VIRY.CZ

ahoj,
několikrát jsem proskenovala Avastem celý počítač. někdy mi to našlo vir, dala jsem ho do truhly a pak smazat. vypadalo to, že je to v pořádku. v poslední době vyjíždí varování o viru i klidne desetkrat (např. Win32:Rootkit-gen [Rtk]) za sebou a to i po opětovném smazání. Jakým způsobem mam ty viry odstranit a šlo by zjistit, jestli stále nějaké viry v počítači jsou?
Další problém je s řízením uživatelských účtů- nevím, jestli to souvisí s viry.. Každopádně když dám zapnout řízení účtů, tak se to potvrdí ok a po chvíli se to samo přepne do režimu vypnuto a pořád vyjíždí tabulka na povolení nebo stornování přístupu k programu - nejčastěji wmpscfgs.exe

díky za pomoc. aneta

zdravim
no vyzera to tak ,ze pc mas tazko infikovane,vloz sem prosim log z RSIT
Stiahnes>>RSIT >>logy vloz sem,

Logfile of random's system information tool 1.06 (written by random/random)
Run by Marta at 2010-04-10 14:16:41
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 104 GB (68%) free of 153 GB
Total RAM: 3036 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17:23, on 10.4.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program files\P4G\BatteryLife.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Marta\Downloads\RSIT.exe
C:\Program Files\trend micro\Marta.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: app_dll.dll
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe

--
End of file - 5834 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-04 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-05 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2009-07-02 2215960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_0.dll [2009-07-02 2215960]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-04 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2008-07-19 104936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-14 210216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
C:\Windows\INSTAL~1\{567C6~1\_71A97~1.EXE [2009-07-24 12862]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="app_dll.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 210432]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{510c4300-9e00-11de-a8a6-00261889f034}]
shell\AutoRun\command - GROMOVI///motoriii.exe
shell\open\command - GROMOVI///motoriii.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b386e905-efba-11de-8da4-00261889f034}]
shell\AutoRun\command - MUSHKARCI///nesme.exe
shell\open\command - MUSHKARCI///nesme.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f44ef2a5-a1c0-11de-8a83-00261889f034}]
shell\AutoRun\command - F:\yorazh.exe
shell\explore\command - F:\yorazh.exe
shell\open\command - F:\yorazh.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-04-10 14:16:42 ----D---- C:\Program Files\trend micro
2010-04-10 14:16:41 ----D---- C:\rsit
2010-04-10 10:59:18 ----D---- C:\Users\Marta\AppData\Roaming\IObit
2010-04-10 10:59:18 ----D---- C:\Program Files\IObit
2010-04-10 01:07:19 ----A---- C:\Windows\ATKPF.ini
2010-04-10 00:35:20 ----SHD---- C:\Windows\system32\%APPDATA%
2010-03-31 19:16:11 ----A---- C:\Windows\system32\mshtml.dll
2010-03-31 19:16:10 ----A---- C:\Windows\system32\ieframe.dll
2010-03-31 19:16:09 ----A---- C:\Windows\system32\wininet.dll
2010-03-31 19:16:09 ----A---- C:\Windows\system32\urlmon.dll
2010-03-31 19:16:09 ----A---- C:\Windows\system32\iertutil.dll
2010-03-31 19:16:08 ----A---- C:\Windows\system32\occache.dll
2010-03-31 19:16:08 ----A---- C:\Windows\system32\mstime.dll
2010-03-31 19:16:08 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-31 19:16:08 ----A---- C:\Windows\system32\msfeeds.dll
2010-03-31 19:16:08 ----A---- C:\Windows\system32\jsproxy.dll
2010-03-31 19:16:08 ----A---- C:\Windows\system32\ieUnatt.exe
2010-03-31 19:16:08 ----A---- C:\Windows\system32\ieui.dll
2010-03-31 19:16:08 ----A---- C:\Windows\system32\iesysprep.dll
2010-03-31 19:16:08 ----A---- C:\Windows\system32\iepeers.dll
2010-03-31 19:16:08 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-31 19:16:07 ----A---- C:\Windows\system32\msfeedssync.exe
2010-03-31 19:16:07 ----A---- C:\Windows\system32\iesetup.dll
2010-03-31 19:16:07 ----A---- C:\Windows\system32\iernonce.dll
2010-03-31 19:16:07 ----A---- C:\Windows\system32\ie4uinit.exe
2010-03-29 16:58:47 ----A---- C:\Windows\system32\browserchoice.exe
2010-03-19 17:42:17 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-19 17:42:15 ----A---- C:\Windows\system32\httpapi.dll
2010-03-13 10:46:19 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-03-13 10:46:19 ----A---- C:\Windows\system32\ntkrnlpa.exe

