prosba o pomoc

[j.novis]

Dobrý den, na počítači mé dcery se objevil sshnas. Po otevření nejde pracovat s programy. Děkuji za pomoc. Posílám její log.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-07-15 11:31:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (32%) free of 15 GB
Total RAM: 1015 MB (81% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-12 1372160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2008-09-17 106496]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2008-09-16 593920]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2008-05-21 94208]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2008-09-03 335872]
"ETDWareDetect"=C:\Program Files\Elantech\ETDDect.exe [2008-08-28 204800]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-05-20 111928]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-31 16806912]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"sysgif32"=C:\WINDOWS\TEMP\~TM87.tmp [2010-01-16 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AutoRun OSCleaner.lnk - C:\Program Files\ASUS\Asus OS Cleaner\AsOSCleaner.exe
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Documents and Settings\Karolinka Nováková\Data aplikací\winsvrcn.exe"="C:\Documents and Settings\Karolinka Nováková\Data aplikací\winsvrcn.exe:*:Enabled:WindowsSysControl"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2012-09-22 17:09:19 ----D---- C:\Program Files\Eee Storage
2012-09-22 17:08:04 ----D---- C:\Program Files\Elantech
2012-09-22 10:32:26 ----A---- C:\WINDOWS\system32\drivers\ASUSACPI.SYS
2012-09-22 10:32:23 ----D---- C:\Program Files\EeePC
2010-07-15 11:32:01 ----D---- C:\Program Files\trend micro
2010-07-15 11:31:58 ----D---- C:\rsit
2010-07-15 10:14:30 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2010-07-15 08:06:26 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2010-07-15 08:06:19 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-07-15 08:06:19 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Sun
2010-07-15 08:06:19 ----D---- C:\Documents and Settings\Administrator\Data aplikací\InstallShield
2010-07-15 08:06:19 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Identities
2010-07-15 08:05:42 ----A---- C:\WINDOWS\ntbtlog.txt
2010-07-14 17:10:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-14 17:10:27 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-13 22:02:39 ----D---- C:\Program Files\Cyklotrasy
2010-07-13 16:29:56 ----A---- C:\WINDOWS\Ohiqya.exe
2010-07-13 16:29:32 ----A---- C:\WINDOWS\system32\sshnas21.dll
2010-07-12 21:53:08 ----AH---- C:\WINDOWS\system32\winrtsnr.txt
2010-07-11 12:32:13 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-07-11 12:30:39 ----D---- C:\Program Files\Windows Media Connect 2
2010-07-11 12:27:39 ----D---- C:\WINDOWS\system32\LogFiles
2010-07-11 12:27:39 ----D---- C:\WINDOWS\system32\drivers\UMDF

======List of files/folders modified in the last 1 months======

2012-09-22 17:28:07 ----D---- C:\WINDOWS\repair
2012-09-22 17:28:02 ----D---- C:\WINDOWS\system32\Restore
2012-09-22 10:50:46 ----A---- C:\WINDOWS\oemver.txt
2012-09-22 10:33:05 ----D---- C:\Program Files\ASUS
2012-09-22 10:32:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-15 11:32:01 ----RD---- C:\Program Files
2010-07-15 10:13:17 ----D---- C:\WINDOWS
2010-07-15 10:12:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-15 10:00:28 ----HD---- C:\WINDOWS\inf
2010-07-15 09:55:47 ----D---- C:\WINDOWS\Prefetch
2010-07-15 09:46:25 ----D---- C:\WINDOWS\Temp
2010-07-15 08:06:16 ----D---- C:\Documents and Settings
2010-07-14 20:43:11 ----A---- C:\WINDOWS\imsins.BAK
2010-07-14 19:14:22 ----SD---- C:\WINDOWS\Tasks
2010-07-14 17:10:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-14 17:10:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-14 17:10:28 ----D---- C:\WINDOWS\system32
2010-07-11 22:24:37 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-11 12:30:55 ----A---- C:\WINDOWS\win.ini
2010-07-11 12:30:37 ----D---- C:\Program Files\Windows Media Player
2010-07-11 12:30:28 ----D---- C:\WINDOWS\Help
2010-07-11 12:28:53 ----D---- C:\WINDOWS\system32\drivers
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 Ktp;Elantech TouchPad; C:\WINDOWS\system32\DRIVERS\ETD.sys [2008-09-04 26112]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-03 546976]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
S3 Axtmvflt;Axesstel USB Filter Service; C:\WINDOWS\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
S3 Axtmvmdm;Axesstel USB Modem; C:\WINDOWS\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
S3 Axtmvprt;Axesstel Diagnostic Port; C:\WINDOWS\System32\Drivers\Axtmvprt.sys [2007-03-26 38784]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-12 4751360]
S3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-03-11 36864]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound; C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys [2008-06-30 38272]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 usnjsvc;Služba Čtení deníku USN sdílených složek programu Messenger; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[stell]

zdravim
Stiahnes>>OTMoveIt3 by OldTimer >.podla navodu vloz text a klik-Moveit>>log po restarte vloz sem.

Kód: Vybrat vše

:processes
explorer.exe

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"sysgif32"=-

:commands
[emptytemp]
[ClearAllRestorePoints]
[start explorer]
[Reboot]

Stiahnes>>Malwarebytes' Anti-Malware stiahnut-nainstalovat -aktualizovat-
sprav komplet skan,co najde ZMAZAT,log vloz sem,
PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte>>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe



Suhlasit instalacio Konzoly pre zotavenie (Recovery console)


- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

[j.novis]

All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\SET3A.tmp moved successfully.
C:\WINDOWS\system32\SET3E.tmp moved successfully.
C:\WINDOWS\system32\SET46.tmp moved successfully.
C:\WINDOWS\Installer\MSI200.tmp moved successfully.
C:\WINDOWS\Installer\MSI83.tmp moved successfully.
C:\WINDOWS\Installer\MSI86.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\Temp\~TM87.tmp moved successfully.
C:\WINDOWS\Temp\~TM88.tmp moved successfully.
C:\WINDOWS\Temp\_avast4_\unp58286113.tmp moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysgif32 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 66560 bytes
->Temporary Internet Files folder emptied: 2106375 bytes
->Flash cache emptied: 434 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Karolinka Nováková
->Temp folder emptied: 30939958 bytes
->Temporary Internet Files folder emptied: 655336655 bytes
->Java cache emptied: 1112375 bytes
->Flash cache emptied: 95685 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26924533 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 684,00 mb


Restore points cleared and new OTM Restore Point set!

OTM by OldTimer - Version 3.1.14.0 log created on 07152010_170921

Files moved on Reboot...
File C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEE5A.tmp not found!
File C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEE67.tmp not found!
File C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEEC1.tmp not found!
File C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEECE.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\VF25G1WY\readMessageScreen[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QDHHD8VH\framesetScreen[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9L1V9UPL\afr[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9L1V9UPL\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5A8H3ICZ\emptyScreen[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5A8H3ICZ\OTM[1].exe moved successfully.

Registry entries deleted on Reboot...

Files moved on Reboot...
File C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEE5A.tmp not found!
File C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEE67.tmp not found!
File C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEEC1.tmp not found!
File C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEECE.tmp not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\VF25G1WY\readMessageScreen[1].htm not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QDHHD8VH\framesetScreen[1].htm not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9L1V9UPL\afr[1].htm not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9L1V9UPL\viewtopic[1].htm not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5A8H3ICZ\emptyScreen[1].htm not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5A8H3ICZ\OTM[1].exe not found!

Registry entries deleted on Reboot...

[stell]

dobre pokracuj malwarebytes,tak ako som napisal.

[j.novis]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4316

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

15.7.2010 17:50:21
mbam-log-2010-07-15 (17-50-21).txt

Typ skenu: Rychlý sken
Skenované objekty: 127676
Uplynulý čas: 6 minuta(y), 21 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 7

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FakeAlert) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\Karolinka Nováková\Data aplikací\winsvrcn.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\Ohiqya.exe (Trojan.FraudPack) -> No action taken.
C:\Documents and Settings\Karolinka Nováková\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\fvgqad.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.

[stell]

zmazat vsetko programom malwarebytes a log vloz sem,,potom pokracujes Combofixom.

[j.novis]

Bohužel u nás vypnuli elektriku ještě před vymazáním souborů.Jak mám prosím pokračovat? Mám Malwarebytes nainstalovat znovu a celé to zopakovat?
Díky

[stell]

Malwarebytes mas nainstalovane,,najdi a spust ho znova,,a ked skonci skan,,Zmaz vsetko a log vloz sem.

[j.novis]

Ano mám ho, ale když se ho snažím otevřít přes zástupce na ploše, tak mi to hodí Run time error 0.

[stell]

Dobre odinstaluj cez pridat odobrat programy,stiahnut a znova nainstalovat,

[stell]

alebo pockaj,napisem ti script pre OTM,

[stell]

odinstaluj malwarebytes:
script pre OTM-log vloz sem

Kód: Vybrat vše

:processes
explorer.exe

:files
C:\Documents and Settings\Karolinka Nováková\Data aplikací\winsvrcn.exe
C:\WINDOWS\Ohiqya.exe
C:\Documents and Settings\Karolinka Nováková\Data aplikací\avdrn.dat
C:\WINDOWS\system32\config\systemprofile\Data aplikací\fvgqad.dat
C:\WINDOWS\system32\sshnas21.dll 
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas]
:services
SSHNAS
:commands
[emptytemp]
[start explorer]
[Reboot]

[j.novis]

bohužel jsem si tvůj poslední příspěvek přečetl pozdě a celé jsem to zopakoval.Tady je výpis.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4316

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

15.7.2010 19:31:49
mbam-log-2010-07-15 (19-31-49).txt

Typ skenu: Rychlý sken
Skenované objekty: 127825
Uplynulý čas: 6 minuta(y), 16 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 7

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\Karolinka Nováková\Data aplikací\winsvrcn.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Ohiqya.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karolinka Nováková\Data aplikací\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

[j.novis]

Porad, kam malwaresbytes ukládá po restartování ten log, co sem mám vložit? Nemohu ho najít.
Díky

[stell]

Vsak si uz vlozil,,log,,takze pokracuj combofixom.