Zavirovaný počítač + nefunguje antivir a spyboty

[Alik123]

Zdravím vás, mám takový problém s PC. Dá se říct že docela veliký, zavirován je snad celý počítač. Všechno bylo na účtě mé dcery. Možná bych jí měl ten počítač zakázat. Nefunguje mi Avast a nelze mi stáhnout libovolný spybot, třeba ad-aware. Já fakt nevím, takže vám tu píšu. Dám sem i log z RSITu. Vážně moc vás prosím o pomoc, vím že to děláte ve svém volném čase. Děkuji.

Logfile of random's system information tool 1.09 (written by random/random)
Run by janinka at 2012-11-25 22:08:54
Microsoft® Windows Vista™ Home Premium
System drive C: has 37 GB (24%) free of 153 GB
Total RAM: 2430 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:09:07, on 25.11.2012
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Users\janinka\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\janinka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janinka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janinka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janinka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janinka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janinka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janinka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janinka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janinka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\janinka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\janinka\Downloads\RSIT.exe
C:\Program Files\trend micro\janinka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: (no name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\janinka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [{1139EFC0-BE55-AD7E-A59D-F662B397D57F}] C:\Users\janinka\AppData\Roaming\Pyit\fyaxib.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CCC.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: syshost32 - Unknown owner - C:\Windows\Installer\{43C935EF-6C57-ED24-7FC6-99275FB135A4}\syshost.exe (file missing)

--
End of file - 7804 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1002Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1002UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1003UA.job
C:\Windows\tasks\User_Feed_Synchronization-{F6830C7D-D421-4152-A500-D93C44754944}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - c:\program files\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-11-25 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17 3855520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll [2012-11-25 1002992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-11-25 192144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2010-01-10 1006264]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
""= []
"EfficientDiary"= []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]
"Google Update"=C:\Users\janinka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03 136176]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-02-29 17151624]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
"{1139EFC0-BE55-AD7E-A59D-F662B397D57F}"=C:\Users\janinka\AppData\Roaming\Pyit\fyaxib.exe [2009-12-19 399360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2012-11-25 39408]

C:\Users\janinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.ac3filter"=ac3filter.acm

======List of files/folders created in the last 1 month======

2012-11-25 22:08:55 ----D---- C:\Program Files\trend micro
2012-11-25 22:08:54 ----D---- C:\rsit
2012-11-25 21:53:21 ----D---- C:\Users\janinka\AppData\Roaming\Google
2012-11-25 19:37:07 ----D---- C:\ProgramData\Google
2012-11-25 19:36:24 ----D---- C:\Program Files\Google
2012-11-25 19:36:21 ----A---- C:\Windows\system32\drivers\aswSP.sys
2012-11-25 19:36:21 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2012-11-25 19:36:12 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2012-11-25 19:36:11 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2012-11-25 19:36:10 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2012-11-25 19:36:07 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2012-11-25 19:35:06 ----A---- C:\Windows\avastSS.scr
2012-11-25 19:35:05 ----A---- C:\Windows\system32\aswBoot.exe
2012-11-25 19:34:33 ----D---- C:\ProgramData\AVAST Software
2012-11-25 19:34:33 ----D---- C:\Program Files\AVAST Software

