MBAM opakovane hlasi Hijack.WindowsUpdates

[vyosek]

Prostudujte a pripadne tam mate i odkaz na detailni postup vc. obrazku

[destilator]

ComboFix 10-11-18.05 - Administrator . 11. 2010 20:54:11.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.308 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spy Emergency *enabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\hpe2E1.dll
c:\documents and settings\All Users\Application Data\hpe494.dll
c:\documents and settings\All Users\Application Data\hpeEA.dll

.
((((((((((((((((((((((((( Files Created from 2010-10-19 to 2010-11-19 )))))))))))))))))))))))))))))))
.

2010-11-19 19:26 . 2010-11-19 19:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-11-19 19:26 . 2010-11-19 19:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-11-19 19:21 . 2010-11-19 19:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-11-19 19:18 . 2010-11-19 19:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ulead Systems
2010-11-19 19:18 . 2010-11-19 19:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2010-11-19 19:17 . 2010-11-19 19:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-11-19 16:44 . 2010-11-19 16:45 -------- d-----w- c:\program files\trend micro
2010-11-19 16:44 . 2010-11-19 16:45 -------- d-----w- C:\rsit
2010-11-19 16:35 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-19 16:35 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-19 16:35 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-19 16:35 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-19 16:35 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-19 16:35 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-19 16:35 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-19 16:34 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-19 16:34 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-19 16:34 . 2010-11-19 16:34 -------- d-----w- c:\program files\Alwil Software
2010-11-19 16:34 . 2010-11-19 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-19 15:42 . 2010-11-19 15:51 48 ----a-w- c:\windows\rafazon.bat
2010-11-19 15:42 . 2010-02-02 13:33 40 ----a-w- C:\james.bat
2010-11-19 15:42 . 2010-11-19 15:51 -------- d---a-w- C:\rafazon
2010-11-02 10:45 . 2010-11-02 10:45 -------- d-----w- c:\program files\Common Files\Java
2010-11-02 10:44 . 2010-09-15 03:50 472808 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-07 21:36 . 2010-09-20 13:18 86016 ----a-w- c:\windows\DUMP2da7.tmp
2010-11-07 21:34 . 2010-09-20 13:18 86016 ----a-w- c:\windows\DUMP2fab.tmp
2010-11-07 21:33 . 2010-09-20 13:18 86016 ----a-w- c:\windows\DUMP566d.tmp
2010-11-07 21:31 . 2010-09-20 13:18 86016 ----a-w- c:\windows\DUMP53ad.tmp
2010-11-07 21:30 . 2010-09-20 13:18 86016 ----a-w- c:\windows\DUMP50a0.tmp
2010-09-15 01:29 . 2009-11-25 08:32 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-14 19:25 . 2010-09-14 19:25 1409 ----a-w- c:\windows\QTFont.for
2001-07-22 19:29 . 2008-02-26 20:31 351744 ----a-w- c:\program files\Salamander.exe
1998-06-17 12:42 . 2010-01-26 08:17 602624 ----a-w- c:\program files\w95sstv.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bitmeter2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bitmeter2.lnk
backup=c:\windows\pss\Bitmeter2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Topcom Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Topcom Wireless LAN Utility.lnk
backup=c:\windows\pss\Topcom Wireless LAN Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-03 22:56 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-09-20 08:51 1836328 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2000-06-26 15:22 905216 ----a-r- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-19 19:16 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 21:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2007-05-10 11:18 835584 ----a-w- c:\windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-06-18 08:31 67584 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
2009-10-19 11:40 1948216 ----a-w- c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-04-21 07:32 270336 ----a-w- c:\windows\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
2006-08-09 13:27 36864 ------w- c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"wuauserv"=2 (0x2)
"SpyEmrgSrv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson PC Suite\\SEPCSuite.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19. 11. 2010 17:35 165584]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys [14. 11. 2009 13:15 12344]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19. 11. 2010 17:35 17744]
R2 OkiPar;OkiPar;c:\windows\system32\drivers\OkiPar.Sys [2. 10. 2001 10:54 40192]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [25. 9. 2009 16:10 27632]
S1 456f9f9e;456f9f9e;c:\windows\system32\drivers\456f9f9e.sys [4. 4. 2009 19:21 0]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19. 11. 2010 20:20 135664]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [7. 10. 2010 7:13 90112]
S2 xwoarh;xwoarh;\??\c:\windows\system32\Drivers\xwoarh.sys --> c:\windows\system32\Drivers\xwoarh.sys [?]
S3 FlarionDTM;Flarion DTM Network Interface;c:\windows\system32\drivers\FlrnDTM.sys [4. 12. 2008 18:33 24706]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [27. 2. 2010 13:17 19034]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [31. 7. 2009 18:24 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [31. 7. 2009 18:24 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [31. 7. 2009 18:24 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [31. 7. 2009 18:24 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [31. 7. 2009 18:24 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [31. 7. 2009 18:24 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [31. 7. 2009 18:24 109736]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [4. 12. 2008 22:31 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [4. 12. 2008 22:34 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [4. 12. 2008 22:34 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [4. 12. 2008 22:38 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [4. 12. 2008 22:45 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [4. 12. 2008 22:37 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [4. 12. 2008 22:40 110120]
S3 se26nd3;Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS);c:\windows\system32\drivers\se26nd3.sys [14. 11. 2009 13:52 18208]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\drivers\spyemrg_access.sys [14. 11. 2009 13:15 18232]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\drivers\spyemrg_guard.sys [14. 11. 2009 13:15 14392]
S4 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [14. 11. 2009 13:15 1817144]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GUPDATE
.
Contents of the 'Scheduled Tasks' folder

2010-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2010-06-14 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8268390001.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]

2010-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-19 19:20]

2010-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-19 19:20]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {DE0F6CE3-562F-4790-A186-468AE3F02BA4} = 194.154.230.80,195.91.78.80
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-xwoarh
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-FixCamera - c:\windows\FixCamera.exe
MSConfigStartUp-NvMediaCenter - c:\windows\system32\NvMcTray.dll
MSConfigStartUp-nwiz - nwiz.exe
AddRemove-Totalcmd - c:\totalcmd\tcuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-19 21:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-11-19 21:03:19
ComboFix-quarantined-files.txt 2010-11-19 20:03

Pre-Run: 3 516 194 816 bytes free
Post-Run: 3 552 362 496 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 12E9663C06909CBA42C346BCF48CFA23

[destilator]

tak sa mi to konecne podarilo

[vyosek]

Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu

• Do okna vlozte skript nize

• Kód: Vybrat vše

  :reg
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ImagePath
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ImagePath

• Kliknete na Look
• Tlacitko Look se zmeni na Scanning a zsedne
• Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
• Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

[destilator]

SystemLook 04.09.10 by jpshortstuff
Log created at 21:55 on 19/11/2010 by Admin
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ImagePath]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ImagePath]
(Unable to open key - key not found)

-= EOF =-

[destilator]

ja by som sa chcel spytat co to znamenalo ze som mal v tom registri zmenene slovo system na fystem. to bol virus?

[destilator]

spustil som malware bytes a uz je to oukej. velmi pekne vam dakujem. a prispevok pride cez paypal. pozeral som to a asi platba v eurach nepojde, lebo mi to tam vyhodilo hned ceske koruny. nebol som si isty ci to robim dobre, lebo stranka je po angl. netovy prehliadac chrom ich niekedy prelozi, ale vacsinou nie. a v korunach som platbu este nerobil.
tak este raz velmi pekne dakujem a vyrovname sa cez paypal.
a este: ne fore mi automaticky nenacita novy prispevok. musim stranku zavriet a potom znova otvorit. mozno mam zlé nastavenia.

tak zatial.
dakujem.

[vyosek]

Jeste jeden skript pro SystemLook at to overime, zda je to OK

Kód: Vybrat vše

:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv /sub
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS /sub

ano prave tohle dela havet ze meni F za S a pote nefunguji automaticke aktualizace

[destilator]

Log created at 11:16 on 20/11/2010 by Admin
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"Type"= 0x0000000020 (32)
"Start"= 0x0000000004 (4)
"ErrorControl"= 0x0000000001 (1)
"ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs"
"DisplayName"="Automatic Updates"
"ObjectName"="LocalSystem"
"Description"="Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters]
"ServiceDll"="C:\WINDOWS\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security]
"Security"=01 00 14 80 90 00 00 00 9c 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum]
"0"="Root\LEGACY_WUAUSERV\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
"Type"= 0x0000000020 (32)
"Start"= 0x0000000003 (3)
"ErrorControl"= 0x0000000001 (1)
"ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs"
"DisplayName"="Background Intelligent Transfer Service"
"DependOnService"="RpcSs"
"DependOnGroup"=" "
"ObjectName"="LocalSystem"
"Description"="Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly."
"FailureActions"=00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 e3 0c 00 01 00 00 00 60 ea 00 00 01 00 00 00 60 ea 00 00 01 00 00 00 60 ea 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters]
"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security]
"Security"=01 00 14 80 90 00 00 00 9c 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum]
"0"="Root\LEGACY_BITS\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)


-= EOF =-

[vyosek]

Odinstalujte Combofix

• Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
• Napiste ComboFix /Uninstall
• Stisknete Enter
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Havet se usadila v bodech obnoveni - smazte je dle navodu kolegy riffa http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

MBAM muzete odinstalovat nebo nechat na obcasny sken - v pripade nalezu velmi doporucuji dat sem log na posouzeni, at si neodstrelite neco legitimniho

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u google toolbaru
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Dejte novy log z RSIT a napiste jak se chova PC, ci je v poradku

[destilator]

oukej idem nato, len by som chcel presne informacie ako platit cez paypal. koli tomu aby som daco neposahal
dakujem

[vyosek]

Ja PayPal nevyuzivam, ale snad Vam bude stacit navod co mame zde na foru

Ti z vás, kteří se rozhodnou podpořit team fóra viry.cz prostřednictvím PayPalu, tak mohou učinit 2 způsoby:

kliknutím na , volbou libovolné částky a zadáním svého nicku do zprávy pro příjemce

přihlášením na svůj paypal účet, zasláním libovolné částky na email podporte@forum.viry.cz a následným posláním potvrzujícího e-mailu (obsahujícího váš nick na fóru a zaslanou částku) na iwi@forum.viry.cz

Pro ty z vás, kteří se rozhodnou podpořit team fóra viry.cz prostřednictvím Paypalu částkou přesahující 100 Kč, jsme připravili malé překvapení - jednou za čtvrt roku bude jeden z vás vylosován a obdrží hodnotný dárek.

Poslete pak pripadne mail nasi siteadmince iwi iwi@forum.viry.cz ze jste prispeli (neopomente Vas nick zde)

[destilator]

ten subor combofix/uninstall mi nemoze najst-

[vyosek]

Tak to preskocte a pokracujte T-Cleanerem, ted by to mel smaznout tez...

[destilator]

tak sa mi to snad podarilo cez ten paypal , mohol by som aj ja dostat nejaku spravu ci ste dostali tie peniaze? platba bola uskutocnena v eurach