Mam zavirovany comp

Ahoj mam zavirovany comp a potrebujem sa svami poradit ze aky program by bol na vycistenie naj?? .... kratky popis co mam z compom : Na jednom z mojich uctov v come na ktorom som mimochodom pracoval ked som virus chytil sa mi objavila namiesto pozadia na ploche ramcek nieco z tym ze mam virus vycistite si pocitac .... dalej dole tam kde mam cas sa mi hned vedla casu zobrazilo VIRUS ALERT! dalej vymazalo sa mi vacsina veci ... teda myslim ze nie vymazala ale vacsina sa mi ich nezobrazuje ale viem ze su tam napriklad uplne mi odvsadial zmizli disky ale viem sa k nim dostat .... z ponuky start mi zmizli vsetky programy odhlasenie ovladaci panely atd... a takisto aj z prac. plochy mi zmizli ikony vlastne je toho este viac ale to su take typicke veci napr dole pri case mi blika ikonka z krizikom a take hlasenia mi furt chodia ci chcem stiahnut taky a taky program samozrejme tieto programy nestahujem lebo mam podozrenie ze su uplne na .... prosim uvitam akukolvek pomoc ako problem vyriesit

ako prve by si mohol poslat log z hijackthis a combofix

... prebehny PC antivirakom , antispywearom pom Hijack a Combo fix ..

tu mas navod http://www.pcforum.sk/cistime-napadnuty ... 27265.html

Ano a ako ??

[quote="petos"][/quote]jj sry nevsimol som si

Log z combofixu: ComboFix 08-07-01.5 - Martin 2008-07-02 19:58:15.1 - NTFSx86
Running from: C:\Documents and Settings\Martin\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Martin\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\Martin\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\Martin\Oblíbené položky\Spyware&Malware Protection.url
C:\Documents and Settings\Martin\Plocha\Error Cleaner.url
C:\Documents and Settings\Martin\Plocha\Privacy Protector.url
C:\Documents and Settings\Martin\Plocha\Spyware&Malware Protection.url
C:\WINDOWS\eaqb.exe
C:\WINDOWS\ksendlbtmat.dll
C:\WINDOWS\neltabxw.exe
C:\WINDOWS\system32\1.tmp
C:\WINDOWS\system32\2.tmp
C:\WINDOWS\system32\3.tmp
C:\WINDOWS\system32\4.tmp
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\7.tmp
C:\WINDOWS\system32\8.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\system32\A.tmp
C:\WINDOWS\system32\awtsSlli.dll
C:\WINDOWS\system32\blphcv5vj0ep2l.scr
C:\WINDOWS\system32\cjesyhgw.ini2
C:\WINDOWS\system32\cjesyhgw.tmp
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\eppipmvk.dll
C:\WINDOWS\system32\illSstwa.ini
C:\WINDOWS\system32\illSstwa.ini2
C:\WINDOWS\system32\kvmpippe.ini
C:\WINDOWS\system32\kvmpippe.ini2
C:\WINDOWS\system32\kvmpippe.tmp
C:\WINDOWS\system32\lphcv5vj0ep2l.exe
C:\WINDOWS\system32\phcv5vj0ep2l.bmp
C:\WINDOWS\system32\pphcv5vj0ep2l.exe
C:\WINDOWS\vrmdtneg.dll
C:\WINDOWS\wpvmqosg.dll
C:\WINDOWS\xvorfwbd.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER


((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.

2008-07-01 19:25 . 2008-07-01 19:25 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-01 19:25 . 2008-07-01 19:25 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-01 19:24 . 2008-07-01 19:24 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-01 19:24 . 2008-07-01 19:24 <DIR> d-------- C:\Program Files\AVG
2008-07-01 00:27 . 2008-07-01 00:27 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-07-01 00:27 . 2006-11-24 10:19 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-07-01 00:27 . 2006-11-24 10:19 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-06-30 11:46 . 2007-09-30 22:05 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-06-30 11:46 . 2008-07-02 15:38 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-06-30 11:46 . 2007-09-30 23:53 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-06-30 11:46 . 2007-09-30 23:53 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-06-30 11:46 . 2007-09-30 23:53 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-06-30 11:46 . 2007-09-30 23:53 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-06-30 11:46 . 2007-09-30 23:53 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-06-30 11:46 . 2008-07-01 19:07 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-06-30 11:46 . 2008-06-30 11:46 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-30 11:10 . 2008-06-30 11:10 91,520 --a------ C:\WINDOWS\system32\wghysejc.dll
2008-06-30 10:55 . 2008-06-30 10:55 28,288 --a------ C:\WINDOWS\system32\mlJAqrRi.dll
2008-06-30 10:55 . 2008-06-30 10:55 28,288 --a------ C:\WINDOWS\system32\hgGyaxvs.dll
2008-06-30 10:55 . 2008-06-30 10:55 28,288 --a------ C:\WINDOWS\system32\fccyaYPg.dll
2008-06-30 10:55 . 2004-08-18 14:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-06-23 18:36 . 2008-06-23 18:36 <DIR> d-------- C:\Program Files\ICQ6Toolbar
2008-06-12 13:52 . 2008-06-14 20:00 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 13:52 . 2008-06-14 20:00 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 22:45 . 2008-06-17 15:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 22:45 . 2008-06-04 22:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-04 18:46 . 2008-06-04 18:46 800 --a------ C:\WINDOWS\hpinfo.lnk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 18:25 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd9965.sys
2008-06-23 16:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-04 17:57 --------- d-----w C:\Program Files\hp deskjet 3420 series
2008-06-04 16:43 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-25 15:35 --------- d-----w C:\Program Files\Common Files\Thraex Software
2008-05-24 18:20 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-18 14:37 --------- d-----w C:\Program Files\Xvid
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,290,240 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-02 17:44 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.

------- Sigcheck -------

2007-10-03 20:30 502272 427e6ded3a2369d3432a683eb489ee14 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84C53226-C282-41FE-A4B4-8F05CC5EC24B}]
2008-06-30 10:55 28288 --a------ C:\WINDOWS\system32\hgGyaxvs.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-02 15:18 778240]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 22:05 188416]
"AVG8_TRAY"="D:\AVG\AVG8\avgtray.exe" [2008-07-01 19:24 1177368]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{84C53226-C282-41FE-A4B4-8F05CC5EC24B}"= "C:\WINDOWS\system32\hgGyaxvs.dll" [2008-06-30 10:55 28288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGyaxvs]
2008-06-30 10:55 28288 C:\WINDOWS\system32\hgGyaxvs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.div4"= DivXc32f.dll
"vidc.div3"= DivXc32.dll
"vidc.xvid"= xvid.dll
"msacm.l3radius"= l3codecp.acm
"msacm.divxa"= divxa32.acm
"msacm.a3d"= a3d.dll
"msacm.ogg"= ogg.dll
"msacm.vorbisenc"= vorbisenc.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WinSpywareProtect"="C:\Documents and Settings\All Users\Data aplikací\Adsl Software Ltd\WinSpywareProtect\Winspywareprotect.exe" /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="D:\DAEMON Tools\daemon.exe" -lang 1033
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
"CnxDslTaskBar"="C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SMrhcr5vj0ep2l"=C:\Program Files\rhcr5vj0ep2l\rhcr5vj0ep2l.exe
"lphcv5vj0ep2l"=C:\WINDOWS\system32\lphcv5vj0ep2l.exe
"681cfce1"=rundll32.exe "C:\WINDOWS\system32\wghysejc.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Peter\\Hry\\CSS\\hl2.exe"=
"D:\\Peter\\Hry\\cs 1.6\\hl.exe"=
"D:\\BitComet\\BitComet.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"D:\\Peter\\Hry\\HLSW\\hlsw.exe"=
"D:\\hamachiIN\\hamachi.exe"=
"D:\\skype\\Skype.exe"=
"D:\\hamachi\\hamachi.exe"=
"D:\\Peter\\Hry\\cs 1.6\\cstrike.exe"=
"D:\\Peter\\Hry\\bulanci(2).exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Peter\\Hry\\cs 1.6\\hltv.exe"=
"D:\\BitComet\\Downloads\\Need For Speed Underground [PC GAME] [Extract and Play)\\Need For Speed Underground\\Speed.exe"=
"D:\\Peter\\Hry\\Warcraft\\Frozen Throne.exe"=
"D:\\PacSteam\\steamapps\\mixo611\\half-life 2 deathmatch\\hl2.exe"=
"D:\\Peter\\Hry\\ConditionZero\\czero.exe"=
"D:\\qip\\qip.exe"=
"D:\\icq6\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10951:TCP"= 10951:TCP:BitComet 10951 TCP
"10951:UDP"= 10951:UDP:BitComet 10951 UDP

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-01 19:25]
R2 avg8wd;AVG8 WatchDog;D:\AVG\AVG8\avgwdsvc.exe [2008-07-01 19:24]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 19:26]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-06-16 07:51]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-06-16 07:51]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNP.sys [2004-06-16 07:51]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 14:00]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2004-11-03 14:14]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43fe1cb2-296d-11dd-a8f5-001333c0fbb9}]
\Shell\AutoRun\command - H:\EmDesk.exe
\Shell\EmDesk\command - H:\EmDesk.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 16:26:45 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- D:\tuneup2007\SystemOptimizer.exe
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{B4B8E731-19DA-43DF-9E91-4B33E8478EF3} - (no file)
HKCU-Run-ICQ - C:\Program Files\ICQ6\ICQ.exe
HKLM-Run-lphcv5vj0ep2l - C:\WINDOWS\system32\lphcv5vj0ep2l.exe
HKLM-Run-681cfce1 - C:\WINDOWS\system32\eppipmvk.dll
SSODL-wpvmqosg-{25F13515-1C40-42FF-9915-71704F586C34} - C:\WINDOWS\wpvmqosg.dll
SSODL-xvorfwbd-{23CD4BBD-08F5-46B7-93D8-3BD9997E0496} - C:\WINDOWS\xvorfwbd.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 20:29:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\hgGyaxvs.dll
-> C:\WINDOWS\system32\vorbis.dll
-> C:\WINDOWS\system32\ogg.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\vorbis.dll
-> C:\WINDOWS\system32\ogg.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\vorbis.dll
-> C:\WINDOWS\system32\ogg.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\AVG\AVG8\avgrsx.exe
D:\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-07-02 20:36:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-02 18:36:02

Adresářů: 9, Volných bajtů: 34,496,512
Adres ý…: 11, Volněch bajt…: 138,592,256

228 --- E O F --- 2008-06-22 17:55:02



LOG z Hijacktis:






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52, on 2. 7. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
D:\AVG\AVG8\avgrsx.exe
D:\AVG\AVG8\avgrsx.exe
D:\mozzila firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
D:\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://groups.icq.com/groups/index.php?cat_id=167
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG8_TRAY] D:\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [681cfce1] rundll32.exe "C:\WINDOWS\system32\engjfmeb.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\icq6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\icq6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16A30A2C-1145-417F-9A5A-05B840AE39F3}: NameServer = 195.146.132.58 195.146.128.60
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4877 bytes

Pouzi Avenger s tymto skriptom:



Log posli, potom pokracujeme.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\wghysejc.dll" deleted successfully.
File "C:\WINDOWS\system32\mlJAqrRi.dll" deleted successfully.
File "C:\WINDOWS\system32\hgGyaxvs.dll" deleted successfully.
File "C:\WINDOWS\system32\fccyaYPg.dll" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84C53226-C282-41FE-A4B4-8F05CC5EC24B}" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGyaxvs" deleted successfully.
Registry value "hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks|{84C53226-C282-41FE-A4B4-8F05CC5EC24B}" deleted successfully.

Error: could not delete registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|SMrhcr5vj0ep2l"
Deletion of registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|SMrhcr5vj0ep2l" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|lphcv5vj0ep2l"
Deletion of registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|lphcv5vj0ep2l" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry value "HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|681cfce1" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Nech sa paci


Inak vacsina problemov sa mi vyyriesila uz Combofixom ale aj tak tam urcite nejake virusi su teda myslim ze sa mi uz objavila vacsina vecii ......

Otvor Poznamkovy blok a skopiruj don:



Uloz ako typ "vsetky subory" s menom "oprava.reg" a spusti tento subor => OK

Pre Avenger:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Documents and Settings\All Users\Data aplikací\Adsl Software Ltd" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


A este jedna vec preco na inych uctoch mam vsetko take ako keby sa nic nestalo?? to musim na kazdom spravit to iste??

Co myslis pod "akoby sa nic nestalo"?

proste: Na jednom ucte sa mi vsetko napravilo napr: zobrazili sa naspat ikonky a aj vacsina veci ale na druhom to zostalo tak isto to jest pri case mi stale svieti virus alert! ikonky a ine veci mam stale neviditelne atd...

Posli log z ComboFixu aj z tych uctov.

Takze to virus alert, a predopokladam ze nemas v starte ziadne programy atd...
Mas PC napadnuty Hijackermi(programy, ktore zakazuju pristup k regeditu, taskmgr, atd...).
Stretol som sa s tym trochu som vtedy Googlil a nasiel som jeden nastroj, ktory je na vyssej urovni, co sa tyka tohoto

Daj hladat na 100% ti zmizne VIRUS ALERT! a podobne hluposti, potom prebehni PC normalnym AV.
A ako mi tak vpalil do oci tvoj log, tak by som ti odporucal format. Vidim ze Porno, Warez - teda si dostal nejaky downloader a potom to islo dole vodou - Zaobstaraj si plateny AV s reziden. sitom