======List of files/folders modified in the last 1 month======

2012-11-25 22:09:06 ----D---- C:\Windows\Temp
2012-11-25 22:08:55 ----D---- C:\Program Files
2012-11-25 21:48:03 ----SHD---- C:\Windows\Installer
2012-11-25 21:42:20 ----D---- C:\Windows\Prefetch
2012-11-25 19:46:11 ----A---- C:\Windows\ntbtlog.txt
2012-11-25 19:37:07 ----HD---- C:\ProgramData
2012-11-25 19:36:47 ----D---- C:\Windows\Tasks
2012-11-25 19:36:47 ----D---- C:\Windows\system32\Tasks
2012-11-25 19:36:21 ----D---- C:\Windows\system32\drivers
2012-11-25 19:35:55 ----D---- C:\Windows\winsxs
2012-11-25 19:35:06 ----D---- C:\Windows
2012-11-25 19:35:05 ----D---- C:\Windows\System32
2012-11-25 19:33:06 ----SHD---- C:\System Volume Information
2012-11-25 18:45:09 ----D---- C:\Windows\inf
2012-11-25 18:45:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-11-25 13:30:41 ----D---- C:\Windows\system32\catroot2
2012-10-26 17:12:30 ----D---- C:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 8192]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-15 239168]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2008-08-22 21638]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 2385920]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-24 50688]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-12-15 428088]
S1 AswRdr;aswRdr; C:\Windows\system32\drivers\AswRdr.sys [2012-10-30 35928]
S1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-10-30 738504]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-10-30 361032]
S1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-10-30 54232]
S2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
S2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 58680]
S3 amdiox86;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox86.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-12-25 47360]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 7168]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-02-02 565248]
R2 Crypkey License;Crypkey License; C:\Windows\system32\crypserv.exe [2008-05-08 122880]
R2 syshost32;syshost32; C:\Windows\Installer\{43C935EF-6C57-ED24-7FC6-99275FB135A4}\syshost.exe [2012-10-31 110147]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-25 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 250808]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-25 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-11-25 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Alik123]

Neběží ani jiné spyboty, při stáhnutí se ukáže že je to škodlivé, ale to je kravina.

[Alik123]

Mimochodem, jeste pred logem jsem delal avast cely test pocitace.. a kazdy soubor byl infikovan.. snad to pujde vyresit

[vyosek]

Zdravim

Dceruska se dala na chov konicku trojskych

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

)

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Alik123]

RKILL LOG

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/25/2012 11:06:36 PM in x86 mode.
Windows Version: Windows Vista (TM) Home Premium

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\system32\crypserv.exe (PID: 1768) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\System32\drivers\kbdclass.sys [NoSig]
+-> C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\kbdclass.sys : 35 384 : 01/19/2008 00:41 AM : 37605e0a8cf00cbba538e753e4344c6e [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\kbdclass.sys : 32 872 : 11/02/2006 00:49 AM : 1a48765f92ba1a88445fc25c9c9d94fc [Pos Repl]
+-> C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\kbdclass.sys : 35 384 : 01/15/2010 00:44 AM : b076b2ab806b3f696dab21375389101c [Pos Repl]
+-> C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\kbdclass.sys : 35 384 : 01/15/2010 00:44 AM : b076b2ab806b3f696dab21375389101c [Pos Repl]
+-> C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\kbdclass.sys : 35 384 : 01/15/2010 00:44 AM : c9b0cf786d5f151a43c7be8e243f2819 [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 11/25/2012 11:08:13 PM
Execution time: 0 hours(s), 1 minute(s), and 37 seconds(s)


Ted jeste ten ComboFix

[vyosek]

Jop, soupnete tam ComboFix

[Alik123]

Takze, sice mi pri startu jakekoliv aplikace pise neco ohledne registru, kazdopadne jsem to udelal v nouzaku (ne ten scan combofixu, ale vkladani logu sem na forum.viry , kde ze zacatku asi kazdou půlminutu blikla obrazovka, ale to je zrejme po Combofixu, jeste jsem nezkousel po restartu Combofixu udělat jeste jeden restart.. kazdopadne, zde je log combofixu (uz to neblika)

ComboFix 12-11-25.01 - janinka 25.11.2012 23:15:50.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.2430.1539 [GMT 1:00]
Spuštěný z: c:\users\janinka\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\janinka\AppData\Roaming\Pyit
c:\users\janinka\AppData\Roaming\Pyit\fyaxib.exe
c:\users\Nikolka\AppData\Roaming\1026.exe
c:\users\Nikolka\AppData\Roaming\141E.exe
c:\users\Nikolka\AppData\Roaming\1B1E.exe
c:\users\Nikolka\AppData\Roaming\3489.exe
c:\users\Nikolka\AppData\Roaming\350D.exe
c:\users\Nikolka\AppData\Roaming\3F32.exe
c:\users\Nikolka\AppData\Roaming\42CB.exe
c:\users\Nikolka\AppData\Roaming\4652.exe
c:\users\Nikolka\AppData\Roaming\618.exe
c:\users\Nikolka\AppData\Roaming\7008.exe
c:\users\Nikolka\AppData\Roaming\A2A8.exe
c:\users\Nikolka\AppData\Roaming\A43A.exe
c:\users\Nikolka\AppData\Roaming\A8BC.exe
c:\users\Nikolka\AppData\Roaming\B889.exe
c:\users\Nikolka\AppData\Roaming\C3DA.exe
c:\users\Nikolka\AppData\Roaming\C707.exe
c:\users\Nikolka\AppData\Roaming\CC6D.exe
c:\users\Nikolka\AppData\Roaming\E81C.exe
c:\users\Nikolka\AppData\Roaming\E84B.exe
c:\users\Nikolka\AppData\Roaming\explorer.exe
c:\users\Nikolka\AppData\Roaming\FAE8.exe
c:\users\Nikolka\AppData\Roaming\FEE9.exe
c:\users\Nikolka\AppData\Roaming\Raba
c:\users\Nikolka\AppData\Roaming\Raba\lemuy.exe
c:\users\Nikolka\neazoggeavof.exe
c:\users\Nikolka\rusqocfiqbiz.exe
c:\windows\_detmp.2
c:\windows\system32\drivers\ad6502ee7c5d851.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_syshost32
-------\Legacy_ad6502ee7c5d851
-------\Service_ad6502ee7c5d851
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-25 do 2012-11-25 )))))))))))))))))))))))))))))))
.
.
2012-11-25 22:25 . 2012-11-25 22:31 -------- d-----w- c:\users\janinka\AppData\Local\temp
2012-11-25 22:25 . 2012-11-25 22:25 -------- d-----w- c:\users\Nikolka\AppData\Local\temp
2012-11-25 22:25 . 2012-11-25 22:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-25 21:08 . 2012-11-25 21:09 -------- d-----w- c:\program files\trend micro
2012-11-25 21:08 . 2012-11-25 21:09 -------- d-----w- C:\rsit
2012-11-25 18:36 . 2012-11-25 18:37 -------- d-----w- c:\program files\Google
2012-11-25 18:36 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-25 18:36 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-25 18:36 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-11-25 18:36 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-25 18:36 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-25 18:36 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-25 18:35 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-25 18:35 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-25 18:34 . 2012-11-25 18:34 -------- d-----w- c:\programdata\AVAST Software
2012-11-25 18:34 . 2012-11-25 18:34 -------- d-----w- c:\program files\AVAST Software
2012-11-12 14:41 . 2012-11-12 14:41 98304 ----a-w- c:\users\Nikolka\AppData\Roaming\CF9D.exe
2012-10-30 16:45 . 2012-10-30 16:45 61440 ----a-w- c:\users\Nikolka\AppData\Roaming\DC2B.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 05:56 . 2012-10-19 13:38 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45A94999-AD70-4252-9C89-1BC7A0A5B5A6}\mpengine.dll
2012-10-11 14:43 . 2012-08-03 22:51 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-11 14:43 . 2011-11-29 10:15 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17151624]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\janinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSNX
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 14:43]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-25 18:36]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-25 18:36]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1000Core.job
- c:\users\janinka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03 16:20]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1000UA.job
- c:\users\janinka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03 16:20]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1002Core.job
- c:\users\Nikolka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-17 12:55]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1002UA.job
- c:\users\Nikolka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-17 12:55]
.
2012-11-25 c:\windows\Tasks\User_Feed_Synchronization-{F6830C7D-D421-4152-A500-D93C44754944}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 10.0.0.138 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-{1139EFC0-BE55-AD7E-A59D-F662B397D57F} - c:\users\janinka\AppData\Roaming\Pyit\fyaxib.exe
HKLM-Run-EfficientDiary - (no file)
AddRemove-Adobe Acrobat 5.0 - c:\program files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-25 23:30
Windows 6.0.6000 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\crypserv.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2012-11-25 23:37:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-25 22:37
.
Před spuštěním: Volných bajtů: 39 903 301 632
Po spuštění: Volných bajtů: 42 394 742 784
.
- - End Of File - - 8755F9444B02E56948E470E4D920A3D7

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Collect::
  c:\users\Nikolka\AppData\Roaming\CF9D.exe
  c:\users\Nikolka\AppData\Roaming\DC2B.exe
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  "Skype"=-
  "WMPNSCFG"=-
  "swg"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "NeroFilterCheck"=-
  "SunJavaUpdateSched"=-
  
  File::
  c:\users\janinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk
  C:\Windows\tasks\Adobe Flash Player Updater.job
  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1000Core.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1000UA.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1002Core.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1002UA.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1003Core.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1003UA.job
  C:\Windows\tasks\User_Feed_Synchronization-{F6830C7D-D421-4152-A500-D93C44754944}.job
  
  Driver::
  gupdate
  gupdatem
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Alik123]

Dobrá, už to nebliká ani nezobrazuje tu hlášku (stačil restart)
Combofix píše za 10 minut, takže to tu bude zhruba za 15 minut Snad jsem to udělal dobře.

