facebook vir

vocasek · Příspěvekod **vocasek** » 24 lis 2011 16:16

pokračování z http://www.pc-help.cz/viewtopic.php?f=47&t=76946

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:15:11, on 24.11.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Jindra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jindra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jindra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jindra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jindra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Jindra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jindra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jindra\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80093&lng=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll
O2 - BHO: FastestTube BHO - {3E532CE8-C6D9-4A10-8ACE-4348C96E8B6A} - C:\Program Files\FastestTube\2.0.0\WombatBHO.dll
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe"
O4 - HKLM\..\Run: [Indexer] "C:\Program Files\Sharp\Sharpdesk\Indexer.exe"
O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKLM\..\Run: [TypeRegChecker] "C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SiteRanker] "C:\Program Files\SiteRanker\SiteRankTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [AvgRemover] C:\Users\Jindra\Downloads\avg_remover_stf_x86_2012_1796 (2).exe /run_number=2 /avgdir="C:\Program Files\AVG\AVG2012\" /avgdatadir="C:\ProgramData\AVG2012\" /ndis_nextstep=1
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jindra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Button Manager G.lnk = C:\Program Files\Sharp\Button Manager G\btnman.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://csnonline.unmz.cz
O18 - Protocol: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - C:\Program Files\Common Files\BricsCad\BrxProtIE.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - (no file)
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 8799 bytes

Reklama

Příspěvekod **Žbeky** » 24 lis 2011 16:23

Fixni:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id&%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80093&lng=cs
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [SiteRanker] "C:\Program Files\SiteRanker\SiteRankTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [AvgRemover] C:\Users\Jindra\Downloads\avg_remover_stf_x86_2012_1796 (2).exe /run_number=2 /avgdir="C:\Program Files\AVG\AVG2012\" /avgdatadir="C:\ProgramData\AVG2012\" /ndis_nextstep=1
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jindra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O15 - Trusted Zone: http://csnonline.unmz.cz
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - (no file)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

vocasek · Příspěvekod **vocasek** » 24 lis 2011 16:27

Ahoj, díky za pomoc. Používám CCleaner, ten sem již pouštěl ve všech možnostech. Malware Bytes sem podle rad tady na foru taky pouštěl a všechno co našel tak smazal, možná to byla blbost...

Příspěvekod **Žbeky** » 24 lis 2011 16:33

OK

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

vocasek · Příspěvekod **vocasek** » 24 lis 2011 17:14

Restart zabral...

ComboFix 11-11-23.03 - Jindra 24.11.2011 16:48:27.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2047.1201 [GMT 1:00]
Spuštěný z: c:\users\Jindra\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jindra\Documents\~WRL0001.tmp
c:\users\Jindra\Documents\~WRL0002.tmp
c:\windows\$NtUninstallKB22136$\1558386565
c:\windows\av_ico
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\IsUn0405.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\rpcminer.rar
c:\windows\system32\
c:\windows\system32\c_63364.nls
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\system
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\$NtUninstallKB22136$ . . . . nemohl být smazán
.
Nakažená kopie c:\windows\system32\atiesrxx.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\combofix\HarddiskVolumeShadowCopy5_!Windows!System32!atiesrxx.exe
.
Nakažená kopie c:\program files\Application Updater\ApplicationUpdater.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\combofix\HarddiskVolumeShadowCopy5_!Program Files!Application Updater!ApplicationUpdater.exe
.
Nakažená kopie c:\program files\Common Files\Protexis\License Service\PsiService_2.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\combofix\HarddiskVolumeShadowCopy5_!Program Files!Common Files!Protexis!License Service!PsiService_2.exe
.
Nakažená kopie c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\combofix\HarddiskVolumeShadowCopy5_!Program Files!Vodafone!Vodafone Mobile Connect!Bin!VMCService.exe
.
Nakažená kopie c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\combofix\HarddiskVolumeShadowCopy5_!Program Files!Vodafone!Vodafone Mobile Connect!Bin!VMCService.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-24 do 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-24 15:57 . 2011-11-24 16:00 -------- d-----w- c:\users\Jindra\AppData\Local\temp
2011-11-24 15:57 . 2011-11-24 15:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-24 15:57 . 2011-07-28 21:35 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-24 15:30 . 2011-11-24 15:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-24 15:30 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 13:19 . 2011-11-24 13:19 -------- d-----w- c:\users\Jindra\AppData\Roaming\Malwarebytes
2011-11-24 13:19 . 2011-11-24 13:19 -------- d-----w- c:\programdata\Malwarebytes
2011-11-24 09:44 . 2011-11-24 09:44 -------- d-----w- c:\program files\Common Files\Java
2011-11-24 09:23 . 2011-11-24 09:23 -------- d-----w- c:\program files\CCleaner
2011-11-23 21:04 . 2011-11-23 21:04 -------- d-----w- c:\users\Jindra\OUTLOCK
2011-11-21 19:03 . 2011-11-21 19:03 -------- d-----w- c:\users\Jindra\AppData\Roaming\Tific
2011-11-21 19:03 . 2011-11-21 19:03 -------- d-----w- c:\users\Jindra\AppData\Local\tific
2011-11-18 08:04 . 2011-11-24 15:37 -------- d-----w- c:\program files\AppGraffiti
2011-11-18 08:04 . 2011-11-24 15:37 -------- d-----w- c:\program files\SiteRanker
2011-11-09 08:36 . 2011-11-09 08:36 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-05 08:03 . 2011-11-05 08:03 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2011-11-05 08:02 . 1999-04-12 23:00 415504 ------w- c:\windows\system32\msrepl35.dll
2011-11-05 08:02 . 1999-04-12 23:00 1046288 ------w- c:\windows\system32\msjet35.dll
2011-11-05 08:02 . 1998-05-01 20:01 368912 ------w- c:\windows\system32\vbar332.dll
2011-11-05 08:02 . 1998-05-01 20:01 287504 ------w- c:\windows\system32\msxbse35.dll
2011-11-05 08:02 . 1998-05-01 20:01 252176 ------w- c:\windows\system32\msrd2x35.dll
2011-11-05 08:02 . 1998-05-01 20:01 250128 ------w- c:\windows\system32\msexcl35.dll
2011-11-05 08:02 . 1998-05-01 20:01 24848 ------w- c:\windows\system32\msjter35.dll
2011-11-05 08:02 . 1998-05-01 20:01 165648 ------w- c:\windows\system32\mstext35.dll
2011-11-05 08:02 . 1998-05-01 20:01 123664 ------w- c:\windows\system32\Msjint35.dll
2011-11-05 08:02 . 2011-11-05 08:03 -------- d-----w- c:\program files\STORMWARE
2011-10-31 16:06 . 2011-10-31 16:06 -------- d-----w- c:\users\Jindra\AppData\Local\Opera
2011-10-31 16:06 . 2011-10-31 16:06 -------- d-----w- c:\program files\Opera
2011-10-29 03:54 . 2011-10-29 03:54 -------- d-----w- c:\users\Jindra\AppData\Roaming\ATI
2011-10-29 03:54 . 2011-10-29 03:54 -------- d-----w- c:\users\Jindra\AppData\Local\ATI
2011-10-28 21:27 . 2011-10-28 21:27 -------- d-----w- c:\programdata\ATI
2011-10-28 21:27 . 2011-10-28 21:27 -------- d-----w- c:\program files\AMD APP
2011-10-28 21:26 . 2011-10-28 21:26 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-10-28 21:25 . 2011-10-28 21:25 -------- d-----w- c:\program files\ATI
2011-10-28 21:24 . 2011-10-28 21:26 -------- d-----w- c:\program files\ATI Technologies
2011-10-28 21:14 . 2011-10-28 21:14 -------- d-----w- C:\ATI
2011-10-28 21:09 . 2011-11-24 12:23 -------- d-----w- c:\windows\_ufa
2011-10-28 09:44 . 2011-11-24 13:05 246272 ----a-w- c:\windows\unrar.exe
2011-10-28 09:39 . 2011-11-24 13:26 -------- d--h--w- c:\windows\update.tray-12-0
2011-10-28 09:39 . 2011-10-28 09:39 -------- d--h--w- c:\windows\update.tray-12-0-lnk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 15:51 . 2011-11-24 13:49 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F08CEFF1-07EC-493C-8B74-0138B4252939}\offreg.dll
2011-10-18 00:28 . 2011-11-24 13:49 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F08CEFF1-07EC-493C-8B74-0138B4252939}\mpengine.dll
2011-10-03 04:06 . 2010-08-16 13:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-25 17:05 . 2010-07-13 16:31 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-09-13 04:30 . 2011-09-13 04:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 02:28 . 2011-10-13 09:33 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-13 19:09 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-13 19:09 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-13 19:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-27 04:26 . 2011-10-13 09:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-13 09:33 233472 ----a-w- c:\windows\system32\oleacc.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2010-04-28 3727411]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032]
"IndexTray"="c:\program files\Sharp\Sharpdesk\IndexTray.exe" [2005-11-16 106496]
"Indexer"="c:\program files\Sharp\Sharpdesk\Indexer.exe" [2005-11-16 184320]
"SharpTray"="c:\program files\Sharp\Sharpdesk\SharpTray.exe" [2005-11-16 32768]
"TypeRegChecker"="c:\program files\Sharp\Sharpdesk\TypeRegChecker.exe" [2005-11-16 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Jindra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Button Manager G.lnk - c:\program files\Sharp\Button Manager G\btnman.exe [2011-3-25 176128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-10 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-10 16720]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 112128]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 100736]
R3 siusbmod;siusbmod;c:\windows\system32\DRIVERS\siusbmod.sys [2005-07-28 27008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
S0 AFS;AFS; [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-10 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-22 47968]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-10 229840]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-10 295248]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 176128]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-09-27 745880]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-28 8396800]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-28 247296]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet - adaptér;c:\windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 06:44]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 06:44]
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1238166821-3667925026-3556483089-1000Core.job
- c:\users\Jindra\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-05 10:16]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1238166821-3667925026-3556483089-1000UA.job
- c:\users\Jindra\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-05 10:16]
.
2011-11-24 c:\windows\Tasks\Updater.job
- c:\programdata\WombatUpdater\WombatUpdater.exe [2010-12-30 09:26]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: bank
TCP: DhcpNameServer = 192.168.0.254 172.20.0.1 8.8.8.8 172.20.0.1
Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\Common Files\BricsCad\BrxProtIE.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-Sharp Button Manager G - c:\windows\IsUn0405.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.blbdrive]
"ImagePath"="\*"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3232)
c:\program files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
c:\program files\Hewlett-Packard\HP Share-to-Web\S2WNSRES.DLL
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Celkový čas: 2011-11-24 17:07:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-24 16:07
.
Před spuštěním: Volných bajtů: 195 387 752 448
Po spuštění: Volných bajtů: 195 121 537 024
.
- - End Of File - - 007291749626E237AA9C0AAEA610594A

Příspěvekod **Žbeky** » 24 lis 2011 17:27

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
c:\windows\_ufa
c:\windows\update.tray-12-0
c:\windows\update.tray-12-0-lnk

File::
c:\windows\unrar.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1238166821-3667925026-3556483089-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1238166821-3667925026-3556483089-1000UA.job
c:\windows\Tasks\Updater.job

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Toto otestuj na Virustotal
c:\windows\system32\atiesrxx.exe
c:\program files\Application Updater\ApplicationUpdater.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Měl jsi AVG. To jsi odinstaloval?

vocasek · Příspěvekod **vocasek** » 24 lis 2011 17:53

Jak přestalo AVG reagovat zkoušel jsem ho přeinstalovat. Momentálně nemám nainstalovaný žádný antivir.

ComboFix 11-11-23.03 - Jindra 24.11.2011 17:35:00.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2047.1244 [GMT 1:00]
Spuštěný z: c:\users\Jindra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jindra\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1238166821-3667925026-3556483089-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1238166821-3667925026-3556483089-1000UA.job"
"c:\windows\Tasks\Updater.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\_ufa
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1238166821-3667925026-3556483089-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1238166821-3667925026-3556483089-1000UA.job
c:\windows\Tasks\Updater.job
c:\windows\unrar.exe
c:\windows\update.tray-12-0-lnk
c:\windows\update.tray-12-0-lnk\svchost.exe
c:\windows\update.tray-12-0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-24 do 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-24 16:42 . 2011-11-24 16:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-24 15:57 . 2011-11-24 16:44 -------- d-----w- c:\users\Jindra\AppData\Local\temp
2011-11-24 15:57 . 2011-07-28 21:35 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-24 15:30 . 2011-11-24 15:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-24 15:30 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 13:19 . 2011-11-24 13:19 -------- d-----w- c:\users\Jindra\AppData\Roaming\Malwarebytes
2011-11-24 13:19 . 2011-11-24 13:19 -------- d-----w- c:\programdata\Malwarebytes
2011-11-24 09:44 . 2011-11-24 09:44 -------- d-----w- c:\program files\Common Files\Java
2011-11-24 09:23 . 2011-11-24 09:23 -------- d-----w- c:\program files\CCleaner
2011-11-23 21:04 . 2011-11-23 21:04 -------- d-----w- c:\users\Jindra\OUTLOCK
2011-11-21 19:03 . 2011-11-21 19:03 -------- d-----w- c:\users\Jindra\AppData\Roaming\Tific
2011-11-21 19:03 . 2011-11-21 19:03 -------- d-----w- c:\users\Jindra\AppData\Local\tific
2011-11-18 08:04 . 2011-11-24 15:37 -------- d-----w- c:\program files\AppGraffiti
2011-11-18 08:04 . 2011-11-24 15:37 -------- d-----w- c:\program files\SiteRanker
2011-11-09 08:36 . 2011-11-09 08:36 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-05 08:03 . 2011-11-05 08:03 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2011-11-05 08:02 . 1999-04-12 23:00 415504 ------w- c:\windows\system32\msrepl35.dll
2011-11-05 08:02 . 1999-04-12 23:00 1046288 ------w- c:\windows\system32\msjet35.dll
2011-11-05 08:02 . 1998-05-01 20:01 368912 ------w- c:\windows\system32\vbar332.dll
2011-11-05 08:02 . 1998-05-01 20:01 287504 ------w- c:\windows\system32\msxbse35.dll
2011-11-05 08:02 . 1998-05-01 20:01 252176 ------w- c:\windows\system32\msrd2x35.dll
2011-11-05 08:02 . 1998-05-01 20:01 250128 ------w- c:\windows\system32\msexcl35.dll
2011-11-05 08:02 . 1998-05-01 20:01 24848 ------w- c:\windows\system32\msjter35.dll
2011-11-05 08:02 . 1998-05-01 20:01 165648 ------w- c:\windows\system32\mstext35.dll
2011-11-05 08:02 . 1998-05-01 20:01 123664 ------w- c:\windows\system32\Msjint35.dll
2011-11-05 08:02 . 2011-11-05 08:03 -------- d-----w- c:\program files\STORMWARE
2011-10-31 16:06 . 2011-10-31 16:06 -------- d-----w- c:\users\Jindra\AppData\Local\Opera
2011-10-31 16:06 . 2011-10-31 16:06 -------- d-----w- c:\program files\Opera
