Problém - Vir

[memphisto]

Případně ještě spustit v nouzovém režimu

[Reklama]

[Webster18]

nefunguje to, ale něco jsem našel na netu, jestli vám to nějak nepomůže http://www.2-spyware.com/remove-system-tool.html

[memphisto]

Na tyhle programy se vykašli. Jedno svinstvo s tím vyženeš a druhé ti to tam nasadí. Zkus to v nouzovém režimu, tam by to mělo jít

[Webster18]

no v nouzovém režimu vše pěkně jelo, scannul jsem to.

[Webster18]

ale nejde to zkopirovat, asi ten log hodim na uloz.to, http://www.uloz.to/7667467/mbam-log-201 ... -35-48-txt tady je odkaz na ten log

[shen477]

když už tak si to měl hodit do Přílohy, z ulož.to se nám to moc stahovat nechce...

[memphisto]

Tak v tom nouzovém režimu udělej tohle ...

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Webster18]

AAAA, super, už mi tu nikde nic nevyskakuje a po viru ani památky, děkuju Vám moc :) ještě přikládám ten log, ps. Log z MbaAM nemám, ptz jsem ho dělal v nouzovém režimu, a rovnou to chtělo restart tak jsem ho ani nestihl uložit, ale z Combofixu mám a tady jej přikládám:

ComboFix 11-01-31.02 - Webster 01.02.2011 21:05:57.1.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.3041 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Webster\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100331-2] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Data aplikací\jDjCfFp10400
C:\Documents and Settings\All Users\Data aplikací\jDjCfFp10400\jDjCfFp10400
C:\Documents and Settings\All Users\Data aplikací\jDjCfFp10400\jDjCfFp10400.exe
C:\Documents and Settings\Webster\Data aplikací\Dealio
C:\Documents and Settings\Webster\Data aplikací\Dealio\res\widgets.xml
C:\Documents and Settings\Webster\Data aplikací\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
C:\Documents and Settings\Webster\Data aplikací\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
C:\Documents and Settings\Webster\Data aplikací\WinLogon
C:\Documents and Settings\Webster\Dokumenty\winlogon.exe
C:\Documents and Settings\Webster\Nabídka Start\Programy\System Tool
C:\Program Files\Dealio Toolbar
C:\Program Files\Dealio Toolbar\FF\chrome.manifest
C:\Program Files\Dealio Toolbar\FF\chrome\content\chevron.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\chevron.xul
C:\Program Files\Dealio Toolbar\FF\chrome\content\login.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\login.xul
C:\Program Files\Dealio Toolbar\FF\chrome\content\parser.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\searchbox.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\searchbox.xul
C:\Program Files\Dealio Toolbar\FF\chrome\content\utils.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\widgicomm.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\widgihandling.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\widgichevron.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
C:\Program Files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
C:\Program Files\Dealio Toolbar\FF\chrome\content\widgiui.js
C:\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
C:\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
C:\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
C:\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\amazon.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\apple.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\barnes.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\ebay.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\chevron.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\macys.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\newegg.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\overstock.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\search-button.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\searchbox.css
C:\Program Files\Dealio Toolbar\FF\chrome\skin\splitter.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\target.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\walmart.gif
C:\Program Files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
C:\Program Files\Dealio Toolbar\FF\install.rdf
C:\Program Files\Dealio Toolbar\IE\4.1\config.ini
C:\Program Files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll
C:\Program Files\Dealio Toolbar\Res\amazon.gif
C:\Program Files\Dealio Toolbar\Res\apple.gif
C:\Program Files\Dealio Toolbar\Res\barnes.gif
C:\Program Files\Dealio Toolbar\Res\bestbuy.gif
C:\Program Files\Dealio Toolbar\Res\dealio_logo.gif
C:\Program Files\Dealio Toolbar\Res\dealio_logo_hover.gif
C:\Program Files\Dealio Toolbar\Res\ebay.gif
C:\Program Files\Dealio Toolbar\Res\icon_settings.gif
C:\Program Files\Dealio Toolbar\Res\macys.gif
C:\Program Files\Dealio Toolbar\Res\newegg.gif
C:\Program Files\Dealio Toolbar\Res\overstock.gif
C:\Program Files\Dealio Toolbar\Res\search-button-hover.gif
C:\Program Files\Dealio Toolbar\Res\search-button.gif
C:\Program Files\Dealio Toolbar\Res\search-chevron-hover.gif
C:\Program Files\Dealio Toolbar\Res\search-chevron.gif
C:\Program Files\Dealio Toolbar\Res\search_amazon.gif
C:\Program Files\Dealio Toolbar\Res\search_dealio.gif
C:\Program Files\Dealio Toolbar\Res\search_ebay.gif
C:\Program Files\Dealio Toolbar\Res\search_yahoo.gif
C:\Program Files\Dealio Toolbar\Res\target.gif
C:\Program Files\Dealio Toolbar\Res\walmart.gif
C:\Program Files\Dealio Toolbar\Res\widgets.xml
C:\Program Files\Dealio Toolbar\WidgiHelper.exe
C:\Program Files\ICQ6.5\ICQLRun.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SEEKEEN_SERVICE


((((((((((((((((((((((((( Soubory vytvořené od 2011-01-01 do 2011-02-01 )))))))))))))))))))))))))))))))
.

2011-02-01 19:26:14 . 2011-02-01 19:26:14 -------- d-----w- C:\Documents and Settings\Webster\Data aplikací\Malwarebytes
2011-02-01 19:26:08 . 2009-12-03 15:14:06 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-02-01 19:26:05 . 2011-02-01 19:26:05 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-02-01 19:26:04 . 2011-02-01 19:26:12 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-01 19:26:04 . 2009-12-03 15:13:56 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-02-01 19:15:06 . 2011-02-01 19:15:06 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2011-02-01 18:52:54 . 2011-02-01 19:27:26 -------- d-----w- C:\Program Files\CCleaner
2011-01-31 19:13:47 . 2011-01-31 19:19:07 -------- d-----w- C:\Documents and Settings\Webster\Data aplikací\Ventrilo
2011-01-31 19:13:21 . 2011-01-31 19:13:22 -------- d-----w- C:\Program Files\Ventrilo
2011-01-31 19:13:03 . 2011-01-31 19:13:03 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2011-01-28 20:43:03 . 2011-01-28 23:59:52 -------- d-----w- C:\Documents and Settings\Webster\Data aplikací\Mumble
2011-01-22 10:46:05 . 2011-01-22 10:46:20 -------- d-----w- C:\Program Files\Agama
2011-01-22 10:46:00 . 2002-12-05 13:10:32 155648 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-01-22 10:45:59 . 2002-12-05 13:12:08 692224 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-01-22 10:45:59 . 2002-12-02 14:22:44 5632 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-01-22 10:45:59 . 2002-12-02 12:33:04 57344 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-01-22 10:45:59 . 2002-12-02 12:33:04 237568 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-01-22 10:45:54 . 2011-01-22 10:45:54 282756 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-01-22 10:45:54 . 2011-01-22 10:45:54 163972 ----a-w- C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-01-16 17:34:53 . 2011-01-16 17:39:35 -------- d-----w- C:\Documents and Settings\Webster\Data aplikací\RaidCall

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-24 19:47:32 . 2010-12-24 19:36:46 413696 ----a-w- C:\WINDOWS\system32\wrap_oal.dll
2010-12-24 19:47:32 . 2010-12-24 19:36:46 110592 ----a-w- C:\WINDOWS\system32\OpenAL32.dll
2010-11-22 20:12:29 . 2009-01-02 23:26:31 281760 ----a-w- C:\WINDOWS\system32\drivers\atksgt.sys
2010-11-22 20:12:29 . 2009-01-02 23:26:30 25888 ----a-w- C:\WINDOWS\system32\drivers\lirsgt.sys
2009-05-01 21:02:48 . 2009-05-01 21:02:48 1044480 ----a-w- C:\Program Files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02:48 . 2009-05-01 21:02:48 200704 ----a-w- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-01-07 06:51:08 185344 ----a-w- C:\Program Files\Stylish Profile\enlbrdr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-11-11 16:20:49 2166296 ----a-w- C:\Program Files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "C:\Program Files\BS_Player\tbBS_1.dll" [2009-11-11 16:20:49 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "C:\Program Files\BS_Player\tbBS_1.dll" [2009-11-11 16:20:49 2166296]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 08:27:16 153136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 14:07:20 2260480]
"Steam"="D:\Nová složka\New Folder\Steam.exe" [2010-11-17 09:00:30 1242448]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-07-15 08:18:48 102400]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 09:16:20 357696]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2010-10-11 15:49:48 14940040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-08-15 03:13:26 30003200]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38:42 241664]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 14:46:24 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11:42 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57:24 153136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-09 17:30:01 148888]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 16:00:32 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2010-04-15 15:09:11 202256]
"SearchSettings"="C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2010-10-22 15:47:26 524288]
"CTAPR2"="D:\Program Files\Creative\SB WoW Wireless Headset\WoWAudioCP\CTAPR2.exe" [2009-11-11 09:44:26 65642]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 07:52:18 15360]