[vyosek]

OK, pockam si na log

[Alik123]

Nuže, log vytvořen.. po restartu jsem nevěděl kde se nachází. Můžu se zeptat kde se ten log nachází?

[vyosek]

Mel by byt c:\combofix

[Alik123]

ComboFix 12-11-25.01 - janinka 26.11.2012 0:14.2.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.2430.1673 [GMT 1:00]
Spuštěný z: c:\users\janinka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\janinka\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\users\janinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk"
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1000UA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1002Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1002UA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1003Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1003UA.job"
"c:\windows\tasks\User_Feed_Synchronization-{F6830C7D-D421-4152-A500-D93C44754944}.job"
.
file zipped: c:\users\Nikolka\AppData\Roaming\CF9D.exe
file zipped: c:\users\Nikolka\AppData\Roaming\DC2B.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nikolka\AppData\Roaming\CF9D.exe
c:\users\Nikolka\AppData\Roaming\DC2B.exe
c:\windows\Installer\{43C935EF-6C57-ED24-7FC6-99275FB135A4}\syshost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-25 do 2012-11-25 )))))))))))))))))))))))))))))))
.
.
2012-11-25 23:24 . 2012-11-25 23:27 -------- d-----w- c:\users\janinka\AppData\Local\temp
2012-11-25 23:24 . 2012-11-25 23:24 -------- d-----w- c:\users\Nikolka\AppData\Local\temp
2012-11-25 23:24 . 2012-11-25 23:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-25 22:38 . 2012-11-25 22:38 -------- d-----w- C:\7fb2c2fa7289d6fe17cc04a9d65a712f
2012-11-25 21:08 . 2012-11-25 21:09 -------- d-----w- c:\program files\trend micro
2012-11-25 21:08 . 2012-11-25 21:09 -------- d-----w- C:\rsit
2012-11-25 18:36 . 2012-11-25 18:37 -------- d-----w- c:\program files\Google
2012-11-25 18:36 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-25 18:36 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-25 18:36 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-11-25 18:36 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-25 18:36 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-25 18:36 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-25 18:35 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-25 18:35 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-25 18:34 . 2012-11-25 18:34 -------- d-----w- c:\programdata\AVAST Software
2012-11-25 18:34 . 2012-11-25 18:34 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 05:56 . 2012-10-19 13:38 6918632 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{45A94999-AD70-4252-9C89-1BC7A0A5B5A6}\mpengine.dll
2012-10-11 14:43 . 2012-08-03 22:51 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-11 14:43 . 2011-11-29 10:15 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\janinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 14:43]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-25 18:36]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-25 18:36]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1000Core.job
- c:\users\janinka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03 16:20]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1000UA.job
- c:\users\janinka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03 16:20]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1002Core.job
- c:\users\Nikolka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-17 12:55]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1731411610-1376764437-1454295667-1002UA.job
- c:\users\Nikolka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-17 12:55]
.
2012-11-25 c:\windows\Tasks\User_Feed_Synchronization-{F6830C7D-D421-4152-A500-D93C44754944}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 10.0.0.138 192.168.1.1
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\crypserv.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-11-26 00:32:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-25 23:31
ComboFix2.txt 2012-11-25 22:37
.
Před spuštěním: Volných bajtů: 42 396 254 208
Po spuštění: Volných bajtů: 42 504 159 232
.
- - End Of File - - 4454D1785FF8279FF099E646F12B12AE
Nahr nˇ probŘhlo ŁspŘçnŘ


Ok, tady je

[Alik123]

Jo a Avast funguje v pořádku.

[vyosek]

Fajn, jeste nejake drobnosti

Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :files
  c:\windows\Tasks\*.job
  c:\users\Nikolka\AppData\Roaming\*.exe
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte