VIRY.CZ

Tak otestujte ještě tyto dva, ať mám klid na duši
C:\Honza\download\BPSSR.EXE
C:\Honza\download\hfs.exe

Soubory ve složce download jste si tam stahoval sám, víte o nich?

Přesně tak
Sou OK

Tak smažte vše, mimo ty dva

Oki, normálně po jedno v průzkumníku a regeditu?
A nebo v MBAM (tam nevidim kde, to musím dát znova skenovat?)?

Pokud jste mbam vypnul, tak ano.
Jinak to můžu smazat v OTL,a le až ráno, teď už na to nevidím

5íkal sem si , že zkusím jestli avast5 odhalí něco z toho co našel MBAM.
Zkusil sem pouze rychlí test a našel sem (avast) něco co mbam ne
http://www.virustotal.com/file-scan/rep ... 1281661004
Dobrý úlovek ne?
Smazat?

Ano, skvělý ulovek, smazat.
Jsem Vám psala, že máte nejspíš počítač prošpikovaný havětí, protože nechcete combofix, budeme muset použít víc skenerů.

Mbam je antispyware,Avast je antivir..proto každý může najít něco jiného.

Poprosím o ten log z OTL.

LOG znovu poslán přes PM

Spustte OTL
-do bílého okna dole skopírujte tento skript:
-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde



Dejte soubor otestovat na http://www.virustotal.com

C:\Documents and Settings\AzNoH\Plocha\dg9_9_6\bin\dg9_9_6.exe
C:\WINDOWS\system32\imdsksvc.exe
C:\WINDOWS\system32\drivers\awealloc.sys
C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
C:\Program Files\Mozilla Firefox\plugins\npdevalvr_.dll
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\PowerStrip\PStrip.exe

-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače



Tuto složku znáte?
C:\Documents and Settings\NetworkService\Data aplikací\gnupg

To fialové je čisté.
Ten restart udělám až půjdu spát

A tu složku znáte?

Jediné z toho fialového co nevím co je je tohle:
C:\WINDOWS\system32\drivers\awealloc.sys


All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_USERS\S-1-5-21-515967899-616249376-725345543-1013\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_USERS\S-1-5-21-515967899-616249376-725345543-1013\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
Registry value HKEY_USERS\S-1-5-21-515967899-616249376-725345543-1013\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\SET320.tmp moved successfully.
C:\WINDOWS\system32\SET2CA.tmp moved successfully.
C:\WINDOWS\system32\SET2D6.tmp moved successfully.
C:\WINDOWS\system32\SET24E.tmp moved successfully.
C:\WINDOWS\system32\SET24F.tmp moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\003390_.tmp moved successfully.
C:\WINDOWS\DUMP4c4b.tmp moved successfully.
C:\WINDOWS\DUMP3c3f.tmp moved successfully.
C:\WINDOWS\DUMP6ab1.tmp moved successfully.
C:\WINDOWS\NV36682252.TMP folder moved successfully.
C:\WINDOWS\DUMP514c.tmp moved successfully.
C:\WINDOWS\000002_.tmp moved successfully.
C:\WINDOWS\000001_.tmp moved successfully.
C:\WINDOWS\DUMP3901.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP56.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3AC.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP247.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC1.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2B0.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI1.tmp moved successfully.
C:\WINDOWS\Installer\MSI366.tmp moved successfully.
C:\WINDOWS\Installer\MSI27.tmp moved successfully.
C:\WINDOWS\Installer\MSI2.tmp moved successfully.
C:\WINDOWS\Installer\MSI38.tmp moved successfully.
C:\WINDOWS\Installer\MSI3F.tmp moved successfully.
C:\WINDOWS\Installer\MSI2F.tmp moved successfully.
C:\WINDOWS\Installer\MSI36.tmp moved successfully.
C:\WINDOWS\Installer\MSI7CD.tmp moved successfully.
C:\WINDOWS\Installer\MSI7E0.tmp moved successfully.
C:\WINDOWS\Installer\MSI30.tmp moved successfully.
C:\WINDOWS\Installer\MSIB8.tmp moved successfully.
C:\WINDOWS\Installer\MSIB9.tmp moved successfully.
C:\WINDOWS\Installer\MSID.tmp moved successfully.
C:\WINDOWS\Installer\MSI16.tmp moved successfully.
C:\WINDOWS\Installer\MSICA.tmp moved successfully.
C:\WINDOWS\Installer\MSI6.tmp moved successfully.
C:\WINDOWS\Installer\MSIF.tmp moved successfully.
C:\WINDOWS\Installer\MSI4.tmp moved successfully.
C:\WINDOWS\Installer\MSIE.tmp moved successfully.
C:\WINDOWS\Installer\MSIF4.tmp moved successfully.
C:\WINDOWS\Installer\MSI109.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33412 bytes

User: Honza
->Temp folder emptied: 2453 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 15889843 bytes
->FireFox cache emptied: 7740975 bytes
->Flash cache emptied: 6251 bytes

User: Jarda
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 555964 bytes
->FireFox cache emptied: 2124413 bytes
->Flash cache emptied: 675 bytes

User: Věra
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 285512 bytes
->FireFox cache emptied: 6448688 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 671075 bytes
->Flash cache emptied: 539 bytes

User: VIR
->Temp folder emptied: 14739 bytes
->Temporary Internet Files folder emptied: 38745 bytes
->Java cache emptied: 2571534 bytes
->FireFox cache emptied: 15697054 bytes
->Flash cache emptied: 6357 bytes

User: AzNoH
->Temp folder emptied: 158760701 bytes
->Temporary Internet Files folder emptied: 92871703 bytes
->Java cache emptied: 6118712 bytes
->FireFox cache emptied: 46987654 bytes
->Opera cache emptied: 11123913 bytes
->Flash cache emptied: 135113 bytes

User: jaroslav
->Temp folder emptied: 525334 bytes
->Temporary Internet Files folder emptied: 132556678 bytes
->Java cache emptied: 38731346 bytes
->FireFox cache emptied: 109283382 bytes
->Flash cache emptied: 6482 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Pokus
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: eMule_Secure
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: verunka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 285512 bytes
->FireFox cache emptied: 43585630 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49600 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 502336 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2311848634 bytes

Total Files Cleaned = 2 866,00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService

User: Honza
->Flash cache emptied: 0 bytes

User: Jarda
->Flash cache emptied: 0 bytes

User: Věra

User: Administrator
->Flash cache emptied: 0 bytes

User: VIR
->Flash cache emptied: 0 bytes

User: AzNoH
->Flash cache emptied: 0 bytes

User: jaroslav
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

User: Pokus

User: eMule_Secure

User: verunka
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08172010_090758

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

A na virustotalu byl ten soubor ok?
Dělali sjme už Avptool?
Jak to vypadá s počítačem?

j, podle vt je čistý.

Avptool sme nedělali.

PC se zdá ok, jediný co, tak zmizela možnost v nastavení plochy "web" a chybí takové ty "activedesktop" funkce, ale původní plochu sem tam nějak už dostal
Také se trošku déle přihlašuje uživatel, ale to dělalo už i dříve a přičítám to mnoha leté době instalace windows a velkému množství aplikací a hrátek s rozmanitým HW s pochybnými ovladači

Provedl ten OLT skript něco krom promazání tempu?

Ani ne .
Comobif by lecos opravil,a le ten odmítáte .

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky