Prosím o kontrolu HJT

[Dzurmajstr]

ComboFix 11-02-28.07 - Michal 01.03.2011 20:21:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.1250 [GMT 1:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\users\Michal\AppData\Roaming\Desktopicon
c:\users\Michal\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Michal\AppData\Roaming\Desktopicon\uninst.exe
c:\users\Michal\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-01 do 2011-03-01 )))))))))))))))))))))))))))))))
.

2011-03-01 19:32 . 2011-03-01 19:33 -------- d-----w- c:\users\Michal\AppData\Local\temp
2011-03-01 19:32 . 2011-03-01 19:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-01 19:00 . 2011-03-01 19:00 -------- d-----w- c:\users\Michal\AppData\Local\ATI
2011-03-01 17:35 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-01 17:35 . 2011-03-01 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-01 17:35 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-01 07:36 . 2011-03-01 07:36 388096 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-01 07:36 . 2011-03-01 07:36 -------- d-----w- c:\program files\Trend Micro
2011-03-01 06:18 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E60B69B2-0050-4FAA-A5FD-9C8615D6DC86}\mpengine.dll
2011-02-28 16:53 . 2011-02-28 16:53 159744 ----a-w- c:\program files\Internet Explorer\plugins\npqtplugin7.dll
2011-02-28 16:53 . 2011-02-28 16:53 159744 ----a-w- c:\program files\Internet Explorer\plugins\npqtplugin6.dll
2011-02-28 16:53 . 2011-02-28 16:53 159744 ----a-w- c:\program files\Internet Explorer\plugins\npqtplugin5.dll
2011-02-28 16:53 . 2011-02-28 16:53 159744 ----a-w- c:\program files\Internet Explorer\plugins\npqtplugin4.dll
2011-02-28 16:53 . 2011-02-28 16:53 159744 ----a-w- c:\program files\Internet Explorer\plugins\npqtplugin3.dll
2011-02-28 16:53 . 2011-02-28 16:53 159744 ----a-w- c:\program files\Internet Explorer\plugins\npqtplugin2.dll
2011-02-28 16:53 . 2011-02-28 16:53 159744 ----a-w- c:\program files\Internet Explorer\plugins\npqtplugin.dll
2011-02-28 16:53 . 2011-02-28 16:53 -------- d-----w- c:\programdata\Apple Computer
2011-02-28 16:51 . 2011-02-28 16:51 -------- d-----w- c:\program files\Apple Software Update
2011-02-28 16:48 . 2011-02-28 16:48 -------- d-----w- c:\program files\Bonjour
2011-02-28 16:40 . 2011-02-28 16:40 -------- d-----w- c:\program files\Common Files\Java
2011-02-28 16:38 . 2011-02-28 16:38 -------- d-----w- c:\programdata\McAfee
2011-02-27 15:58 . 2011-02-27 15:58 -------- d-----w- c:\program files\EA Games
2011-02-25 11:25 . 2011-02-25 11:25 -------- d-----w- c:\programdata\WindowsSearch
2011-02-24 06:45 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-17 10:42 . 2011-02-17 10:42 -------- d-----w- c:\program files\WinPcap
2011-02-17 10:42 . 2011-02-17 10:42 -------- d-----w- c:\users\Michal\AppData\Local\OpenCandy
2011-02-17 10:42 . 2011-02-17 10:42 -------- d-----w- c:\users\Michal\AppData\Roaming\OpenCandy
2011-02-17 10:09 . 2008-12-02 06:40 28672 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Windows\Templates\F\UnInstallMSI.exe
2011-02-17 10:09 . 2008-12-01 11:29 16896 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Windows\Templates\F\UnInstallMSI64.exe
2011-02-17 10:09 . 2008-12-01 11:29 14336 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Windows\Templates\F\UnInstallMSI32.exe
2011-02-17 10:09 . 2008-11-26 11:59 6450574 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Windows\Templates\F\tools\LGInternetKit_V3.0.0.24_Setup.exe
2011-02-17 10:09 . 2008-11-23 01:16 460288 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Windows\Templates\F\tools\LGUSBModemDrivers_WHQL_ML_Ver_4.9.4_All.msi
2011-02-17 10:09 . 2008-04-01 09:15 20480 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Windows\Templates\F\SendScsiCmd.dll
2011-02-13 21:04 . 2011-02-26 22:12 -------- d-----w- c:\program files\Ubisoft
2011-02-13 11:45 . 2011-02-15 11:12 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2011-02-09 05:28 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-01 08:26 . 2008-05-26 16:56 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-01 08:25 . 2008-05-26 16:56 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-27 21:33 . 2008-05-26 16:56 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-15 11:12 . 2008-05-26 16:56 22328 ----a-w- c:\users\Michal\AppData\Roaming\PnkBstrK.sys
2011-02-11 06:54 . 2011-01-13 06:41 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-02 20:40 . 2010-08-16 06:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-16 01:23 . 2008-11-26 12:44 1110 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-01-15 10:09 . 2011-01-15 10:09 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-12 19:48 . 2011-01-12 19:48 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB32B8DB-0271-4352-9214-C1CAAE512B67}\gapaengine.dll
2011-01-06 12:58 . 2011-01-06 12:58 90 ---ha-w- C:\aaw7boot.cmd
2010-12-28 15:55 . 2011-01-12 05:28 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 05:28 1169408 ----a-w- c:\windows\system32\sdclt.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2010-01-17 09:52 815104 ----a-w- c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2010-01-17 815104]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2010-01-17 815104]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-11-16 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-11-15 2850816]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-05-04 161328]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-20 198160]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1027866120-3618620535-278730116-1003]
"EnableNotificationsRef"=dword:00000002

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 MpKsla223b48a;MpKsla223b48a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{37423357-1F8A-44DF-B599-AD168B8B6651}\MpKsla223b48a.sys [x]
R1 prodrv03;Star Force copy protection driver v3;c:\windows\System32\drivers\prodrv03.sys [2008-09-29 115968]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\System32\drivers\prodrv04.sys [2009-12-14 114496]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2009-04-23 2560]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 9446]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-06 697328]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-13 15360]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-24 328824]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-11 201848]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 WFLR6654;WinFast DTV1800 H (Video);c:\windows\system32\drivers\wfeaglxt.sys [2007-07-25 405632]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2011-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1027866120-3618620535-278730116-1003Core.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-13 08:08]

2011-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1027866120-3618620535-278730116-1003UA.job
- c:\users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-13 08:08]

2011-03-01 c:\windows\Tasks\RtlVistaStart.job
- c:\program files\ASRock WiFi-802.11g Install Program\RtWLan.exe [2008-07-27 15:26]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{4C826F10-D34B-4ba8-B609-1FB8C6482A05} - c:\casino\Europa Casino\casino.exe
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: {116D0667-0DED-4D6B-8E5A-128B321A8970} = 62.240.178.250,10.0.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\EADMUI\Core.exe
HKLM-Run-SuspenzorPC - c:\program files\SuspenzorPC\GDC.exe
AddRemove-0852D05415AB9A4F1EF451E342267F76C776ED2F - c:\progra~1\DIFX\270581355A767BF1\dpinst.exe
AddRemove-Czech Soccer Manager 2002 - c:\program files\CSM2002\DeIsL1.isu
AddRemove-eBay Icon - c:\users\Michal\AppData\Roaming\Desktopicon\uninst.exe
AddRemove-GamingHarbor Toolbar - c:\programdata\{FB94CE54-2703-4BFF-8E94-A0AD14C0FA22}\Setup.exe
AddRemove-GDCCZ_is1 - c:\program files\SuspenzorPC\unins000.exe
AddRemove-PPTView97 - c:\program files\PowerPoint Viewer\setup\setup.exe
AddRemove-QIP2005 - c:\program files\QIP\unqip.exe
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-STCC - The Game_1.1.1.10_is1 - c:\program files\SimBin\STCC - The Game Offline\Uninstall\unins000.exe
AddRemove-{1B602410-D983-4947-98FE-EE749073D15E} - c:\programdata\{FB94CE54-2703-4BFF-8E94-A0AD14C0FA22}\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-01 20:33
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1027866120-3618620535-278730116-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ab,46,5d,28,d5,a7,9e,50,58,cc,08,2e,71,cf,4f,db,d8,32,78,28,a0,6b,61,
e8,49,42,8c,82,c2,3c,a7,d1,80,75,77,a4,d8,cc,f1,69,a5,8a,af,69,5b,e1,cd,84,\
"??"=hex:e4,ed,d9,ac,60,ef,ad,e4,dc,51,4a,07,c6,d3,3f,f5