======List of files/folders modified in the last 1 months======

2010-04-10 14:16:59 ----D---- C:\Windows\Temp
2010-04-10 14:16:54 ----D---- C:\Windows\Prefetch
2010-04-10 14:16:42 ----RD---- C:\Program Files
2010-04-10 14:16:14 ----A---- C:\Windows\system32\rpcnetp.exe
2010-04-10 14:16:12 ----A---- C:\Windows\system32\rpcnet.dll
2010-04-10 14:15:34 ----D---- C:\Windows\System32
2010-04-10 14:15:34 ----D---- C:\Program Files\Internet Explorer
2010-04-10 14:14:39 ----SD---- C:\Users\Marta\AppData\Roaming\Microsoft
2010-04-10 14:14:30 ----D---- C:\Program Files\ICQ6.5
2010-04-10 13:27:33 ----D---- C:\Windows\inf
2010-04-10 13:27:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-10 13:23:54 ----D---- C:\Windows\Tasks
2010-04-10 13:19:24 ----D---- C:\Windows\system32\Tasks
2010-04-10 11:55:52 ----D---- C:\Windows
2010-04-10 11:55:03 ----D---- C:\Windows\system32\catroot2
2010-04-10 11:54:49 ----HD---- C:\ProgramData
2010-04-10 11:14:35 ----AD---- C:\ProgramData\Temp
2010-04-10 11:00:13 ----SHD---- C:\System Volume Information
2010-04-10 10:49:10 ----D---- C:\Windows\system32\LogFiles
2010-04-10 09:22:32 ----HD---- C:\Windows\system32\GroupPolicy
2010-04-10 00:40:55 ----D---- C:\Windows\Debug
2010-04-10 00:32:35 ----A---- C:\Windows\system32\acovcnt.exe
2010-04-09 23:36:00 ----D---- C:\Users\Marta\AppData\Roaming\icq
2010-04-09 23:36:00 ----D---- C:\Users\Marta\AppData\Roaming\ICQ
2010-04-09 14:58:45 ----D---- C:\Program Files\Adobe
2010-04-02 22:16:18 ----SHD---- C:\Windows\Installer
2010-04-01 11:01:28 ----D---- C:\Windows\system32\migration
2010-04-01 10:42:12 ----D---- C:\Windows\winsxs
2010-03-31 19:14:05 ----D---- C:\Windows\system32\catroot
2010-03-19 22:04:30 ----D---- C:\Program Files\Movie Maker
2010-03-19 22:04:29 ----D---- C:\Windows\system32\drivers
2010-03-19 22:04:29 ----D---- C:\Program Files\Windows Mail
2010-03-19 19:04:49 ----D---- C:\Windows\system32\WDI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-20 1093120]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-03-13 140800]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-11-03 13880]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-12-16 48128]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2008-12-24 14392]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-08-11 1752704]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound; C:\Windows\system32\drivers\srs_PremiumSound_i386.sys [2009-01-14 230952]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-03-20 984064]
S1 SRTSP;SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS []
S1 SRTSPX;SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS []
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 131000]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2008-08-14 100920]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 97432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\system32\rpcnet.exe [2009-09-06 56680]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-06 182768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

ano,mas tam kopec trojanov a mas infikovane aj USB-kluce
1:Pripoj USB-kluce-vsetky co pouzivas

-Stiahni na plochu UsbFix
-spust>>zvol Jazyk E-[enter]
-stlac 2-[enter]>po skane log vloz sem

############################## | UsbFix V6.101 |

User : Marta (Administrators) # MARTA-BOOK
Update on 08/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 14:30:06 | 10.4.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz
Microsoft® Windows Vista™ Home Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18904
Windows Firewall Status : Enabled

C:\ -> Local Fixed Disk # 149,04 Go (101,04 Go free) [VistaOS] # NTFS
D:\ -> Local Fixed Disk # 137,33 Go (137,28 Go free) [DATA] # NTFS
E:\ -> CD-ROM Disc # 3,76 Go (0 Mo free) [How I met 2] # CDFS
F:\ -> Removable Disk # 7,52 Go (464,88 Mo free) [DIESEL] # FAT32
G:\ -> Removable Disk # 1,95 Go (1,52 Go free) # FAT32
H:\ -> Removable Disk # 3,78 Go (1,6 Go free) [UDISK 2.0] # FAT32

################## | Files # Infected Folders |

Deleted ! C:\Users\Marta\csrss.exe
Deleted ! C:\Windows\Temp\wmpscfgs.exe
Deleted ! C:\Users\Marta\AppData\Local\Temp\812.exe
Deleted ! C:\Users\Marta\AppData\Local\Temp\iexplore.exe
Deleted ! C:\Program Files\internet explorer\js.mui
Deleted ! C:\$Recycle.Bin\S-1-5-21-1252829387-550349962-2538934461-1000
Deleted ! C:\Recycler\S-1-5-21-6916237276-5842970669-117405326-5643
Deleted ! D:\$Recycle.Bin\S-1-5-21-1252829387-550349962-2538934461-1000
Deleted ! D:\$Recycle.Bin\S-1-5-21-1252829387-550349962-2538934461-500
F:\autorun.inf -> Called file : "F:\UNUCI/junaci.exe" ( Found ! )
(!) Not deleted ! F:\UNUCI/junaci.exe
F:\autorun.inf -> Called file : "F:\UNUCI/junaci.exe" ( Found ! )
(!) Not deleted ! F:\UNUCI/junaci.exe
Deleted ! F:\autorun.inf
Deleted ! F:\driver\usb\Desktop.ini
Deleted ! F:\driver\usb
Deleted ! F:\driver
Deleted ! F:\NAUMI\desktop.ini
Deleted ! F:\NAUMI
Deleted ! F:\NEZOVIME\desktop.ini
Deleted ! F:\NEZOVIME
Deleted ! F:\POGRESHILI\desktop.ini
Deleted ! F:\POGRESHILI
Deleted ! F:\SVETEJEBLO\Desktop.ini
Deleted ! F:\SVETEJEBLO
Deleted ! F:\ZRNO\desktop.ini
Deleted ! F:\ZRNO\soli.exe
Deleted ! F:\ZRNO
G:\autorun.inf -> Called file : "G:\ZRNO//soli.exe" ( Found ! )
(!) Not deleted ! G:\ZRNO//soli.exe
G:\autorun.inf -> Called file : "G:\ZRNO//soli.exe" ( Found ! )
(!) Not deleted ! G:\ZRNO//soli.exe
Deleted ! G:\autorun.inf
Deleted ! G:\driver\usb\Desktop.ini
Deleted ! G:\driver\usb
Deleted ! G:\driver
Deleted ! G:\NAUMI\desktop.ini
Deleted ! G:\NAUMI\radil.exe
Deleted ! G:\NAUMI
Deleted ! G:\NEZOVIME\desktop.ini
Deleted ! G:\NEZOVIME\kadbiotisla.exe
Deleted ! G:\NEZOVIME
Deleted ! G:\POGRESHILI\desktop.ini
Deleted ! G:\POGRESHILI
Deleted ! G:\SVETEJEBLO\Desktop.ini
Deleted ! G:\SVETEJEBLO
Deleted ! G:\ZRNO\desktop.ini
Deleted ! G:\ZRNO\soli.exe
Deleted ! G:\ZRNO
H:\autorun.inf -> Called file : "H:\UNUCI/junaci.exe" ( Found ! )
(!) Not deleted ! H:\UNUCI/junaci.exe
H:\autorun.inf -> Called file : "H:\UNUCI/junaci.exe" ( Found ! )
(!) Not deleted ! H:\UNUCI/junaci.exe
Deleted ! H:\autorun.inf
Deleted ! H:\driver\usb\Desktop.ini
Deleted ! H:\driver\usb
Deleted ! H:\driver
Deleted ! H:\NAUMI\desktop.ini
Deleted ! H:\NAUMI\radil.exe
Deleted ! H:\NAUMI
Deleted ! H:\POGRESHILI\desktop.ini
Deleted ! H:\POGRESHILI\sudbinemi.exe
Deleted ! H:\POGRESHILI
Deleted ! H:\SVETEJEBLO\Desktop.ini
Deleted ! H:\SVETEJEBLO
Deleted ! H:\ZRNO\desktop.ini
Deleted ! H:\ZRNO\soli.exe
Deleted ! H:\ZRNO
Deleted ! C:\Users\Marta\AppData\Local\Temp\iexplore .exe
Deleted ! C:\Users\Marta\AppData\Roaming\Microsoft\vylizuti .exe

################## | Registry |

Deleted ! [HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\policies\System] "DisableRegistryTools"

################## | Mountpoints2 |

Deleted ! HKCU\...\Explorer\MountPoints2\{3cae8f4f-a6bd-11de-a44f-00261889f034}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{b386e905-efba-11de-8da4-00261889f034}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{f44ef2a5-a1c0-11de-8a83-00261889f034}\Shell\AutoRun\Command

################## | Listing of the present files |

[12.03.2009 04:11|--a------|23] C:\app3.LOG
[18.09.2006 23:43|--a------|24] C:\autoexec.bat
[11.04.2009 08:36|-rahs----|333257] C:\bootmgr
[04.04.2007 21:50|--a------|19] C:\CK21.txt
[18.09.2006 23:43|--a------|10] C:\config.sys
[24.07.2009 17:04|--a------|15853] C:\devlist.txt
[24.07.2009 04:01|--a------|853] C:\faclog.txt
[24.07.2009 17:04|--a------|9] C:\Finish.log
[07.06.2009 17:31|--a------|21] C:\Fix.log
[?|?|?] C:\hiberfil.sys
[24.07.2009 16:03|--a------|481] C:\igoogle_log.txt
[24.07.2009 16:31|--a------|21495808] C:\inject.log
[24.07.2009 16:31|--a------|18804762] C:\inject.log.txt
[05.12.2009 21:13|-rahs----|0] C:\IO.SYS
[17.03.2009 09:35|-rah-----|1048576] C:\K40IJ.BIN
[25.03.2009 14:58|--a------|13] C:\K40IJ_K50IJ_VISTA.10
[17.03.2009 09:40|-rah-----|1048576] C:\K50IJ.BIN
[05.12.2009 21:13|-rahs----|0] C:\MSDOS.SYS
[08.08.2008 09:22|--a------|30] C:\NERO.LOG
[07.01.2009 11:16|--a------|30] C:\NIS2009.TXT
[16.03.2007 01:18|--a------|25] C:\OFFICE2007_K.TXT
[?|?|?] C:\pagefile.sys
[24.07.2009 04:01|--a------|105] C:\Pass.txt
[04.06.2009 10:00|--a------|3412] C:\Patch.LOG
[16.01.2009 04:11|--a------|15] C:\READER_K.TXT
[25.03.2009 14:58|--a------|14] C:\RECOVERY.DAT
[24.07.2009 16:57|--a------|86] C:\setup.log
[14.05.2006 18:22|--a------|5] C:\store.log
[24.07.2009 15:44|--a------|170] C:\SumHidd.txt
[24.07.2009 15:43|--a------|98] C:\SumOS.txt
[10.04.2010 14:36|--a------|5626] C:\UsbFix.txt
[02.06.2009 13:11|--a------|24] C:\v55.txt
[09.02.2009 07:33|--a------|41] C:\WindowsLive_K.TXT
[07.02.2008 19:25|-r-------|183378636] E:\How I Met Your Mother [2x01] - Where Were We.avi
[07.02.2008 19:04|-r-------|30232] E:\How I Met Your Mother [2x01] - Where Were We.srt
[07.02.2008 19:28|-r-------|182934688] E:\How I Met Your Mother [2x02] - The Scorpion and the Toad.avi
[07.02.2008 19:05|-r-------|30979] E:\How I Met Your Mother [2x02] - The Scorpion and the Toad.srt
[07.02.2008 19:36|-r-------|183068672] E:\How I Met Your Mother [2x03] - Brunch.avi
[07.02.2008 19:06|-r-------|31815] E:\How I Met Your Mother [2x03] - Brunch.srt
[07.02.2008 19:33|-r-------|182833864] E:\How I Met Your Mother [2x04] - Ted Mosby-Architect.avi
[07.02.2008 19:07|-r-------|32745] E:\How I Met Your Mother [2x04] - Ted Mosby-Architect.srt
[07.02.2008 19:57|-r-------|183252992] E:\How I Met Your Mother [2x05] - World's Greatest Couple.avi
[07.02.2008 19:08|-r-------|31471] E:\How I Met Your Mother [2x05] - World's Greatest Couple.srt
[07.02.2008 19:42|-r-------|183456842] E:\How I Met Your Mother [2x06] - Aldrin Justice.avi
[07.02.2008 19:09|-r-------|31548] E:\How I Met Your Mother [2x06] - Aldrin Justice.srt
[07.02.2008 19:39|-r-------|183586816] E:\How I Met Your Mother [2x07] - Crazy Eyes_ Swarley.avi
[07.02.2008 19:10|-r-------|31578] E:\How I Met Your Mother [2x07] - Crazy Eyes_ Swarley.srt
[07.02.2008 19:38|-r-------|184094802] E:\How I Met Your Mother [2x08] - Atlantic City.avi
[07.02.2008 19:11|-r-------|30692] E:\How I Met Your Mother [2x08] - Atlantic City.srt
[07.02.2008 20:14|-r-------|184466364] E:\How I Met Your Mother [2x09] - Robin Sparkles_ Slap Bet.avi
[07.02.2008 19:14|-r-------|38025] E:\How I Met Your Mother [2x09] - Robin Sparkles_ Slap Bet.srt
[07.02.2008 19:41|-r-------|182949888] E:\How I Met Your Mother [2x10] - Single Stamina.avi
[07.02.2008 19:18|-r-------|23000] E:\How I Met Your Mother [2x10] - Single Stamina.srt
[07.02.2008 19:52|-r-------|183281286] E:\How I Met Your Mother [2x11] - How Lily Stole Christmas.avi
[07.02.2008 19:14|-r-------|34408] E:\How I Met Your Mother [2x11] - How Lily Stole Christmas.srt
[07.02.2008 19:56|-r-------|183919114] E:\How I Met Your Mother [2x12] - Frst Time in New York.avi
[07.02.2008 19:18|-r-------|33057] E:\How I Met Your Mother [2x12] - Frst Time in New York.srt
[07.02.2008 19:59|-r-------|182746974] E:\How I Met Your Mother [2x13] - Columns.avi
[07.02.2008 19:18|-r-------|32472] E:\How I Met Your Mother [2x13] - Columns.srt
[07.02.2008 20:16|-r-------|182896740] E:\How I Met Your Mother [2x14] - Monday Night Football.avi
[07.02.2008 19:18|-r-------|29508] E:\How I Met Your Mother [2x14] - Monday Night Football.srt
[07.02.2008 20:40|-r-------|182034432] E:\How I Met Your Mother [2x15] - Lucky Penny.avi
[07.02.2008 19:18|-r-------|29052] E:\How I Met Your Mother [2x15] - Lucky Penny.srt
[07.02.2008 20:08|-r-------|183564046] E:\How I Met Your Mother [2x16] - Stuff.avi
[07.02.2008 19:18|-r-------|30776] E:\How I Met Your Mother [2x16] - Stuff.srt
[07.02.2008 20:11|-r-------|183539962] E:\How I Met Your Mother [2x17] - Arivederci, Fiero.avi
[07.02.2008 19:18|-r-------|28313] E:\How I Met Your Mother [2x17] - Arivederci, Fiero.srt
[05.03.2008 18:07|-r-------|183574494] E:\How I Met Your Mother [2x18] - Moving Day.avi
[05.03.2008 18:08|-r-------|29974] E:\How I Met Your Mother [2x18] - Moving Day.srt
[07.02.2008 20:53|-r-------|183448694] E:\How I Met Your Mother [2x19] - Bachelor Party.avi
[07.02.2008 19:18|-r-------|29655] E:\How I Met Your Mother [2x19] - Bachelor Party.srt
[07.02.2008 20:11|-r-------|183138304] E:\How I Met Your Mother [2x20] - Showdown_ May the best man win.avi
[07.02.2008 19:18|-r-------|28248] E:\How I Met Your Mother [2x20] - Showdown_ May the best man win.srt
[07.02.2008 20:31|-r-------|183462002] E:\How I Met Your Mother [2x21] - Something Borrowed.avi
[07.02.2008 19:18|-r-------|32195] E:\How I Met Your Mother [2x21] - Something Borrowed.srt
[07.02.2008 20:35|-r-------|183406990] E:\How I Met Your Mother [2x22] - Something Blue.avi
[07.02.2008 19:18|-r-------|23121] E:\How I Met Your Mother [2x22] - Something Blue.srt
[24.03.2010 23:00|--a------|37888] F:\notar.doc
[27.02.2010 16:50|--a------|4092288] F:\yusetup.exe
[20.02.2010 19:53|--a------|5011332] F:\fotky mˇça.zip
[30.03.2010 10:02|--a------|1374] F:\BOOTEX.LOG
[27.02.2010 17:38|--a------|41379120] F:\setupczepro.exe
[13.12.2009 19:48|--a------|2819670] F:\PropagBroz.pdf
[17.03.2010 18:43|--a------|24576] F:\ulozto na smazani linky.doc
[08.03.2010 23:23|--a------|19456] F:\klˇźe na awast,uninstaller.doc
[14.09.2009 09:38|---h-----|62976] F:\~WRL1352.tmp
[03.03.2010 19:07|--a------|18432] G:\hubnuti.xls
[28.12.2009 14:24|--a------|27450277] G:\nahled.wmv
[03.03.2010 19:15|--a------|18944] G:\Kopie - hubnuti.xls
[08.04.2010 18:42|--a------|611328] G:\ZSV - semin rnˇ pr ce ¬esk‚ BudŘjovice.doc
[16.02.2010 11:30|--a------|97792] G:\15A.doc
[31.01.2010 16:05|--a------|2384384] G:\semin rnˇ pr ce ren upraveny m.doc
[09.01.2010 10:34|--a------|140994] G:\Orient Spa - Cenˇk - ¬esk‚ BudŘjovice.mht
[29.03.2010 18:56|--a------|40448] G:\sloh 2 ani njvŘtçˇ radost nenˇ beze smutku....doc
[29.03.2010 21:58|--a------|605184] G:\INT vyt.doc
[27.03.2010 17:43|--a------|64000] G:\6. Vznik sociologie jako vedy a jeji dalsi vyvoj, metody sociologickeho vyzkumu.doc
[07.11.2009 22:55|---hs----|85] G:\desktop.ini
[11.07.2009 07:13|--a------|12117] H:\sazebnˇk.ods
[08.02.2010 20:24|--a------|1197568] H:\Cedule na dveýe - not ý, st tnˇ znak.doc
[16.03.2010 00:33|--a------|26624] H:\101228298-2e6oph3.xls
[28.03.2010 11:31|--a------|45568] H:\tschechische republik.doc
[03.04.2010 20:04|--a------|42496] H:\Kalkulace_2(1).xls
[03.04.2010 18:53|--a------|106004] H:\39411.jpg
[03.04.2010 18:45|--a------|65348] H:\Kostym%20dosp_%20pirat%20773954%20inter.jpg
[07.02.2008 18:18|--a------|29655] H:\How I Met Your Mother [2x19] - Bachelor Party.srt
[07.02.2008 19:53|--a------|183448694] H:\How I Met Your Mother [2x19] - Bachelor Party.avi

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# D:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# F:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# G:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# H:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_Marta-BOOK.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.101 ! |

1:Ok,spust este raz USB-fix a slac[6] USB-fix sa odinstaluje.
2:http://download.bleepingcomputer.com/ma ... -setup.exe
Stiahnes>>Malwarebytes' Anti-Malware stiahnut-nainstalovat -aktualizovat-
sprav komplet skan,,log vloz sem,

dala jsem důkladné skenování disků i flashek, tak to budu asi nejakou dobu trvat

ok,stacime..

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3974

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

10.4.2010 15:51:42
mbam-log-2010-04-10 (15-51-42).txt

Typ skenu: Úplný sken (C:\|D:\|E:\|F:\|G:\|H:\|)
Skenované objekty: 217976
Uplynulý čas: 54 minuta(y), 3 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 2
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 6

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Malware.Trace) -> No action taken.

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Program Files\Adobe\297353.old (Trojan.Dropper) -> No action taken.
G:\tempstorage\stg1.exe (Trojan.Agent) -> No action taken.
H:\MERLIN\madonna.exe (Trojan.Palevo.Gen.A) -> No action taken.
H:\GROMOVI\motoriii.exe (Trojan.Palevo.Gen.A) -> No action taken.
H:\DOBRABRE\mlada.exe (Trojan.Palevo.Gen.B8) -> No action taken.
H:\tempstorage\stg1.exe (Trojan.Agent) -> No action taken.

ok,zmaz vsetko,,
vypnut obnovu systemu a po restarte znova zapnut
pouzijes combofix

PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte>>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe






- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

jak mam vypnout obnovu systemu?

1. Kliknite na tlačidlo Štart, Všetky programy, Systémové nástroje, Čistenie disku
2. Vybrať pre všetky užívateľské súbory v tomto počítači
3. Kliknite na tlačidlo Pokračovať
4. Vyberte vhodné písmeno jednotky (zvyčajne C:)
5. Čistenie disku vyberte kartu Ďalšie možnosti v Obnovovanie systému a tieňové kópie kliknite na tlačidlo Vyčistiť všetky body obnovenia .

ty systemove nastroje nemůzu nikde najit. ani to cisteni disku. je to nekde pod ovladacima panelama? kdyz vyvolam nabidku vsech programu , tak tam to nikde nevidim

tak uz jsem u cisteni disku.. mam oznacit vsechny soubory, ktere maji byt odstraneny? zatim jsou oznaceny na odstraneni tri (docasne soubory programů, dočasne soubory internetu a miniatury...)

toto sme uz vycistili USB fix-klikni na zalozku dalsie moznosti a tam to klik-vycistit bod obnovy