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
  SearchScopes: HKLM - DefaultScope value is missing.
  
  S1 akludgrm; \??\C:\WINDOWS\system32\drivers\akludgrm.sys [x]
  S1 bdousemo; \??\C:\WINDOWS\system32\drivers\bdousemo.sys [x]
  S1 bqjtnyhs; \??\C:\WINDOWS\system32\drivers\bqjtnyhs.sys [x]
  S1 foaqmyrd; \??\C:\WINDOWS\system32\drivers\foaqmyrd.sys [x]
  S3 gdrv; \??\C:\WINDOWS\gdrv.sys [x]
  S4 IntelIde; No ImagePath
  S1 itqnjbci; \??\C:\WINDOWS\system32\drivers\itqnjbci.sys [x]
  S1 pmvgpvmn; \??\C:\WINDOWS\system32\drivers\pmvgpvmn.sys [x]
  S1 qvlogdgn; \??\C:\WINDOWS\system32\drivers\qvlogdgn.sys [x]
  U3 TlntSvr; 
  
  C:\WINDOWS\system32\drivers\akludgrm.sys
  C:\WINDOWS\system32\drivers\bdousemo.sys
  C:\WINDOWS\system32\drivers\bqjtnyhs.sys
  C:\WINDOWS\system32\drivers\foaqmyrd.sys 
  C:\WINDOWS\system32\drivers\itqnjbci.sys
  C:\WINDOWS\system32\drivers\pmvgpvmn.sys 
  C:\WINDOWS\system32\drivers\qvlogdgn.sys 
  2013-12-25 14:33 - 2013-12-25 14:33 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Admin\Plocha\FRSTLauncher.exe
  2013-12-25 14:33 - 2013-12-25 14:33 - 00029696 _____ C:\Documents and Settings\Admin\Local Settings\Data aplikací\MSGBOX.EXE
  2013-12-25 14:33 - 2013-12-25 14:33 - 00015327 _____ C:\Documents and Settings\Admin\Plocha\LM.bat
  2013-12-25 14:05 - 2013-12-25 14:20 - 00012600 _____ C:\Documents and Settings\All Users\Data aplikací\oaod7t9l.fee
  2013-12-25 14:00 - 2013-12-25 14:00 - 00228864 _____ (http://tortoisesvn.net) C:\Documents and Settings\All Users\Data aplikací\l9t7doao.jss
  2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 _____ C:\Documents and Settings\All Users\Data aplikací\oaod7t9l.odd
  C:\Documents and Settings\Admin\Local Settings\temp\ITal.dll
  
  Hosts:
  CMD: shutdown /r /f /t 2
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[Joker93]

Ještě radši doplním, že po nynějším spuštění FRST (předtím jsem spouštěl FRST Launcher) se mi na ploše vytvořila složka FRST older Version, kde se obě ikony nacházejí a na ploše zůstal jen FRST a logy.

Log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-12-2013
Ran by Admin at 2013-12-25 15:25:31 Run:1
Running from C:\Documents and Settings\Admin\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)

HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
SearchScopes: HKLM - DefaultScope value is missing.

S1 akludgrm; \??\C:\WINDOWS\system32\drivers\akludgrm.sys [x]
S1 bdousemo; \??\C:\WINDOWS\system32\drivers\bdousemo.sys [x]
S1 bqjtnyhs; \??\C:\WINDOWS\system32\drivers\bqjtnyhs.sys [x]
S1 foaqmyrd; \??\C:\WINDOWS\system32\drivers\foaqmyrd.sys [x]
S3 gdrv; \??\C:\WINDOWS\gdrv.sys [x]
S4 IntelIde; No ImagePath
S1 itqnjbci; \??\C:\WINDOWS\system32\drivers\itqnjbci.sys [x]
S1 pmvgpvmn; \??\C:\WINDOWS\system32\drivers\pmvgpvmn.sys [x]
S1 qvlogdgn; \??\C:\WINDOWS\system32\drivers\qvlogdgn.sys [x]
U3 TlntSvr;

C:\WINDOWS\system32\drivers\akludgrm.sys
C:\WINDOWS\system32\drivers\bdousemo.sys
C:\WINDOWS\system32\drivers\bqjtnyhs.sys
C:\WINDOWS\system32\drivers\foaqmyrd.sys
C:\WINDOWS\system32\drivers\itqnjbci.sys
C:\WINDOWS\system32\drivers\pmvgpvmn.sys
C:\WINDOWS\system32\drivers\qvlogdgn.sys
2013-12-25 14:33 - 2013-12-25 14:33 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Admin\Plocha\FRSTLauncher.exe
2013-12-25 14:33 - 2013-12-25 14:33 - 00029696 _____ C:\Documents and Settings\Admin\Local Settings\Data aplikací\MSGBOX.EXE
2013-12-25 14:33 - 2013-12-25 14:33 - 00015327 _____ C:\Documents and Settings\Admin\Plocha\LM.bat
2013-12-25 14:05 - 2013-12-25 14:20 - 00012600 _____ C:\Documents and Settings\All Users\Data aplikací\oaod7t9l.fee
2013-12-25 14:00 - 2013-12-25 14:00 - 00228864 _____ (http://tortoisesvn.net) C:\Documents and Settings\All Users\Data aplikací\l9t7doao.jss
2013-12-25 14:00 - 2013-12-25 14:00 - 00000000 _____ C:\Documents and Settings\All Users\Data aplikací\oaod7t9l.odd
C:\Documents and Settings\Admin\Local Settings\temp\ITal.dll

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
akludgrm => Service deleted successfully.
bdousemo => Service deleted successfully.
bqjtnyhs => Service deleted successfully.
foaqmyrd => Service deleted successfully.
gdrv => Service deleted successfully.
IntelIde => Service deleted successfully.
itqnjbci => Service deleted successfully.
pmvgpvmn => Service deleted successfully.
qvlogdgn => Service deleted successfully.
TlntSvr => Service deleted successfully.
"C:\WINDOWS\system32\drivers\akludgrm.sys" => File/Directory not found.
"C:\WINDOWS\system32\drivers\bdousemo.sys" => File/Directory not found.
"C:\WINDOWS\system32\drivers\bqjtnyhs.sys" => File/Directory not found.
"C:\WINDOWS\system32\drivers\foaqmyrd.sys" => File/Directory not found.
"C:\WINDOWS\system32\drivers\itqnjbci.sys" => File/Directory not found.
"C:\WINDOWS\system32\drivers\pmvgpvmn.sys" => File/Directory not found.
"C:\WINDOWS\system32\drivers\qvlogdgn.sys" => File/Directory not found.
"C:\Documents and Settings\Admin\Plocha\FRSTLauncher.exe" => File/Directory not found.
"C:\Documents and Settings\Admin\Local Settings\Data aplikací\MSGBOX.EXE" => File/Directory not found.
"C:\Documents and Settings\Admin\Plocha\LM.bat" => File/Directory not found.
C:\Documents and Settings\All Users\Data aplikací\oaod7t9l.fee => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\l9t7doao.jss => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\oaod7t9l.odd => Moved successfully.
C:\Documents and Settings\Admin\Local Settings\temp\ITal.dll => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========


==== End of Fixlog ====

[vyosek]

To je OK, FRST se aktualizoval a do te slozky dal sve zalohy

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Joker93]

Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/25/2013 03:45:34 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/25/2013 03:46:09 PM
Execution time: 0 hours(s), 0 minute(s), and 34 seconds(s)


Tak činnost CF proběhla docela rychle.

ComboFix 13-12-24.02 - Admin 25.12.2013 15:50:22.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3325.2714 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-25 do 2013-12-25 )))))))))))))))))))))))))))))))
.
.
2013-12-25 13:37 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9687B1E5-E866-4BB3-8D2F-1127075295F0}\mpengine.dll
2013-12-25 13:34 . 2013-12-25 14:25 -------- d-----w- C:\FRST
2013-12-25 13:10 . 2013-12-25 13:24 -------- d-----w- C:\rsit
2013-12-24 14:14 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-21 12:51 . 2013-12-21 12:51 -------- d-----w- c:\program files\Cenega Czech
2013-12-21 12:51 . 2013-12-21 12:51 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2013-12-21 12:51 . 2002-12-05 13:12 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2013-12-21 12:51 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2013-12-21 12:51 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2013-12-21 12:51 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2013-12-21 12:51 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2013-12-21 12:51 . 2013-12-21 12:51 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2013-12-06 17:39 . 2013-12-06 17:39 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2013-05-11 16:20 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 03:00 . 2006-03-02 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2006-03-02 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:36 . 2010-08-13 16:44 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:51 . 2006-03-02 12:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:45 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:45 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-29 07:45 . 2006-03-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:45 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2013-10-23 23:45 . 2006-03-02 12:00 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:57 . 2006-03-02 12:00 279552 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:13 . 2006-03-02 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 11:00 . 2006-03-02 12:00 606208 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 18:42 . 2013-10-05 18:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
.
R3 L1c;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [11.5.2013 22:45 82032]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.5.2013 22:42 1691480]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-25 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 09:11]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{04FE91B6-1F6F-496E-A9C0-EBABAC64204D}: NameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\rz9xrwqd.default-1380989125015\
FF - prefs.js: browser.startup.homepage - seznam.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-25 15:52
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2013-12-25 15:53:02
ComboFix-quarantined-files.txt 2013-12-25 14:53
.
Před spuštěním: Volných bajtů: 46 561 755 136
Po spuštění: Volných bajtů: 46 523 244 544
.
- - End Of File - - DF8462C16A2A12BB13AE5CF8F7304A6E
413FC2A0C716421B3158746D63736515

[Joker93]

Ještě se zeptám na ten antivir nebo mi to nedá pokoj, můžu nalezené trojany smazat nebo je mám zatím nechat v karanténě?

[vyosek]

Kde jej nachazi??

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Kliknete na volbu Change parametrs
• V okne Additional Option zakliknete vsechny moznosti
• Kliknete na OK
• Utilite prikazte, at skenuje - klik na Start Scan
• Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
• Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
• Pokud mate vsude Skip, kliknete na Continue
• Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

[Joker93]

Nemyslím nové viry, ale již ty nalezené, které mám stále v karanténě.

[vyosek]

V karantene jsou neskodne, ale muzete ji vymazat

[Joker93]

# AdwCleaner v3.016 - Report created 25/12/2013 at 19:49:54
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Admin - ADMIN
# Running from : C:\Documents and Settings\Admin\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (cs)

[ File : C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\rz9xrwqd.default-1380989125015\prefs.js ]


*************************

AdwCleaner[R0].txt - [807 octets] - [25/12/2013 19:49:35]
AdwCleaner[S0].txt - [729 octets] - [25/12/2013 19:49:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [788 octets] ##########

[Joker93]

TDSSKiller chce update, mám jej načíst nebo pokračovat bez něj? Pokud se hloupě ptám tak mě zaražte, ale pro jistotu se vždy zeptám.

[vyosek]

V pohode, radeji se vzdy zeptat

Ano, update povolte

[Joker93]

Scan se dokončil a v programu se objevilo No threats found, ale nevidím možnost Skip.