[HKEY_USERS\S-1-5-21-1027866120-3618620535-278730116-1003\Software\SecuROM\License information*]
"datasecu"=hex:88,a0,a1,b9,d6,5c,b4,65,39,2d,20,42,b3,7d,9f,c0,de,2b,0d,17,79,
7f,c7,24,ef,4e,46,ce,15,b1,66,8d,36,6e,2e,bb,52,6f,83,af,8a,23,a6,15,72,13,\
"rkeysecu"=hex:9c,a2,d0,77,1f,be,cb,d4,57,64,2e,ec,8f,83,bc,c5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-03-01 20:37:52
ComboFix-quarantined-files.txt 2011-03-01 19:37

Před spuštěním: Volných bajtů: 38 671 917 056
Po spuštění: Volných bajtů: 43 994 087 424

- - End Of File - - 2F0E6CE206AC9AEF7DFCE92379D15AB3

[Reklama]

[Žbeky]

Věci se neodinstalovávají smazáním složky!
Podle webu AVG by měla jít odinstalace i tak, že stáhneš novější verzi, spustíš instalaci a vybereš odinstalovat předchozí

[Dzurmajstr]

už jsem to odinstaloval, tak, že jsem to stáhl a odinstaloval na novo, výše je uveden ten výpis z toho ComboFixu

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
c:\programdata\McAfee
c:\program files\Burn4Free Toolbar
c:\program files\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1027866120-3618620535-278730116-1003]
"EnableNotificationsRef"=dword:00000000

Driver::
Lbd
AVG Security Toolbar Service
NisDrv
NisSrv

File::
c:\windows\system32\DRIVERS\Lbd.sys
c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe
c:\windows\system32\DRIVERS\NisDrvWFP.sys
c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1027866120-3618620535-278730116-1003Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1027866120-3618620535-278730116-1003UA.job

DDS::
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Dzurmajstr]

ComboFix 11-02-28.07 - Michal 01.03.2011 21:43:53.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.1109 [GMT 1:00]
Spuštěný z: c:\users\Michal\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Michal\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe"
"c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe"
"c:\windows\system32\DRIVERS\Lbd.sys"
"c:\windows\system32\DRIVERS\NisDrvWFP.sys"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1027866120-3618620535-278730116-1003Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1027866120-3618620535-278730116-1003UA.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_b369.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Burn4Free Toolbar
c:\program files\Burn4Free Toolbar\uninstall.txt
c:\program files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
c:\program files\Burn4Free Toolbar\v3.3.0.1\installer.ico
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\configure.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\configure_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\cookies.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\cookies_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\csa\bin\CSA.dll
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\csa\css\main.css
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\csa\dropdown.htm
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\csa\images\cancel.png
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\csa\images\compare.png
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\csa\images\dollar1.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\csa\images\dollar2.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\csa\images\dollar3.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\csa\images\empty.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\csa\images\gradient.jpg
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\csa\images\prontologo.png
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\csa\images\update.png
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\csa\models.sm
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\csa\preferences.htm
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\favorites.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\favorites_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\find.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\find_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\go1.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\go1_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\go2.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\go2_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\help.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\help_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\highlight.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\highlight_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\history.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\history_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\checkmark.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\images.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\images_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\intro\intro_bg.png
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\intro\intro_feature_bracket.gif
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\intro\intro_logo.gif
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\intro\intro_search_bracket.gif
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\intro\intro_star_bullet.png
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\intro\intro_toolbar.png
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\intro\Thumbs.db
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\intro\toolbar_intro.htm
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\mag.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\magnifying_glass.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\magnifying_glass_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\multi_home_page.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\multi_home_page_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\panic.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\panic_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\popup_blocker_off.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\popup_blocker_on.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\radiodot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\run_application.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\run_application_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\save_web_pages_urls.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\save_web_pages_urls_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\search.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\search\accuweather.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\search\amazon.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\search\dictionary.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\search\ebay.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\search\flickr.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\search\google_groups.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\search\google_images.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\search\google_maps.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\search\google_news.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\search\shopping.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\search\technorati.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\search\Thumbs.db
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\search\wikipedia.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\search\yahoo.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\search\yahoo_answers.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\search\youtube.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\search_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\searchbg.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\source.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\source_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\temporary_internet_files.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\temporary_internet_files_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\Thumbs.db
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\Toolbar.js
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\toolbar_logo.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\Toolbar4Free.exe
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\typed_urls.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\typed_urls_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\zoom_in.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\zoom_in_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\zoom_out.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.1\resources\zoom_out_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
c:\program files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome.manifest
c:\program files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\content\toolbar.js
c:\program files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\content\toolbar.xul
c:\program files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\skin\go.GIF
c:\program files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\skin\overlay.css
c:\program files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\skin\Thumbs.db
c:\program files\Burn4Free Toolbar\v3.3.0.3\Firefox\chrome\skin\toolbar_logo.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\Firefox\install.rdf
c:\program files\Burn4Free Toolbar\v3.3.0.3\installer.ico
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\beruby\beruby.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\beruby\downloads_logo_small.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\beruby\shopping_logo_small.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\beruby\travel_logo_small.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\beruby\webmasters_logo_small.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\configure.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\configure_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\cookies.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\cookies_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\csa\bin\CSA.dll
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\csa\css\main.css
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\csa\dropdown.htm
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\cancel.png
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\compare.png
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\dollar1.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\dollar2.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\dollar3.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\empty.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\gradient.jpg
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\prontologo.png
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\csa\images\update.png
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\csa\models.sm
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\csa\preferences.htm
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\favorites.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\favorites_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\find.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\find_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\go1.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\go1_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\go2.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\go2_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\help.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\help_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\highlight.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\highlight_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\history.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\history_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\checkmark.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\images.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\images_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\intro\intro_bg.png
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\intro\intro_feature_bracket.gif
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\intro\intro_logo.gif
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\intro\intro_search_bracket.gif
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\intro\intro_star_bullet.png
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\intro\intro_toolbar.png
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\intro\Thumbs.db
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\intro\toolbar_intro.htm
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\mag.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\magnifying_glass.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\magnifying_glass_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\multi_home_page.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\multi_home_page_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\panic.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\panic_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\popup_blocker_off.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\popup_blocker_on.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\radiodot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\run_application.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\run_application_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\save_web_pages_urls.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\save_web_pages_urls_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\search.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\search\accuweather.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\search\amazon.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\search\dictionary.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\search\ebay.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\search\flickr.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\search\google_groups.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\search\google_images.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\search\google_maps.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\search\google_news.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\search\shopping.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\search\technorati.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\search\Thumbs.db
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\search\wikipedia.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\search\yahoo.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\search\yahoo_answers.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\search\youtube.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\search_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\searchbg.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\source.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\source_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\temporary_internet_files.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\temporary_internet_files_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\Thumbs.db
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\Toolbar.js
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\toolbar_logo.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\Toolbar4Free.exe
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\typed_urls.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\typed_urls_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\zoom_in.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\zoom_in_hot.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\zoom_out.bmp
c:\program files\Burn4Free Toolbar\v3.3.0.3\resources\zoom_out_hot.bmp
c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe
c:\programdata\McAfee
c:\programdata\McAfee\MCLOGS\Common\MsiExec\MsiExec000.log
c:\windows\system32\DRIVERS\NisDrvWFP.sys
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1027866120-3618620535-278730116-1003Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1027866120-3618620535-278730116-1003UA.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LBD
-------\Legacy_NISDRV
-------\Service_AVG Security Toolbar Service
-------\Service_Lbd
-------\Service_NisDrv
-------\Service_NisSrv


((((((((((((((((((((((((( Soubory vytvořené od 2011-02-01 do 2011-03-01 )))))))))))))))))))))))))))))))
.

2011-03-01 20:53 . 2011-03-01 20:56 -------- d-----w- c:\users\Michal\AppData\Local\temp
2011-03-01 20:53 . 2011-03-01 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-01 19:49 . 2011-03-01 19:49 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52B8D34B-D8E7-4941-8B68-1B31AB61AB5E}\MpKslee36d483.sys
2011-03-01 19:49 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52B8D34B-D8E7-4941-8B68-1B31AB61AB5E}\mpengine.dll
2011-03-01 19:37 . 2011-02-23 08:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E429591D-048B-40B1-B598-71D97AD854F7}\mpengine.dll
2011-03-01 19:00 . 2011-03-01 19:00 -------- d-----w- c:\users\Michal\AppData\Local\ATI
2011-03-01 17:35 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-01 17:35 . 2011-03-01 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-01 17:35 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-01 07:36 . 2011-03-01 07:36 388096 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-01 07:36 . 2011-03-01 07:36 -------- d-----w- c:\program files\Trend Micro
2011-02-28 16:53 . 2011-02-28 16:53 159744 ----a-w- c:\program files\Internet Explorer\plugins\npqtplugin7.dll
2011-02-28 16:53 . 2011-02-28 16:53 159744 ----a-w- c:\program files\Internet Explorer\plugins\npqtplugin6.dll
2011-02-28 16:53 . 2011-02-28 16:53 159744 ----a-w- c:\program files\Internet Explorer\plugins\npqtplugin5.dll
2011-02-28 16:53 . 2011-02-28 16:53 159744 ----a-w- c:\program files\Internet Explorer\plugins\npqtplugin4.dll
2011-02-28 16:53 . 2011-02-28 16:53 159744 ----a-w- c:\program files\Internet Explorer\plugins\npqtplugin3.dll
2011-02-28 16:53 . 2011-02-28 16:53 159744 ----a-w- c:\program files\Internet Explorer\plugins\npqtplugin2.dll
2011-02-28 16:53 . 2011-02-28 16:53 159744 ----a-w- c:\program files\Internet Explorer\plugins\npqtplugin.dll
2011-02-28 16:53 . 2011-02-28 16:53 -------- d-----w- c:\programdata\Apple Computer
2011-02-28 16:51 . 2011-02-28 16:51 -------- d-----w- c:\program files\Apple Software Update
2011-02-28 16:48 . 2011-02-28 16:48 -------- d-----w- c:\program files\Bonjour
2011-02-28 16:40 . 2011-02-28 16:40 -------- d-----w- c:\program files\Common Files\Java
2011-02-27 15:58 . 2011-02-27 15:58 -------- d-----w- c:\program files\EA Games
2011-02-25 11:25 . 2011-02-25 11:25 -------- d-----w- c:\programdata\WindowsSearch
2011-02-24 06:45 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-17 10:42 . 2011-02-17 10:42 -------- d-----w- c:\program files\WinPcap
2011-02-17 10:42 . 2011-02-17 10:42 -------- d-----w- c:\users\Michal\AppData\Local\OpenCandy
2011-02-17 10:42 . 2011-02-17 10:42 -------- d-----w- c:\users\Michal\AppData\Roaming\OpenCandy
2011-02-17 10:09 . 2008-12-02 06:40 28672 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Windows\Templates\F\UnInstallMSI.exe
2011-02-17 10:09 . 2008-12-01 11:29 16896 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Windows\Templates\F\UnInstallMSI64.exe
2011-02-17 10:09 . 2008-12-01 11:29 14336 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Windows\Templates\F\UnInstallMSI32.exe
2011-02-17 10:09 . 2008-11-26 11:59 6450574 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Windows\Templates\F\tools\LGInternetKit_V3.0.0.24_Setup.exe
2011-02-17 10:09 . 2008-11-23 01:16 460288 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Windows\Templates\F\tools\LGUSBModemDrivers_WHQL_ML_Ver_4.9.4_All.msi
2011-02-17 10:09 . 2008-04-01 09:15 20480 ----a-r- c:\users\Michal\AppData\Roaming\Microsoft\Windows\Templates\F\SendScsiCmd.dll
2011-02-13 21:04 . 2011-02-26 22:12 -------- d-----w- c:\program files\Ubisoft
2011-02-13 11:45 . 2011-02-15 11:12 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2011-02-09 05:28 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-01 08:26 . 2008-05-26 16:56 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-01 08:25 . 2008-05-26 16:56 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-02-27 21:33 . 2008-05-26 16:56 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-02-15 11:12 . 2008-05-26 16:56 22328 ----a-w- c:\users\Michal\AppData\Roaming\PnkBstrK.sys
2011-02-11 06:54 . 2011-01-13 06:41 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-02 20:40 . 2010-08-16 06:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-03 07:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-16 01:23 . 2008-11-26 12:44 1110 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-01-15 10:09 . 2011-01-15 10:09 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-12 19:48 . 2011-01-12 19:48 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB32B8DB-0271-4352-9214-C1CAAE512B67}\gapaengine.dll
2011-01-06 12:58 . 2011-01-06 12:58 90 ---ha-w- C:\aaw7boot.cmd
2010-12-28 15:55 . 2011-01-12 05:28 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-14 14:49 . 2011-01-12 05:28 1169408 ----a-w- c:\windows\system32\sdclt.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-11-16 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-11-15 2850816]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-05-04 161328]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-10-20 198160]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1027866120-3618620535-278730116-1003]
"EnableNotificationsRef"=dword:00000002

R1 MpKsla223b48a;MpKsla223b48a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{37423357-1F8A-44DF-B599-AD168B8B6651}\MpKsla223b48a.sys [x]
R1 prodrv03;Star Force copy protection driver v3;c:\windows\System32\drivers\prodrv03.sys [2008-09-29 115968]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\System32\drivers\prodrv04.sys [2009-12-14 114496]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 9446]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-06 697328]
S1 MpKslee36d483;MpKslee36d483;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52B8D34B-D8E7-4941-8B68-1B31AB61AB5E}\MpKslee36d483.sys [2011-03-01 28752]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-13 15360]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-24 328824]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-11 201848]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2009-04-23 2560]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 WFLR6654;WinFast DTV1800 H (Video);c:\windows\system32\drivers\wfeaglxt.sys [2007-07-25 405632]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2011-03-01 c:\windows\Tasks\RtlVistaStart.job
- c:\program files\ASRock WiFi-802.11g Install Program\RtWLan.exe [2008-07-27 15:26]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{4C826F10-D34B-4ba8-B609-1FB8C6482A05} - c:\casino\Europa Casino\casino.exe
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: {116D0667-0DED-4D6B-8E5A-128B321A8970} = 62.240.178.250,10.0.0.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-01 21:55
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1027866120-3618620535-278730116-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ab,46,5d,28,d5,a7,9e,50,58,cc,08,2e,71,cf,4f,db,d8,32,78,28,a0,6b,61,
e8,49,42,8c,82,c2,3c,a7,d1,80,75,77,a4,d8,cc,f1,69,a5,8a,af,69,5b,e1,cd,84,\
"??"=hex:e4,ed,d9,ac,60,ef,ad,e4,dc,51,4a,07,c6,d3,3f,f5

