Pomalý internet Vyřešeno

[tvman]

Chci požadat o pomoc. Zpomalil se mi internet. Nové PC s Windows 7. Připojuji výpis s Combofix. Díky za pomoc


ComboFix 11-03-19.04 - stone 20/03/2011 21:49:34.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1029.18.3071.2201 [GMT 0:00]
Running from: d:\stone\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-20 to 2011-03-20 )))))))))))))))))))))))))))))))
.
.
2011-03-20 22:03 . 2011-03-20 22:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-20 20:00 . 2011-03-20 21:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-20 20:00 . 2011-03-20 20:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-20 19:51 . 2011-03-20 19:51 -------- d-----w- c:\program files\CCleaner
2011-03-20 19:35 . 2011-03-20 19:35 -------- d-----w- c:\program files\TeamViewer
2011-03-19 22:24 . 2011-03-19 22:24 -------- d-----w- c:\windows\Webcam1200
2011-03-19 22:23 . 2011-03-19 22:24 -------- d-----w- c:\program files\Webcam 1200
2011-03-19 22:23 . 2001-11-05 10:50 69632 ----a-w- c:\windows\AMCap.exe
2011-03-19 22:14 . 2011-03-19 22:14 -------- d-----w- c:\program files\Logitech
2011-03-19 22:13 . 1998-10-29 16:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-03-19 22:12 . 2011-03-19 22:16 53248 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\msihook.dll
2011-03-19 22:12 . 2011-03-19 22:16 126976 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe
2011-03-19 22:12 . 2001-09-05 04:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-03-19 22:12 . 2001-09-05 04:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2011-03-19 22:12 . 2001-09-05 04:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-03-19 22:12 . 2001-09-05 04:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-03-19 17:33 . 2011-03-19 17:33 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-03-19 16:58 . 2011-03-19 16:58 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-03-19 16:58 . 2011-03-19 16:58 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-03-19 16:58 . 2003-11-10 18:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-03-19 16:58 . 2003-11-10 18:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-03-19 16:58 . 2003-11-10 18:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-03-19 16:58 . 2003-11-10 18:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-03-19 16:58 . 2003-11-10 18:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-03-19 16:57 . 2011-03-19 17:22 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-03-19 16:56 . 2011-03-19 17:22 -------- d-----w- c:\program files\Labtec
2011-03-19 13:26 . 2011-03-19 13:26 -------- d-----w- c:\program files\XnView
2011-03-19 13:20 . 2011-03-19 13:20 -------- d-----w- c:\program files\Common Files\Skype
2011-03-19 13:19 . 2011-03-19 13:20 -------- d-----r- c:\program files\Skype
2011-03-19 13:19 . 2011-03-19 13:19 -------- d-----w- c:\programdata\Skype
2011-03-19 13:04 . 2011-02-23 10:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC67AD17-5EAE-4F48-A13E-6A5E2CC848D7}\mpengine.dll
2011-03-19 12:55 . 2011-03-19 12:56 -------- d-----w- C:\totalcmd
2011-03-19 12:55 . 2008-04-22 07:03 545 ----a-w- c:\windows\UC.PIF
2011-03-19 12:55 . 2008-04-22 07:03 545 ----a-w- c:\windows\RAR.PIF
2011-03-19 12:55 . 2008-04-22 07:03 545 ----a-w- c:\windows\PKZIP.PIF
2011-03-19 12:55 . 2008-04-22 07:03 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-03-19 12:55 . 2008-04-22 07:03 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-03-19 12:55 . 2008-04-22 07:03 545 ----a-w- c:\windows\LHA.PIF
2011-03-19 12:55 . 2008-04-22 07:03 545 ----a-w- c:\windows\ARJ.PIF
2011-03-19 12:52 . 2011-03-19 13:46 -------- d-----w- c:\users\stone
2011-03-19 12:48 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-19 12:48 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-19 12:48 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-19 12:48 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-19 12:48 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-19 12:47 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-03-19 12:47 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-19 12:47 . 2011-03-19 12:47 -------- d-----w- c:\programdata\Alwil Software
2011-03-19 12:47 . 2011-03-19 12:47 -------- d-----w- c:\program files\Alwil Software
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-03-01 16949128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-17 8546848]
"AtherosBtStack"="c:\program files\Atheros\Bluetooth Suite\BtvStack.exe" [2010-05-05 461984]
"AthBtTray"="c:\program files\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-05-05 289952]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-03-30 113296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2010-03-30 47144]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Atheros\Ath_CoexAgent.exe [2010-04-29 151552]
S2 AtherosSvc;AtherosSvc;c:\program files\Atheros\Bluetooth Suite\adminservice.exe [2010-05-05 38560]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-01 2296696]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-03-30 38440]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-04-18 256360]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-03-30 28200]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-03-30 177704]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-04-13 46952]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-04-18 143080]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-04-21 230760]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-02-24 60544]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-02-24 141568]
S3 nuviocir;Nuvoton W836x7HG CIR Device Driver;c:\windows\system32\DRIVERS\nuviocir_win7_x86.sys [2009-06-19 29696]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-28 68200]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hal3000.cz
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\stone\AppData\Roaming\Mozilla\Firefox\Profiles\0eav7gup.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-20 22:18:10
ComboFix-quarantined-files.txt 2011-03-20 22:18
.
Pre-Run: Volnřch bajtu: 115,570,270,208
Post-Run: Volnřch bajtu: 115,480,240,128
.
- - End Of File - - 85E4F034FB8C12AE99DAA808A3E7FAF9

[Reklama]

[memphisto]

Vítej na fóru PC-HELP.CZ

Kdo ti říkal, že máš udělat Combofix? Mohl jsi toho daleko víc posrat než opravit, ale měl jsi štěstí Když už to tu je, tak odinstaluj Spybot, vypni rezidentní štít Defendera

Opět vypni rezidentní ochrany antiviru a firewallu a dále:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=-
"ConsentPromptBehaviorUser"=-
"EnableUIADesktopToggle"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[tvman]

Zkoušel jsem už snad všechno, ale pořad nic. Tak jsem pročetl pár příspěvku a zkusil to. Můžeš naznačit na co jsi přišel?

[memphisto]

Udělej, co píšu. V podstatě v logu nevypadá nic, co by to mohlo způsobovat Spybot nepotřebuješ, ten má nejlepší léta za sebou a k AVASTu je naprosto zbytečný. To samé Defender. Dej sem ten log po skriptu a uvidíme víc, třeba se ještě něco ukáže

[tvman]

Jen pro info. Zpomaleni bylo i před instalaci Spybot. Udělám to a uvidíme.

[tvman]

Novy vypis:

ComboFix 11-03-19.04 - stone 21/03/2011 15:37:15.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1029.18.3071.2124 [GMT 0:00]
Running from: d:\stone\Desktop\ComboFix.exe
Command switches used :: d:\stone\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\atapi.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-02-21 to 2011-03-21 )))))))))))))))))))))))))))))))
.
.
2011-03-21 15:46 . 2011-03-21 15:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-21 15:16 . 2011-03-21 15:16 -------- d-----w- c:\program files\Microsoft.NET
2011-03-21 14:23 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-03-21 14:22 . 2009-11-25 12:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-21 14:22 . 2009-11-25 12:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-21 14:22 . 2009-11-25 12:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-03-21 14:22 . 2009-11-25 12:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-21 14:22 . 2009-11-25 12:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-21 10:20 . 2011-03-21 10:20 -------- d-----w- c:\windows\system32\Wat
2011-03-21 10:11 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-03-21 10:09 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2011-03-21 10:09 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-21 05:19 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2011-03-21 05:18 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-21 05:09 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-03-21 05:09 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2011-03-20 20:00 . 2011-03-21 15:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-20 20:00 . 2011-03-21 15:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-20 19:51 . 2011-03-20 19:51 -------- d-----w- c:\program files\CCleaner
2011-03-20 19:35 . 2011-03-20 19:35 -------- d-----w- c:\program files\TeamViewer
2011-03-19 22:24 . 2011-03-19 22:24 -------- d-----w- c:\windows\Webcam1200
2011-03-19 22:23 . 2011-03-19 22:24 -------- d-----w- c:\program files\Webcam 1200
2011-03-19 22:23 . 2001-11-05 10:50 69632 ----a-w- c:\windows\AMCap.exe
2011-03-19 22:14 . 2011-03-19 22:14 -------- d-----w- c:\program files\Logitech
2011-03-19 22:13 . 1998-10-29 16:45 306688 ----a-w- c:\windows\IsUninst.exe
2011-03-19 22:12 . 2011-03-19 22:16 53248 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\msihook.dll
2011-03-19 22:12 . 2011-03-19 22:16 126976 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe
2011-03-19 22:12 . 2001-09-05 04:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-03-19 22:12 . 2001-09-05 04:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2011-03-19 22:12 . 2001-09-05 04:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-03-19 22:12 . 2001-09-05 04:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-03-19 17:33 . 2011-03-19 17:33 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-03-19 16:58 . 2011-03-19 16:58 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-03-19 16:58 . 2011-03-19 16:58 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-03-19 16:58 . 2003-11-10 18:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-03-19 16:58 . 2003-11-10 18:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-03-19 16:58 . 2003-11-10 18:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-03-19 16:58 . 2003-11-10 18:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-03-19 16:58 . 2003-11-10 18:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-03-19 16:57 . 2011-03-19 17:22 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-03-19 16:56 . 2011-03-19 17:22 -------- d-----w- c:\program files\Labtec
2011-03-19 13:26 . 2011-03-19 13:26 -------- d-----w- c:\program files\XnView
2011-03-19 13:20 . 2011-03-19 13:20 -------- d-----w- c:\program files\Common Files\Skype
2011-03-19 13:19 . 2011-03-19 13:20 -------- d-----r- c:\program files\Skype
2011-03-19 13:19 . 2011-03-19 13:19 -------- d-----w- c:\programdata\Skype
2011-03-19 13:04 . 2011-02-23 10:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC67AD17-5EAE-4F48-A13E-6A5E2CC848D7}\mpengine.dll
2011-03-19 12:55 . 2011-03-19 12:56 -------- d-----w- C:\totalcmd
2011-03-19 12:55 . 2008-04-22 07:03 545 ----a-w- c:\windows\UC.PIF
2011-03-19 12:55 . 2008-04-22 07:03 545 ----a-w- c:\windows\RAR.PIF
2011-03-19 12:55 . 2008-04-22 07:03 545 ----a-w- c:\windows\PKZIP.PIF
2011-03-19 12:55 . 2008-04-22 07:03 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-03-19 12:55 . 2008-04-22 07:03 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-03-19 12:55 . 2008-04-22 07:03 545 ----a-w- c:\windows\LHA.PIF
2011-03-19 12:55 . 2008-04-22 07:03 545 ----a-w- c:\windows\ARJ.PIF
2011-03-19 12:52 . 2011-03-19 13:46 -------- d-----w- c:\users\stone
2011-03-19 12:48 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-19 12:48 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-19 12:48 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-19 12:48 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-19 12:48 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-03-19 12:47 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-03-19 12:47 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-19 12:47 . 2011-03-19 12:47 -------- d-----w- c:\programdata\Alwil Software
2011-03-19 12:47 . 2011-03-19 12:47 -------- d-----w- c:\program files\Alwil Software
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-03-01 16949128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-17 8546848]
"AtherosBtStack"="c:\program files\Atheros\Bluetooth Suite\BtvStack.exe" [2010-05-05 461984]
"AthBtTray"="c:\program files\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-05-05 289952]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-03-30 113296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2010-03-30 47144]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-21 1343400]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Atheros\Ath_CoexAgent.exe [2010-04-29 151552]
S2 AtherosSvc;AtherosSvc;c:\program files\Atheros\Bluetooth Suite\adminservice.exe [2010-05-05 38560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-01 2296696]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-03-30 38440]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-04-18 256360]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-03-30 28200]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-03-30 177704]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-04-13 46952]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-04-18 143080]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-04-21 230760]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-02-24 60544]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-02-24 141568]
S3 nuviocir;Nuvoton W836x7HG CIR Device Driver;c:\windows\system32\DRIVERS\nuviocir_win7_x86.sys [2009-06-19 29696]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-28 68200]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hal3000.cz
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\stone\AppData\Roaming\Mozilla\Firefox\Profiles\0eav7gup.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2528)
c:\program files\Atheros\Bluetooth Suite\AthCopyHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\conhost.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-03-21 15:53:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-21 15:53
ComboFix2.txt 2011-03-20 22:18
.
Pre-Run: Volných bajtu: 113,010,413,568
Post-Run: Volných bajtu: 112,832,491,520
.
- - End Of File - - 8B8FD39917D975643C8D837E7E5D4102

[Žbeky]

Toto otestuj na Virustotal
c:\windows\system32\Drivers\atapi.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.


Spybot jsi už odinstaloval?

[tvman]

Spybot je fuc. Tak jsem dotestoval. Naslo to :

eSafe 7.0.17.0 2011.03.21 Win32.TrojanHorse

Additional information
Show all
MD5 : 338c86357871c167a96ab976519bf59e
SHA1 : e99e20970139fb1e67bbc54fa8a61c18a4fce36e
SHA256: f28cc534523d1701b0552f5d7e18e88369c4218bdb1f69110c3e31d395884ad6

http://www.virustotal.com/file-scan/rep ... 1300739700

[jaro3]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

[tvman]

Tak jsem provedl co jsi napsal. Zde je vypis. Nic nenasel.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6121

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21/03/2011 21:25:28
mbam-log-2011-03-21 (21-25-28).txt

Typ kontroly: Rychlý test
Testované objekty: 140863
Uplynulý èas: 3 minut, 21 sekund

Infikované procesy v pamìti: 0
Infikované moduly v pamìti: 0
Infikované klíèe v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v pamìti:
(Žádné škodlivé položky nebyly zjištìny)

Infikované moduly v pamìti:
(Žádné škodlivé položky nebyly zjištìny)

Infikované klíèe v registru:
(Žádné škodlivé položky nebyly zjištìny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištìny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištìny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištìny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištìny)

[jaro3]

Spybot opravdu odinstaluj , pokud si to udělal , ještzě po něm smaž tyto slopžky:
c:\program files\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.


Vlož nový log z HJT.

Jak to vypadá s tou rychlostí?

[tvman]

Tak jsem se tim prokousal. Je to fuska pres vzdalenoou plochu.

Vypis HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:22:55, on 21/03/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Atheros\Bluetooth Suite\BtvStack.exe
C:\Program Files\Atheros\Bluetooth Suite\AthBtTray.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Windows\system32\ctfmon.exe
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hal3000.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro prihlášení ke službe Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Atheros\Bluetooth Suite\BtvStack.exe"
O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Atheros\Bluetooth Suite\AthBtTray.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Pridat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Pridat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files\Atheros\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 4733 bytes