virus alebo spyware?

len taky maly detail. ked kliknem na avanger tak mi vypise not found
co teraz?

Nejde stiahnúť alebo spustiť? Ulož ho na plochu alebo niekde a rozbaľ (keď ho otvoríš, súbor avenger.exe prenes na plochu).

nejde spustit

V tom prípade otvor poznámkový blok, skopíruj:


ulož na ploche ako "CFScript.txt" (aj s úvodzovkami) a pretiahni na combofix.

a potom?

preskenovat Spy SweeperOM

ComboFix 08-03-27.5 - Peter 2008-03-29 14:44:01.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1033.18.383 [GMT 1:00]
Running from: C:\Users\Peter\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf


((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 12:05 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-03-29 11:28 --------- d-----w C:\Program Files\RogueRemover FREE
2008-03-26 15:24 13,025 ----a-w C:\Users\Peter\AppData\Roaming\nvModes.dat
2008-03-24 18:56 --------- d-----w C:\Program Files\7-Zip
2008-03-24 16:54 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-24 16:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-22 11:38 --------- d-----w C:\Program Files\PC-Antispyware
2008-03-21 19:33 90,112 ----a-w C:\Windows\System32\yzpdisck.exe
2008-03-21 19:33 37,888 ----a-w C:\Windows\hudwpmnq.exe
2008-03-21 17:17 212,992 ----a-w C:\Windows\drnpfdxlwn.dll
2008-03-21 17:16 245,760 ----a-w C:\Windows\altvxvm.dll
2008-03-15 20:06 --------- d-----w C:\Program Files\BitLord
2008-03-14 14:50 --------- d-----w C:\Users\Peter\AppData\Roaming\ICQ
2008-02-20 17:11 --------- d-----w C:\Program Files\ICQ6
2008-02-20 13:44 --------- d-----w C:\Users\Peter\AppData\Roaming\OTi
2008-02-15 19:17 --------- d-----w C:\Program Files\Winamp Remote
2008-02-15 19:14 --------- d-----w C:\Users\Peter\AppData\Roaming\Winamp
2008-02-15 19:14 --------- d-----w C:\Program Files\Winamp
2008-02-14 18:34 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 18:34 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 18:31 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 18:31 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 18:31 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 18:31 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 18:31 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 18:28 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 18:28 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 18:28 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 18:28 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-10 05:49 --------- d-----w C:\Users\Peter\AppData\Roaming\ZoomBrowser EX
2008-02-09 16:56 --------- d-----w C:\Program Files\Realore
2008-01-31 15:56 --------- d-----w C:\ProgramData\ZoomBrowser
2008-01-31 15:44 --------- d-----w C:\Program Files\Canon
2008-01-31 15:40 --------- d-----w C:\Program Files\Common Files\Canon
2008-01-29 15:03 --------- d-----w C:\Program Files\Elaborate Bytes
2008-01-09 04:08 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-07 12:58 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2007-12-13 16:05 174 --sha-w C:\Program Files\desktop.ini
2007-10-24 11:38 0 ----a-w C:\Users\Peter\AppData\Roaming\wklnhst.dat
2007-11-16 20:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-16 20:03 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-16 20:03 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-03-29_13.01.30.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-29 11:58:15 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-29 13:48:44 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-03-29 11:57:19 816,872 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-03-29 13:47:30 816,952 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-03-29 11:56:54 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-03-29 13:42:37 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-03-29 11:58:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-29 13:49:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-03-29 13:49:13 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-03-29 11:53:25 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-03-29 13:44:06 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-03-29 11:58:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-29 13:49:13 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-29 13:49:13 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-29 11:58:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-29 13:49:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-29 11:58:29 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-29 13:49:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-29 11:58:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-29 13:49:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-29 10:43:37 10,260 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-899011210-4206496394-2207545682-1000_UserData.bin
+ 2008-03-29 13:40:24 10,410 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-899011210-4206496394-2207545682-1000_UserData.bin
- 2008-03-29 10:43:37 65,788 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-29 13:40:24 65,858 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F0C2A9-8E38-43e3-204D-45524C494E20}]
2008-03-21 21:31 176128 --------- C:\Program Files\PC-Antispyware\IeExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 05:08 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-22 00:36 1474560]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-13 16:57 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-24 23:33 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 07:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 18:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 18:50 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 17:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 17:32 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-06-01 04:10 77824]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-27 11:26 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-27 11:26 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-27 11:26 81920]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"yzpdisck"="C:\Windows\system32\yzpdisck.exe" [2008-03-21 20:33 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 04:24:54 98632]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-04 01:55:50 703280]
Microsoft Office.lnk - C:\Program Files\Microsoft Office2000\Office\OSA9.EXE [2000-01-21 08:15:54 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"jxls4XEL8c"= C:\Windows\hudwpmnq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FB0B4872-E62E-4DF3-A7BD-DEC2B9F522D5}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{88084C93-63A9-49A2-BED0-1A2C3C60C454}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7EB3385-9667-4F7A-AD62-D58EB5152897}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{0AFD4574-63F1-461E-991C-DE1DDAB5C815}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{DDF3CAB5-AEE8-4E19-8A79-F60F68D75C7B}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{0BFDA198-9991-4B48-869F-6579204E7685}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{D9DD5784-09ED-40B2-9110-ECA068196DDD}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{42B82E72-8F35-4594-B715-47AC057F74AE}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6C583DEF-4DCF-44D5-8484-F9B885B3AF96}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{3B261EEB-5E58-4EED-B928-0E4DF0E82A08}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{C14A0BA2-76F1-4EBA-A300-09AD1B052573}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5BAE4EAC-86C2-45DC-A796-18E31A8C66CA}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1FCA57D8-0436-48D8-A19B-5F405D7C0768}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{999019DF-0373-4301-BC6C-9AD8C62C41A6}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{75C3C7A6-4521-4A11-A935-2A43DA7C3390}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{418A2F88-F74E-4250-99A6-E7B60164C0EB}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{6464F20E-6333-4AE0-956D-B43904DDAFBD}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{856CAE21-B6CE-4A7B-9FF0-1C35B65B1E6E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B6129D9B-6228-4EBB-BC16-45F529901E8E}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"UDP Query User{5505E5D4-B555-4AFF-AC74-E11BCD1AC60B}C:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:C:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"TCP Query User{36A9930D-0A99-4CC4-9FEF-44F8583029BC}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{C9288296-03A6-4D10-A392-1467AEF5A227}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{72CB6D50-19E8-46CA-86B4-D4697E61530A}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{C691090A-0842-4FDC-AC89-0D7CC5EB2CBE}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{B0435426-5DEE-4F30-BFF2-F61493D2076D}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{9CB83C4A-F0AF-46B6-B91B-90977D8EE545}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{FF544FED-D525-47DC-B142-333BA44CB477}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{4C70A4F0-9408-47CE-8C79-55AD93152B54}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{246B6662-E529-4372-87F2-4ABFFE5424A7}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{B066CC5D-BBDF-43F7-964A-B7F328868A16}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{3FE296DC-9E3B-42CA-83B8-DA1EA4B86DAD}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{5E6E478A-DAC6-49B1-975E-8150389092C8}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{610C5AF6-CD40-4B1B-A653-ABD8D8B8F354}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{A2213098-DEFC-4B29-84B6-6A77C1E28AFC}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{72A60DB8-8501-4EBD-915D-45FF47E0B466}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{98229FCA-40D2-4DAB-94B3-791D9BAC71D5}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 PSched;QoS Packet Scheduler;C:\Windows\system32\DRIVERS\pacer.sys [2007-12-13 17:00]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 16:44]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 09:44]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-17 17:20]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 13:54]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 13:54]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 13:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a4682dc-dfb1-11dc-83ec-0016d39fa690}]
\shell\AutoRun\command - G:\USBNB.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 22:38:22 C:\Windows\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0.job"
- C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe?Sched RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 0~0
"2008-03-29 13:25:17 C:\Windows\Tasks\User_Feed_Synchronization-{48FFF490-A03F-4285-BEFD-29DEB775166E}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 14:49:28
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Completion time: 2008-03-29 14:52:19 - machine was rebooted [Peter]
ComboFix-quarantined-files.txt 2008-03-29 13:52:10
ComboFix2.txt 2008-03-29 12:02:19
The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.
.
2008-03-28 11:20:54 --- E O F ---

to ju novy log
dufom ze to uz je ok

Niečo si nespravila správne, súbory sa nevymazali. V logu musí byť na začiatku Command switches used :: cesta k cfscript.txt. Skús ešte raz.

no tak skusila som znovu 2x ale akosi mi nechce ist. nabehne ta tabulka a v nej pripare to run...potom sa obrazovka zmenila na modru a necelo mi nic ist kym som nevypla comp rucne, predtym mi to nerobilo.....
co teraz?

Dobre, tretia možnosť.
Toto skopíruj:

V killboxe zvoľ file - paste from clipboard, delete on reboot, all files a potvrď.

a combofix mam zmazat alebo...?

Áno, na to môžeš použiť t-cleaner. Ako sa má pc?

no ale este som to neurobila....ja ze ci mam predtym alebo potom zmazat combofix

no tak uz som to urobila....a este uvidim ci bude nieco:)

a ako mam pouzit T-cleaner?pls
a este nieco nejde mi zmenit pozadie..a obrazky,icony mi nejdu zobrazit vo velkosti large iba v inej

T-cleaner normálne spustíš a všetko potvrdíš (a). Tie ikony bohužiaľ neviem, snáď poradí niekto, kto má vistu.

DAKUJEM:)