[HKEY_USERS\S-1-5-21-1027866120-3618620535-278730116-1003\Software\SecuROM\License information*]
"datasecu"=hex:88,a0,a1,b9,d6,5c,b4,65,39,2d,20,42,b3,7d,9f,c0,de,2b,0d,17,79,
7f,c7,24,ef,4e,46,ce,15,b1,66,8d,36,6e,2e,bb,52,6f,83,af,8a,23,a6,15,72,13,\
"rkeysecu"=hex:9c,a2,d0,77,1f,be,cb,d4,57,64,2e,ec,8f,83,bc,c5
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(1040)
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Celkový čas: 2011-03-01 22:01:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-01 21:01
ComboFix2.txt 2011-03-01 19:37

Před spuštěním: Volných bajtů: 44 032 352 256
Po spuštění: Volných bajtů: 43 762 917 376

- - End Of File - - B8EB9BEC38E3222E0E8DA3E327FE71E8

[Dzurmajstr]

jen pro informaci, doposud jsem postupoval podle pokynů, no jak jsem měl upustit ten skript, jak se přetínali, tak se automaticky spustil ComboFix a vyjel mi blog tady výše vložený, po restartování combofixem mi nešel internet - psalo mi to, že je to označené ke smazání, dnes ráno tady byl technik od provozovatele u kterých mám internet, tak mi to opět nastavil, tak by mě zajímalo, v čem a kde byla chyba, že mi to nešlo, navíc se mi na plochu objevila ikona Internet Explorer - který ovšem taky nešel, byl pouze k odstranění, stejně tak jako nastavení prohlížeč google chrome, nyní mi to zase frčí bez problémů, ale v čem byl problém, to nevím

[Dzurmajstr]

bylo mi taky řečeno, že HiJack je dobrá věcička, vyjede to všechno, ale člověk to musí ovládat, musí to znát, tak nevím jaký jste odborník zrovna Vy, ale to, že mi nešel internet, to asi byla chyba

[memphisto]

Chyba to rozhodně nebyla a je to "normální". Viry jako takové mění různá nastavení (připojení k netu, nastavení prohlížeče, apod.) Combofix to při použití příkazů vrátil do defaultních hodnot. V tomhle skriptu ale nebylo nic, co by ovlivnilo chod internetu. Není standardem, že by se pokaždé něco stalo, ale je to univerzální program na všechny verze Windows a to i různé bitové kopie a není zaručena 100 % funkčnost a prostě v jednom případu ze sta se stane, že necháš zapnutý antivir, různé aktualizace, cracknutý Windows, apod a průser je na světě. Prostě se to stane. Ikona IE na plochu se hodí vždy po použití Combofixu. A HJT je k něčemu úplně jinému než Combofix. Pleteš si pojmy.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


+ HJT

[Dzurmajstr]

když chci spustit ten T-Cleaner, tak mi to píše, že neplatná aplikace typu Win32

[memphisto]

Vypnul jsi před stažením antivir, že ano. Antiviry jej totiž detekují jako hrozbu a ještě před stažením jej smáznou a pak nefunguje. Pokud by přece jen byly problémy, tak potom ...

Stáhni si ToolsCleaner2( by de A.Rothstein & Dj Quiou )

na plochu a spusť ho.
Klikni na Pt. Restauration (obnova) a poté na OK.
Klikni na Corbeille (koš) a poté na OK.
Klikni na Fichiers temp (temp složky) a poté na OK.
Klikni na Recherche (hledání) a nech Cleaner pracovat. Může se během čištění zastavit , ale nech ho pokračovat.
Když program skončí , klikni na Suppression (odstranění)a odstraň nalezené.
Zavři program.
Program maže i všechny nástroje na odvirování a vytváření logů , které se zde používají (HJT, Combofix, OTM, OTL, OTS atd.)

[Dzurmajstr]

tady toto ToolsCleaner2 to je místo toho T-Cleaner? Když dokončím ten ToolsC2 tak pak už nemusím teda dělat ten T-Cleaner?

[jaro3]

Nemusíš , smaže Ti to vše , Combofix , HJT ap.