2011-10-29 03:54 . 2011-10-29 03:54 -------- d-----w- c:\users\Jindra\AppData\Roaming\ATI
2011-10-29 03:54 . 2011-10-29 03:54 -------- d-----w- c:\users\Jindra\AppData\Local\ATI
2011-10-28 21:27 . 2011-10-28 21:27 -------- d-----w- c:\programdata\ATI
2011-10-28 21:27 . 2011-10-28 21:27 -------- d-----w- c:\program files\AMD APP
2011-10-28 21:26 . 2011-10-28 21:26 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-10-28 21:25 . 2011-10-28 21:25 -------- d-----w- c:\program files\ATI
2011-10-28 21:24 . 2011-10-28 21:26 -------- d-----w- c:\program files\ATI Technologies
2011-10-28 21:14 . 2011-10-28 21:14 -------- d-----w- C:\ATI
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 16:14 . 2011-11-24 16:14 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F08CEFF1-07EC-493C-8B74-0138B4252939}\offreg.dll
2011-10-18 00:28 . 2011-11-24 13:49 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F08CEFF1-07EC-493C-8B74-0138B4252939}\mpengine.dll
2011-10-03 04:06 . 2010-08-16 13:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-25 17:05 . 2010-07-13 16:31 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-09-13 04:30 . 2011-09-13 04:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 02:28 . 2011-10-13 09:33 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-13 19:09 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-13 19:09 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-13 19:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-27 04:26 . 2011-10-13 09:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-13 09:33 233472 ----a-w- c:\windows\system32\oleacc.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2010-04-28 3727411]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032]
"IndexTray"="c:\program files\Sharp\Sharpdesk\IndexTray.exe" [2005-11-16 106496]
"Indexer"="c:\program files\Sharp\Sharpdesk\Indexer.exe" [2005-11-16 184320]
"SharpTray"="c:\program files\Sharp\Sharpdesk\SharpTray.exe" [2005-11-16 32768]
"TypeRegChecker"="c:\program files\Sharp\Sharpdesk\TypeRegChecker.exe" [2005-11-16 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Jindra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Button Manager G.lnk - c:\program files\Sharp\Button Manager G\btnman.exe [2011-3-25 176128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-10 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-10 16720]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 112128]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 100736]
R3 siusbmod;siusbmod;c:\windows\system32\DRIVERS\siusbmod.sys [2005-07-28 27008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
S0 AFS;AFS; [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-10 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-22 47968]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-10 229840]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-10 295248]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 176128]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-09-27 745880]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-28 8396800]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-28 247296]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet - adaptér;c:\windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: bank
TCP: DhcpNameServer = 192.168.0.254 172.20.0.1 8.8.8.8 172.20.0.1
Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\Common Files\BricsCad\BrxProtIE.dll
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.blbdrive]
"ImagePath"="\*"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2668)
c:\program files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
c:\program files\Hewlett-Packard\HP Share-to-Web\S2WNSRES.DLL
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2011-11-24 17:49:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-24 16:49
ComboFix2.txt 2011-11-24 16:07
.
Před spuštěním: Volných bajtů: 195 167 662 080
Po spuštění: Volných bajtů: 195 084 996 608
.
- - End Of File - - A4E5F1DF9F566B22A3E0A5F223A422E9

Příspěvekod **Žbeky** » 24 lis 2011 18:31

Zůstaly tam po něm nějaké ovladače

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Driver::
AVGIDSDriver
AVGIDSFilter
AVGIDSShim
AVGIDSEH
Avgrkx86
Avgfwfd
Avgldx86
Avgtdix

File::
c:\windows\system32\DRIVERS\AVGIDSDriver.Sys
c:\windows\system32\DRIVERS\AVGIDSFilter.Sys
c:\windows\system32\DRIVERS\AVGIDSShim.Sys
c:\windows\system32\DRIVERS\AVGIDSEH.Sys
c:\windows\system32\DRIVERS\avgrkx86.sys
c:\windows\system32\DRIVERS\avgfwd6x.sys
c:\windows\system32\DRIVERS\avgldx86.sys
c:\windows\system32\DRIVERS\avgtdix.sys

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

vocasek · Příspěvekod **vocasek** » 25 lis 2011 09:10

Po poslednim ComboFixu mi přestala chodit síť. Píše to nepřipojeno. Nevím jestli proběhl script, protože ComboFix se restartnul po tom co jsem mu povolil aktualizaci během procesu provádění scriptu.

ComboFix 11-11-25.01 - Jindra 25.11.2011 8:40.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2047.1132 [GMT 1:00]
Spuštěný z: c:\users\Jindra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jindra\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\DRIVERS\avgfwd6x.sys"
"c:\windows\system32\DRIVERS\AVGIDSDriver.Sys"
"c:\windows\system32\DRIVERS\AVGIDSEH.Sys"
"c:\windows\system32\DRIVERS\AVGIDSFilter.Sys"
"c:\windows\system32\DRIVERS\AVGIDSShim.Sys"
"c:\windows\system32\DRIVERS\avgldx86.sys"
"c:\windows\system32\DRIVERS\avgrkx86.sys"
"c:\windows\system32\DRIVERS\avgtdix.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\DRIVERS\avgfwd6x.sys
c:\windows\system32\DRIVERS\AVGIDSDriver.Sys
c:\windows\system32\DRIVERS\AVGIDSEH.Sys
c:\windows\system32\DRIVERS\AVGIDSFilter.Sys
c:\windows\system32\DRIVERS\AVGIDSShim.Sys
c:\windows\system32\DRIVERS\avgldx86.sys
c:\windows\system32\DRIVERS\avgrkx86.sys
c:\windows\system32\DRIVERS\avgtdix.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGFWFD
-------\Legacy_AVGIDSDRIVER
-------\Legacy_AVGIDSEH
-------\Legacy_AVGIDSFILTER
-------\Legacy_AVGIDSSHIM
-------\Legacy_AVGLDX86
-------\Legacy_AVGRKX86
-------\Legacy_AVGTDIX
-------\Service_Avgfwfd
-------\Service_AVGIDSDriver
-------\Service_AVGIDSEH
-------\Service_AVGIDSFilter
-------\Service_AVGIDSShim
-------\Service_Avgldx86
-------\Service_Avgrkx86
-------\Service_Avgtdix
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-25 do 2011-11-25 )))))))))))))))))))))))))))))))
.
.
2011-11-25 07:48 . 2011-11-25 07:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-24 15:57 . 2011-11-25 07:50 -------- d-----w- c:\users\Jindra\AppData\Local\temp
2011-11-24 15:57 . 2011-07-28 21:35 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-24 15:30 . 2011-11-24 15:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-24 15:30 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 13:19 . 2011-11-24 13:19 -------- d-----w- c:\users\Jindra\AppData\Roaming\Malwarebytes
2011-11-24 13:19 . 2011-11-24 13:19 -------- d-----w- c:\programdata\Malwarebytes
2011-11-24 09:44 . 2011-11-24 09:44 -------- d-----w- c:\program files\Common Files\Java
2011-11-24 09:23 . 2011-11-24 09:23 -------- d-----w- c:\program files\CCleaner
2011-11-23 21:04 . 2011-11-23 21:04 -------- d-----w- c:\users\Jindra\OUTLOCK
2011-11-21 19:03 . 2011-11-21 19:03 -------- d-----w- c:\users\Jindra\AppData\Roaming\Tific
2011-11-21 19:03 . 2011-11-21 19:03 -------- d-----w- c:\users\Jindra\AppData\Local\tific
2011-11-18 08:04 . 2011-11-24 15:37 -------- d-----w- c:\program files\AppGraffiti
2011-11-18 08:04 . 2011-11-24 15:37 -------- d-----w- c:\program files\SiteRanker
2011-11-09 08:36 . 2011-11-09 08:36 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-05 08:03 . 2011-11-05 08:03 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2011-11-05 08:02 . 1999-04-12 23:00 415504 ------w- c:\windows\system32\msrepl35.dll
2011-11-05 08:02 . 1999-04-12 23:00 1046288 ------w- c:\windows\system32\msjet35.dll
2011-11-05 08:02 . 1998-05-01 20:01 368912 ------w- c:\windows\system32\vbar332.dll
2011-11-05 08:02 . 1998-05-01 20:01 287504 ------w- c:\windows\system32\msxbse35.dll
2011-11-05 08:02 . 1998-05-01 20:01 252176 ------w- c:\windows\system32\msrd2x35.dll
2011-11-05 08:02 . 1998-05-01 20:01 250128 ------w- c:\windows\system32\msexcl35.dll
2011-11-05 08:02 . 1998-05-01 20:01 24848 ------w- c:\windows\system32\msjter35.dll
2011-11-05 08:02 . 1998-05-01 20:01 165648 ------w- c:\windows\system32\mstext35.dll
2011-11-05 08:02 . 1998-05-01 20:01 123664 ------w- c:\windows\system32\Msjint35.dll
2011-11-05 08:02 . 2011-11-05 08:03 -------- d-----w- c:\program files\STORMWARE
2011-10-31 16:06 . 2011-10-31 16:06 -------- d-----w- c:\users\Jindra\AppData\Local\Opera
2011-10-31 16:06 . 2011-10-31 16:06 -------- d-----w- c:\program files\Opera
2011-10-29 03:54 . 2011-10-29 03:54 -------- d-----w- c:\users\Jindra\AppData\Roaming\ATI
2011-10-29 03:54 . 2011-10-29 03:54 -------- d-----w- c:\users\Jindra\AppData\Local\ATI
2011-10-28 21:27 . 2011-10-28 21:27 -------- d-----w- c:\programdata\ATI
2011-10-28 21:27 . 2011-10-28 21:27 -------- d-----w- c:\program files\AMD APP
2011-10-28 21:26 . 2011-10-28 21:26 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-10-28 21:25 . 2011-10-28 21:25 -------- d-----w- c:\program files\ATI
2011-10-28 21:24 . 2011-10-28 21:26 -------- d-----w- c:\program files\ATI Technologies
2011-10-28 21:14 . 2011-10-28 21:14 -------- d-----w- C:\ATI
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 07:00 . 2011-11-25 07:00 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F08CEFF1-07EC-493C-8B74-0138B4252939}\offreg.dll
2011-10-18 00:28 . 2011-11-24 13:49 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F08CEFF1-07EC-493C-8B74-0138B4252939}\mpengine.dll
2011-10-03 04:06 . 2010-08-16 13:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-25 17:05 . 2010-07-13 16:31 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-09-06 02:28 . 2011-10-13 09:33 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 02:35 . 2011-10-13 19:09 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-13 19:09 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-13 19:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2010-04-28 3727411]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032]
"IndexTray"="c:\program files\Sharp\Sharpdesk\IndexTray.exe" [2005-11-16 106496]
"Indexer"="c:\program files\Sharp\Sharpdesk\Indexer.exe" [2005-11-16 184320]
"SharpTray"="c:\program files\Sharp\Sharpdesk\SharpTray.exe" [2005-11-16 32768]
"TypeRegChecker"="c:\program files\Sharp\Sharpdesk\TypeRegChecker.exe" [2005-11-16 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Jindra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Button Manager G.lnk - c:\program files\Sharp\Button Manager G\btnman.exe [2011-3-25 176128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 112128]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 100736]
R3 siusbmod;siusbmod;c:\windows\system32\DRIVERS\siusbmod.sys [2005-07-28 27008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
S0 AFS;AFS; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 176128]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-09-27 745880]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-28 8396800]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-28 247296]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet - adaptér;c:\windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-06-06 211984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: bank
TCP: DhcpNameServer = 192.168.0.254 172.20.0.1 8.8.8.8 172.20.0.1
Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\Common Files\BricsCad\BrxProtIE.dll
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.blbdrive]
"ImagePath"="\*"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3652)
c:\program files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
c:\program files\Hewlett-Packard\HP Share-to-Web\S2WNSRES.DLL
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2011-11-25 08:56:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-25 07:56
ComboFix2.txt 2011-11-24 16:49
ComboFix3.txt 2011-11-24 16:07
.
Před spuštěním: Volných bajtů: 195 156 377 600
Po spuštění: Volných bajtů: 195 089 788 928
.
- - End Of File - - EC3E471D189ADD759EDD0070ACA126B0

Příspěvekod **Orcus** » 25 lis 2011 09:15

Zbytky po AVG dočisti AVG Removerem (první dva nástroje, stačí vybrat dle bitové verze OS) z:
http://www.avg.com/cz-cs/stahnout-nastroje

Je dost možné, že tam zůstal viset Network redirector, kterej by pak při poškození, třeba právě Combofixem, mohl blokovat siť :smile:

vocasek · Příspěvekod **vocasek** » 25 lis 2011 09:25

asi to nezabralo, síť pořád nejde

2011-11-25 08:22:37,434 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2011-11-25 08:22:37,434 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2011-11-25 08:22:37,434 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2011-11-25 08:22:37,434 DEBUG Reading AVG IDS\IDS\InstallDir value failed (error: e001003d)
2011-11-25 08:22:37,434 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2011-11-25 08:22:37,434 INFO Command line: "C:\Users\Jindra\Desktop\avg_remover_stf_x86_2012_1796.exe"
2011-11-25 08:22:37,434 WARN AvgDir param empty, but Remover found AvgDir at 'C:\Program Files\AVG\AVG2012\', use this path as default.
2011-11-25 08:22:37,434 WARN AvgDataDir param empty, but Remover found AvgDataDir at 'C:\ProgramData\AVG2012\', use this path as default.
2011-11-25 08:22:38,700 INFO AvgRemover runs in attempt number 1
2011-11-25 08:22:38,700 INFO Attempting to unregister AVG from the Windows Security Center.
2011-11-25 08:22:38,715 INFO Attempting to uninstall AVG Identity Protection.
2011-11-25 08:22:38,715 DEBUG Uninstalling IDP failed with error 0xe001003d
2011-11-25 08:22:38,715 INFO Attempting to uninstall toolbar
2011-11-25 08:24:16,906 INFO AvgRemover 2012.0.5
-------------------------------------------------------
2011-11-25 08:24:17,015 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2011-11-25 08:24:17,015 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2011-11-25 08:24:17,015 DEBUG Reading AVG IDS\IDS\InstallDir value failed (error: e001003d)
2011-11-25 08:24:17,015 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)
2011-11-25 08:24:17,015 INFO Command line: "C:\Users\Jindra\Desktop\avg_remover_stf_x86_2012_1796.exe" /run_number=2 /avgdir="C:\Program Files\AVG\AVG2012\" /avgdatadir="C:\ProgramData\AVG2012\" /ndis_nextstep=1
2011-11-25 08:24:17,015 DEBUG AvgDir param set to C:\Program Files\AVG\AVG2012\.
2011-11-25 08:24:17,015 DEBUG AvgDataDir param set to C:\ProgramData\AVG2012\.
2011-11-25 08:24:17,015 INFO AvgRemover runs in attempt number 2
2011-11-25 08:24:17,031 INFO Attempting to uninstall AVG Identity Protection.
2011-11-25 08:24:17,031 DEBUG Uninstalling IDP failed with error 0xe001003d
2011-11-25 08:24:17,031 INFO Attempting to uninstall toolbar

Příspěvekod **Orcus** » 25 lis 2011 09:31

Podle toho co si mi jsem vykopíroval, ten remover odebral co zůstalo. Ty zbylý errory jen znamenaj že cesta/soubor již neexistuje.

facebook vir

facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Re: facebook vir

Kdo je online