C:\Documents and Settings\Webster\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CurseClientStartup.ccip [2010-12-16 0]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Rychlě zaź tek s aplikacˇ HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6.5\\ICQ.exe"=
"D:\\TmNationsForever\\TmForever.exe"=
"D:\\World of Warcraft\\WoW-3.0.1-to-3.0.2-enGB-Win-Update-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"D:\\Program Files\\League of Legends\\Air\\LolClient.exe"=
"D:\\Program Files\\League of Legends\\Game\\League of Legends.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"22723:TCP"= 22723:TCP:BitComet 22723 TCP
"22723:UDP"= 22723:UDP:BitComet 22723 UDP
"58899:TCP"= 58899:TCP:Pando Media Booster
"58899:UDP"= 58899:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6984:TCP"= 6984:TCP:League of Legends Launcher
"6984:UDP"= 6984:UDP:League of Legends Launcher
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"6981:TCP"= 6981:TCP:League of Legends Launcher
"6981:UDP"= 6981:UDP:League of Legends Launcher
"6917:TCP"= 6917:TCP:League of Legends Launcher
"6917:UDP"= 6917:UDP:League of Legends Launcher
"6892:TCP"= 6892:TCP:League of Legends Launcher
"6892:UDP"= 6892:UDP:League of Legends Launcher
"6964:TCP"= 6964:TCP:League of Legends Launcher
"6964:UDP"= 6964:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6979:TCP"= 6979:TCP:League of Legends Launcher
"6979:UDP"= 6979:UDP:League of Legends Launcher
"6934:TCP"= 6934:TCP:League of Legends Launcher
"6934:UDP"= 6934:UDP:League of Legends Launcher

R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [22.9.2009 15:53:04 64160]
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [2.1.2009 22:15:36 691696]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [31.12.2008 16:59:37 114768]
R2 Application Updater;Application Updater;C:\Program Files\Application Updater\ApplicationUpdater.exe [22.10.2010 16:38:46 386560]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [31.12.2008 16:59:37 20560]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [24.12.2009 19:46:28 233472]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [9.2.2010 15:26:20 222968]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [3.7.2009 15:49:06 1028432]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [24.12.2009 19:46:28 36608]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\WINDOWS\system32\drivers\viahduaa.sys [31.12.2008 22:47:46 845184]
S2 gupdate1ca7e68fc4417e0;Služba Google Update (gupdate1ca7e68fc4417e0);C:\Program Files\Google\Update\GoogleUpdate.exe [16.12.2009 17:01:09 133104]
S3 WRFilt;WRFilt;C:\WINDOWS\system32\drivers\WRFilt.sys [24.12.2010 20:36:25 2006784]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - FSUSBEXDISK
.
Obsah adresáře 'Naplánované úlohy'

2011-02-01 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49:06 . 2009-09-22 14:59:04]

2011-02-01 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-16 16:01:09 . 2009-12-16 16:01:07]

2011-02-01 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-16 16:01:09 . 2009-12-16 16:01:07]

2011-02-01 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-1715567821-839522115-1003.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09:42 . 2010-02-24 20:09:42]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uDefault_Search_URL = hxxp://search13.net/
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
IE: Stáhnout odkaz s použitím BitCometu - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm
FF - ProfilePath - C:\Documents and Settings\Webster\Data aplikací\Mozilla\Firefox\Profiles\42s931nj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =867034&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - %profile%\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>fbdislike@doweb.fr: fbdislike@doweb.fr - %profile%\extensions\fbdislike@doweb.fr
FF - Ext: Stylish Profile: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Express Tab: {6236BA26-C117-4007-928C-DE0716C7FA82} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA82}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: U Flv: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
HKLM-Run-Windows Live Communications service - C:\windows\wlcomm.exe
HKLM-Run-NPSStartup - (no file)
AddRemove-Call of Duty: Black Ops_is1 - D:\Program Files\Activision\Call of Duty - Black Ops\unins000.exe
AddRemove-UT2004 - D:\UT2004\System\Setup.exe
AddRemove-Worms Reloaded_is1 - D:\Program Files\Team17\Worms Reloaded\unins000.exe
AddRemove-{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1 - D:\Program Files\Amnesia - The Dark Descent\unins000.exe

[memphisto]

Vypadá to, že ten log není celý. Chybí konec.

[Webster18]

toto je vše, co tam bylo.

[memphisto]

Tak v tom případě odinstaluj:
SearchSettings
Spybot
Ad-Aware

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
C:\Program Files\BS_Player\tbBS_1.dll
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job


DirLook::
C:\Program Files\Agama

Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"=-
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

Driver::
ICQ Service

Folder::
C:\Program Files\ICQ6Toolbar

DDS::
uStart Page = hxxp://www.daemon-search.com/startpage
uDefault_Search_URL = hxxp://search13.net/
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/

Firefox::
FF - ProfilePath - C:\Documents and Settings\Webster\Data aplikací\Mozilla\Firefox\Profiles\42s931nj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =867034&p=
FF - Ext: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - %profile%\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu