Nefunkcny internet

[tonysk]

Dobry vecer,

dostal sa ku mne notebook, na ktorom nejde internet (skusal som aj wifi aj LAN). Na router sa vsak dostanem, dalej uz nie. Notebook nie je moj - neviem, co s nim bolo predtym robene. Skusil som preinstalovat ovladace na sietovkach a nepomohlo to. Mam podozrenie na virus. Prosim o pomoc.

LOG:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Dunco at 2012-06-25 20:56:01
Microsoft Windows 7 Enterprise Service Pack 1
System drive C: has 28 GB (37%) free of 76 GB
Total RAM: 1526 MB (63% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-903449896-625687540-830204300-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-903449896-625687540-830204300-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-03-02 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-02 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - Astroburn Toolbar - C:\Program Files\Astroburn Toolbar\ABToolbar.dll [2011-05-23 1000768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 1821576]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-12-17 131072]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-12-17 163840]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-12-17 135168]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-02 59240]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-01-16 421736]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 931200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Dunco\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-17 136176]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]

C:\Users\Dunco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-12-17 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcodec2.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"MSVideo"=vfwwdm32.dll
"VIDC.IV41"=IR41_32.AX

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-06-25 20:56:01 ----D---- C:\rsit
2012-06-25 20:56:01 ----D---- C:\Program Files\trend micro
2012-06-25 20:45:51 ----A---- C:\Windows\system32\PerfStringBackup.TMP
2012-06-25 19:59:04 ----A---- C:\Windows\system32\drivers\athr.sys
2012-06-23 14:53:49 ----N---- C:\bootsqm.dat
2012-06-23 09:32:35 ----A---- C:\Windows\system32\mshtmled.dll
2012-06-23 09:32:34 ----A---- C:\Windows\system32\iertutil.dll
2012-06-23 09:32:33 ----A---- C:\Windows\system32\ieUnatt.exe
2012-06-23 09:32:33 ----A---- C:\Windows\system32\ieui.dll
2012-06-23 09:32:32 ----A---- C:\Windows\system32\wininet.dll
2012-06-23 09:32:32 ----A---- C:\Windows\system32\jsproxy.dll
2012-06-23 09:32:31 ----A---- C:\Windows\system32\jscript.dll
2012-06-23 09:32:30 ----A---- C:\Windows\system32\url.dll
2012-06-23 09:32:30 ----A---- C:\Windows\system32\jscript9.dll
2012-06-23 09:32:29 ----A---- C:\Windows\system32\urlmon.dll
2012-06-23 09:32:26 ----A---- C:\Windows\system32\mshtml.dll
2012-06-23 09:32:25 ----A---- C:\Windows\system32\ieframe.dll
2012-06-23 00:58:16 ----A---- C:\Windows\system32\cryptsvc.dll
2012-06-23 00:58:16 ----A---- C:\Windows\system32\cryptnet.dll
2012-06-23 00:58:16 ----A---- C:\Windows\system32\crypt32.dll
2012-06-23 00:43:04 ----A---- C:\Windows\system32\msi.dll
2012-06-23 00:42:09 ----A---- C:\Windows\system32\wups2.dll
2012-06-23 00:42:09 ----A---- C:\Windows\system32\wuauclt.exe
2012-06-23 00:42:07 ----A---- C:\Windows\system32\wucltux.dll
2012-06-23 00:42:07 ----A---- C:\Windows\system32\wuaueng.dll
2012-06-23 00:41:40 ----A---- C:\Windows\system32\wups.dll
2012-06-23 00:41:40 ----A---- C:\Windows\system32\wudriver.dll
2012-06-23 00:41:40 ----A---- C:\Windows\system32\wuapi.dll
2012-06-23 00:41:10 ----A---- C:\Windows\system32\wuwebv.dll
2012-06-23 00:41:10 ----A---- C:\Windows\system32\wuapp.exe
2012-06-22 01:18:02 ----A---- C:\Windows\system32\rdpcorets.dll
2012-06-22 01:18:02 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-06-22 01:09:37 ----A---- C:\Windows\system32\win32k.sys
2012-06-22 01:05:40 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-06-22 01:05:40 ----A---- C:\Windows\system32\rdpwsx.dll
2012-06-22 01:05:40 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-06-22 01:03:30 ----A---- C:\Windows\system32\profsvc.dll

======List of files/folders modified in the last 1 month======

2012-06-25 20:56:01 ----RD---- C:\Program Files
2012-06-25 20:53:48 ----D---- C:\Windows\Temp
2012-06-25 20:52:04 ----D---- C:\Users\Dunco\AppData\Roaming\Skype
2012-06-25 20:51:57 ----D---- C:\Windows\inf
2012-06-25 20:51:56 ----D---- C:\Windows\debug
2012-06-25 20:51:56 ----D---- C:\Windows
2012-06-25 20:51:41 ----D---- C:\Windows\Prefetch
2012-06-25 20:45:51 ----D---- C:\Windows\System32
2012-06-25 20:44:02 ----SHD---- C:\System Volume Information
2012-06-25 20:42:09 ----D---- C:\Windows\system32\wbem
2012-06-25 20:41:34 ----D---- C:\Windows\system32\config
2012-06-25 20:41:23 ----D---- C:\Windows\registration
2012-06-25 20:00:37 ----D---- C:\Windows\system32\drivers
2012-06-25 20:00:35 ----D---- C:\Windows\system32\catroot2
2012-06-25 20:00:35 ----D---- C:\Windows\system32\catroot
2012-06-25 20:00:34 ----D---- C:\Windows\system32\DriverStore
2012-06-25 20:00:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-24 13:18:51 ----D---- C:\Windows\system32\NDF
2012-06-23 15:05:39 ----RSD---- C:\Windows\assembly
2012-06-23 15:05:39 ----D---- C:\Windows\Microsoft.NET
2012-06-23 14:43:06 ----D---- C:\Windows\winsxs
2012-06-23 09:41:56 ----D---- C:\Windows\system32\migration
2012-06-23 09:41:56 ----D---- C:\Program Files\Internet Explorer
2012-06-23 09:41:55 ----D---- C:\Windows\system32\sk-SK
2012-06-23 09:41:55 ----D---- C:\Windows\system32\en-US
2012-06-23 09:41:35 ----SHD---- C:\Windows\Installer
2012-06-23 09:37:33 ----A---- C:\Windows\system32\MRT.exe
2012-06-23 00:43:32 ----D---- C:\ProgramData\Microsoft Help
2012-06-21 14:15:04 ----D---- C:\Users\Dunco\AppData\Roaming\vlc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-03-20 171064]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-17 239168]
R1 MpKsl52bc0f48;MpKsl52bc0f48; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F516ED9-8C83-419C-BDAA-D7E17078E0A1}\MpKsl52bc0f48.sys [2012-06-25 29904]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-14 1035776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2009-06-18 4172832]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2012-03-09 2877952]
R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 ialm;ialm; C:\Windows\system32\DRIVERS\igxpmp32.sys [2011-12-17 5672032]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32.sys [2011-08-01 40936]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 LVUVC;Logitech Webcam C210(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2011-08-19 4334624]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-08-02 42496]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 VSPerfDrv100;Performance Tools Driver 10.0; \??\C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 11552]
R2 UMVPFSrv;UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 821608]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-16 1343400]
S4 NetMsmqActivator;@%SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2010-11-05 128848]
S4 NetPipeActivator;@%SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2010-11-05 128848]
S4 NetTcpActivator;@%SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2010-11-05 128848]

-----------------EOF-----------------

Dakujem

[Rudy]

Zdravím!
Tento NB je firemní?

[tonysk]

Pravdepodobne to bol firemny kus. Dosluhuje v domacnosti.

[Rudy]

OK. V logu nevidím nic nebezpečného. Zkuste nejprve použít WinsockFix: http://www.softpedia.com/get/Tweak/Netw ... kFix.shtml . Utilita reinstaluje TCP/IP protokol. PC restartujte.

[tonysk]

Spustil som vyssie spomenuty program a program vyhodil: Registry information import not found. Po odkliknuti chvilu pracoval a nakoniec to ukoncil: Repair completed. Please reboot. Hned po odkliknuti zahlasil: Runtime error '53': File not found.

Restartoval som ntb a internet stale nesiel, tak som to skusil spustit znova (v nadeji ze sa chyby neobjavia). Zial s rovnakym vysledkom.

Napada vas nieco dalsie?

[Rudy]

Zkuste Startmenu>přík. řádek>(napsat) netsh winsock reset>Enter. Restart PC.

[tonysk]

spustil som to, zbehlo to, zial nepomohlo to. Napada vas este nieco dalsie ?

[Rudy]

Dejte log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[tonysk]

ComboFix 12-06-26.02 - Dunco . 06. 2012 22:45:54.1.1 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.421.1033.18.1526.1002 [GMT 2:00]
Running from: c:\users\Dunco\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\user32.dll was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))))
.
.
2012-06-26 20:53 . 2012-06-26 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 18:56 . 2012-06-25 18:56 -------- d-----w- C:\rsit
2012-06-25 18:56 . 2012-06-25 18:56 -------- d-----w- c:\program files\trend micro
2012-06-25 18:45 . 2012-06-25 18:45 5126 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-06-25 17:59 . 2012-03-09 08:45 2877952 ----a-w- c:\windows\system32\drivers\athr.sys
2012-06-22 23:08 . 2012-02-10 07:41 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB4C5E8B-39BC-46C7-8454-5668AFA87AE9}\gapaengine.dll
2012-06-22 23:08 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F516ED9-8C83-419C-BDAA-D7E17078E0A1}\mpengine.dll
2012-06-22 22:58 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-22 22:58 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-22 22:58 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-22 22:43 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-22 22:42 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 22:42 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 22:42 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 22:42 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 22:41 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 22:41 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 22:41 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 22:41 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 22:41 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 23:18 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-21 23:18 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-21 23:09 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-21 23:05 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-21 23:05 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-21 23:05 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-21 23:03 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-10 10:59 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 04:39 . 2012-05-14 20:06 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-14 20:06 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-14 20:06 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"= "c:\program files\Astroburn Toolbar\ABToolbar.dll" [2011-05-23 1000768]
.
[HKEY_CLASSES_ROOT\clsid\{efeed92a-a33d-4873-ba8f-32baa631e54d}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-17 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-17 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-17 135168]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\Dunco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-903449896-625687540-830204300-1000Core.job
- c:\users\Dunco\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-17 10:42]
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-903449896-625687540-830204300-1000UA.job
- c:\users\Dunco\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-17 10:42]
.
.
------- Supplementary Scan -------
.
uStart Page = astroburn-search.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{30B9C9BF-1534-4BC3-9C84-771C9613E08C}: NameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-06-26 23:00:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-26 21:00
.
Pre-Run: 29 473 841 152 bytes free
Post-Run: 28 848 062 464 bytes free
.
- - End Of File - - DE5ED0540EFEC79556053B554E21F968

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\Astroburn Toolbar

File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-903449896-625687540-830204300-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-903449896-625687540-830204300-1000UA.job

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"=-
[-HKEY_CLASSES_ROOT\clsid\{efeed92a-a33d-4873-ba8f-32baa631e54d}]
[-HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
[-HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
[-HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[tonysk]

Spustil som skript presne podla pokynov. Log:

ComboFix 12-06-26.02 - Dunco . 06. 2012 21:59:26.2.1 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.421.1033.18.1526.990 [GMT 2:00]
Running from: c:\users\Dunco\Desktop\ComboFix.exe
Command switches used :: c:\users\Dunco\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-903449896-625687540-830204300-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-903449896-625687540-830204300-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Astroburn Toolbar
c:\program files\Astroburn Toolbar\_AstroburnLite.xml
c:\program files\Astroburn Toolbar\ABToolbar.dll
c:\program files\Astroburn Toolbar\Resources\about.ico
c:\program files\Astroburn Toolbar\Resources\AboutWindow.ico
c:\program files\Astroburn Toolbar\Resources\accept.ico
c:\program files\Astroburn Toolbar\Resources\AddRadioStation.ico
c:\program files\Astroburn Toolbar\Resources\as.ico
c:\program files\Astroburn Toolbar\Resources\as.png
c:\program files\Astroburn Toolbar\Resources\astro.ico
c:\program files\Astroburn Toolbar\Resources\astro_audio.ico
c:\program files\Astroburn Toolbar\Resources\astro_lite.ico
c:\program files\Astroburn Toolbar\Resources\astroburn_site.ico
c:\program files\Astroburn Toolbar\Resources\az.ico
c:\program files\Astroburn Toolbar\Resources\b1.bmp
c:\program files\Astroburn Toolbar\Resources\b1.png
c:\program files\Astroburn Toolbar\Resources\burn_files.ico
c:\program files\Astroburn Toolbar\Resources\burn_image.ico
c:\program files\Astroburn Toolbar\Resources\BurnImage.ico
c:\program files\Astroburn Toolbar\Resources\buy.ico
c:\program files\Astroburn Toolbar\Resources\cal.ico
c:\program files\Astroburn Toolbar\Resources\Config.ico
c:\program files\Astroburn Toolbar\Resources\d.ico
c:\program files\Astroburn Toolbar\Resources\d2.ico
c:\program files\Astroburn Toolbar\Resources\dot_disabled.bmp
c:\program files\Astroburn Toolbar\Resources\dot_enabled.bmp
c:\program files\Astroburn Toolbar\Resources\dot_on_over.bmp
c:\program files\Astroburn Toolbar\Resources\download.ico
c:\program files\Astroburn Toolbar\Resources\ds.ico
c:\program files\Astroburn Toolbar\Resources\dsearch.ico
c:\program files\Astroburn Toolbar\Resources\dt-home.ico
c:\program files\Astroburn Toolbar\Resources\dt.ico
c:\program files\Astroburn Toolbar\Resources\dt_buy.ico
c:\program files\Astroburn Toolbar\Resources\dt_download.ico
c:\program files\Astroburn Toolbar\Resources\dt_feedback.ico
c:\program files\Astroburn Toolbar\Resources\dt_forum.ico
c:\program files\Astroburn Toolbar\Resources\dt_line.ico
c:\program files\Astroburn Toolbar\Resources\dt_manual.ico
c:\program files\Astroburn Toolbar\Resources\dt_pro.ico
c:\program files\Astroburn Toolbar\Resources\DTPro.ico
c:\program files\Astroburn Toolbar\Resources\Dwnl.ico
c:\program files\Astroburn Toolbar\Resources\emulation.ico
c:\program files\Astroburn Toolbar\Resources\ENG.xml
c:\program files\Astroburn Toolbar\Resources\faq.ico
c:\program files\Astroburn Toolbar\Resources\favicon.ico
c:\program files\Astroburn Toolbar\Resources\fb.ico
c:\program files\Astroburn Toolbar\Resources\features.ico
c:\program files\Astroburn Toolbar\Resources\feedback.ico
c:\program files\Astroburn Toolbar\Resources\forum.ico
c:\program files\Astroburn Toolbar\Resources\GameCentrix.ico
c:\program files\Astroburn Toolbar\Resources\GameCentrixCristals.ico
c:\program files\Astroburn Toolbar\Resources\GameCentrixDownload.ico
c:\program files\Astroburn Toolbar\Resources\GameCentrixPlayOnline.ico
c:\program files\Astroburn Toolbar\Resources\GameCentrixTop.ico
c:\program files\Astroburn Toolbar\Resources\GameS.ico
c:\program files\Astroburn Toolbar\Resources\games_search.ico
c:\program files\Astroburn Toolbar\Resources\games_search_SA.ico
c:\program files\Astroburn Toolbar\Resources\GameSA.ico
c:\program files\Astroburn Toolbar\Resources\gct16.ico
c:\program files\Astroburn Toolbar\Resources\gd.ico
c:\program files\Astroburn Toolbar\Resources\genre.xml
c:\program files\Astroburn Toolbar\Resources\globe.ico
c:\program files\Astroburn Toolbar\Resources\GrabImage.ico
c:\program files\Astroburn Toolbar\Resources\hb.bmp
c:\program files\Astroburn Toolbar\Resources\hb.ico
c:\program files\Astroburn Toolbar\Resources\help.ico
c:\program files\Astroburn Toolbar\Resources\hide.ico
c:\program files\Astroburn Toolbar\Resources\home.ico
c:\program files\Astroburn Toolbar\Resources\ImageS.ico
c:\program files\Astroburn Toolbar\Resources\ImageSA.ico
c:\program files\Astroburn Toolbar\Resources\ip.ico
c:\program files\Astroburn Toolbar\Resources\lang.xml
c:\program files\Astroburn Toolbar\Resources\lingvo.ico
c:\program files\Astroburn Toolbar\Resources\m.ico
c:\program files\Astroburn Toolbar\Resources\mail.bmp
c:\program files\Astroburn Toolbar\Resources\mail_disable.bmp
c:\program files\Astroburn Toolbar\Resources\mail_down.bmp
c:\program files\Astroburn Toolbar\Resources\mail_m.bmp
c:\program files\Astroburn Toolbar\Resources\mail_under.bmp
c:\program files\Astroburn Toolbar\Resources\mailc.bmp
c:\program files\Astroburn Toolbar\Resources\mailc_disable.bmp
c:\program files\Astroburn Toolbar\Resources\mailc_down.bmp
c:\program files\Astroburn Toolbar\Resources\mailc_m.bmp
c:\program files\Astroburn Toolbar\Resources\mailc_under.bmp
c:\program files\Astroburn Toolbar\Resources\manual.ico
c:\program files\Astroburn Toolbar\Resources\map.ico
c:\program files\Astroburn Toolbar\Resources\MenuRadioConfig.ico
c:\program files\Astroburn Toolbar\Resources\MenuRadioStation.ico
c:\program files\Astroburn Toolbar\Resources\MenuRSCur.ico
c:\program files\Astroburn Toolbar\Resources\MenuTr.ico
c:\program files\Astroburn Toolbar\Resources\next.bmp
c:\program files\Astroburn Toolbar\Resources\next_down.bmp
c:\program files\Astroburn Toolbar\Resources\next_m.bmp
c:\program files\Astroburn Toolbar\Resources\next_under.bmp
c:\program files\Astroburn Toolbar\Resources\none.bmp
c:\program files\Astroburn Toolbar\Resources\none_m.bmp
c:\program files\Astroburn Toolbar\Resources\op.ico
c:\program files\Astroburn Toolbar\Resources\play.bmp
c:\program files\Astroburn Toolbar\Resources\play.ico
c:\program files\Astroburn Toolbar\Resources\play_down.bmp
c:\program files\Astroburn Toolbar\Resources\play_m.bmp
c:\program files\Astroburn Toolbar\Resources\play_under.bmp
c:\program files\Astroburn Toolbar\Resources\pragma.ico
c:\program files\Astroburn Toolbar\Resources\prev.bmp
c:\program files\Astroburn Toolbar\Resources\prev_down.bmp
c:\program files\Astroburn Toolbar\Resources\prev_m.bmp
c:\program files\Astroburn Toolbar\Resources\prev_under.bmp
c:\program files\Astroburn Toolbar\Resources\prod.ico
c:\program files\Astroburn Toolbar\Resources\Radio.ico
c:\program files\Astroburn Toolbar\Resources\RadioBg.bmp
c:\program files\Astroburn Toolbar\Resources\RadioBg.ico
c:\program files\Astroburn Toolbar\Resources\RadioBgMask.bmp
c:\program files\Astroburn Toolbar\Resources\RadioDisp.bmp
c:\program files\Astroburn Toolbar\Resources\RadioDisp_m.bmp
c:\program files\Astroburn Toolbar\Resources\RadioDown.bmp
c:\program files\Astroburn Toolbar\Resources\RadioDown.ico
c:\program files\Astroburn Toolbar\Resources\RadioDown_down.bmp
c:\program files\Astroburn Toolbar\Resources\RadioDown_m.bmp
c:\program files\Astroburn Toolbar\Resources\RadioDown_under.bmp
c:\program files\Astroburn Toolbar\Resources\RadioE.bmp
c:\program files\Astroburn Toolbar\Resources\RadioG.bmp
c:\program files\Astroburn Toolbar\Resources\RadioL.bmp
c:\program files\Astroburn Toolbar\Resources\RadioLDotMask.bmp
c:\program files\Astroburn Toolbar\Resources\RadioLeft.bmp
c:\program files\Astroburn Toolbar\Resources\RadioLeftMask.bmp
c:\program files\Astroburn Toolbar\Resources\RadioLM.bmp
c:\program files\Astroburn Toolbar\Resources\RadioM.bmp
c:\program files\Astroburn Toolbar\Resources\RadioN.bmp
c:\program files\Astroburn Toolbar\Resources\RadioR.bmp
c:\program files\Astroburn Toolbar\Resources\RadioR.ico
c:\program files\Astroburn Toolbar\Resources\RadioRM.bmp
c:\program files\Astroburn Toolbar\Resources\RadioRU.bmp
c:\program files\Astroburn Toolbar\Resources\RadioVolume.bmp
c:\program files\Astroburn Toolbar\Resources\RadioVolume_down.bmp
c:\program files\Astroburn Toolbar\Resources\RadioVolume_m.bmp
c:\program files\Astroburn Toolbar\Resources\RadioVolume_under.bmp
c:\program files\Astroburn Toolbar\Resources\RadioW.bmp
c:\program files\Astroburn Toolbar\Resources\rbcheck.ico
c:\program files\Astroburn Toolbar\Resources\rbtxt.ico
c:\program files\Astroburn Toolbar\Resources\refresh.bmp
c:\program files\Astroburn Toolbar\Resources\refresh_down.bmp
c:\program files\Astroburn Toolbar\Resources\refresh_m.bmp
c:\program files\Astroburn Toolbar\Resources\refresh_under.bmp
c:\program files\Astroburn Toolbar\Resources\Rss.ico
c:\program files\Astroburn Toolbar\Resources\Rss1.ico
c:\program files\Astroburn Toolbar\Resources\RssA.ico
c:\program files\Astroburn Toolbar\Resources\RssA1.ico
c:\program files\Astroburn Toolbar\Resources\rssClose.ico
c:\program files\Astroburn Toolbar\Resources\rssL.bmp
c:\program files\Astroburn Toolbar\Resources\rssOpen.ico
c:\program files\Astroburn Toolbar\Resources\RssRefresh.ico
c:\program files\Astroburn Toolbar\Resources\RUS.xml
c:\program files\Astroburn Toolbar\Resources\s2.ico
c:\program files\Astroburn Toolbar\Resources\search.ico
c:\program files\Astroburn Toolbar\Resources\show.ico
c:\program files\Astroburn Toolbar\Resources\size.bmp
c:\program files\Astroburn Toolbar\Resources\size_m.bmp
c:\program files\Astroburn Toolbar\Resources\skins.ico
c:\program files\Astroburn Toolbar\Resources\soft24.ico
c:\program files\Astroburn Toolbar\Resources\soft24_SA.ico
c:\program files\Astroburn Toolbar\Resources\spt.ico
c:\program files\Astroburn Toolbar\Resources\stop.bmp
c:\program files\Astroburn Toolbar\Resources\stop.ico
c:\program files\Astroburn Toolbar\Resources\stop_down.bmp
c:\program files\Astroburn Toolbar\Resources\stop_m.bmp
c:\program files\Astroburn Toolbar\Resources\stop_under.bmp
c:\program files\Astroburn Toolbar\Resources\style.ico
c:\program files\Astroburn Toolbar\Resources\SupportRequest.ico
c:\program files\Astroburn Toolbar\Resources\timer.ico
c:\program files\Astroburn Toolbar\Resources\TitleIcon.ico
c:\program files\Astroburn Toolbar\Resources\toolbar.xml
c:\program files\Astroburn Toolbar\Resources\trans.ico
c:\program files\Astroburn Toolbar\Resources\Trash.bmp
c:\program files\Astroburn Toolbar\Resources\Trash_disable.bmp
c:\program files\Astroburn Toolbar\Resources\Trash_down.bmp
c:\program files\Astroburn Toolbar\Resources\Trash_m.bmp
c:\program files\Astroburn Toolbar\Resources\Trash_under.bmp
c:\program files\Astroburn Toolbar\Resources\u.ico
c:\program files\Astroburn Toolbar\Resources\uninstall.ico
c:\program files\Astroburn Toolbar\Resources\vol.bmp
c:\program files\Astroburn Toolbar\Resources\vol.ico
c:\program files\Astroburn Toolbar\Resources\vol_back.bmp
c:\program files\Astroburn Toolbar\Resources\vol_dott.bmp
c:\program files\Astroburn Toolbar\Resources\vol_dott_m.bmp
c:\program files\Astroburn Toolbar\Resources\vol_down.bmp
c:\program files\Astroburn Toolbar\Resources\vol_m.bmp
c:\program files\Astroburn Toolbar\Resources\vol_mute.bmp
c:\program files\Astroburn Toolbar\Resources\vol_mute_check.bmp
c:\program files\Astroburn Toolbar\Resources\vol_under.bmp
c:\program files\Astroburn Toolbar\Resources\wBtClose.bmp
c:\program files\Astroburn Toolbar\Resources\wBtClose_down.bmp
c:\program files\Astroburn Toolbar\Resources\wBtClose_m.bmp
c:\program files\Astroburn Toolbar\Resources\wBtClose_under.bmp
c:\program files\Astroburn Toolbar\Resources\wBtText.bmp
c:\program files\Astroburn Toolbar\Resources\wBtText_down.bmp
c:\program files\Astroburn Toolbar\Resources\wBtText_m.bmp
c:\program files\Astroburn Toolbar\Resources\wBtText_under.bmp
c:\program files\Astroburn Toolbar\Resources\WebS.ico
c:\program files\Astroburn Toolbar\Resources\WebSa.ico
c:\program files\Astroburn Toolbar\Resources\wi.ico
c:\program files\Astroburn Toolbar\Resources\wi0.ico
c:\program files\Astroburn Toolbar\Resources\wi1.ico
c:\program files\Astroburn Toolbar\Resources\wi10.ico
c:\program files\Astroburn Toolbar\Resources\wi11.ico
c:\program files\Astroburn Toolbar\Resources\wi12.ico
c:\program files\Astroburn Toolbar\Resources\wi13.ico
c:\program files\Astroburn Toolbar\Resources\wi14.ico
c:\program files\Astroburn Toolbar\Resources\wi2.ico
c:\program files\Astroburn Toolbar\Resources\wi3.ico
c:\program files\Astroburn Toolbar\Resources\wi4.ico
c:\program files\Astroburn Toolbar\Resources\wi5.ico
c:\program files\Astroburn Toolbar\Resources\wi6.ico
c:\program files\Astroburn Toolbar\Resources\wi7.ico
c:\program files\Astroburn Toolbar\Resources\wi8.ico
c:\program files\Astroburn Toolbar\Resources\wi9.ico
c:\program files\Astroburn Toolbar\uninst.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 20:07 . 2012-06-27 20:09 -------- d-----w- c:\users\Dunco\AppData\Local\temp
2012-06-27 20:07 . 2012-06-27 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 18:56 . 2012-06-25 18:56 -------- d-----w- C:\rsit
2012-06-25 18:56 . 2012-06-25 18:56 -------- d-----w- c:\program files\trend micro
2012-06-25 18:45 . 2012-06-25 18:45 5126 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-06-25 17:59 . 2012-03-09 08:45 2877952 ----a-w- c:\windows\system32\drivers\athr.sys
2012-06-22 23:08 . 2012-02-10 07:41 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB4C5E8B-39BC-46C7-8454-5668AFA87AE9}\gapaengine.dll
2012-06-22 23:08 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F516ED9-8C83-419C-BDAA-D7E17078E0A1}\mpengine.dll
2012-06-22 22:58 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-22 22:58 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-22 22:58 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-22 22:43 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-22 22:42 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 22:42 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 22:42 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 22:42 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 22:41 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 22:41 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 22:41 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 22:41 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 22:41 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 23:18 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-21 23:18 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-21 23:09 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-21 23:05 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-21 23:05 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-21 23:05 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-21 23:03 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-10 10:59 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 04:39 . 2012-05-14 20:06 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-14 20:06 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-14 20:06 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-17 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-17 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-17 135168]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\Dunco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-903449896-625687540-830204300-1000Core.job
- c:\users\Dunco\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-17 10:42]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-903449896-625687540-830204300-1000UA.job
- c:\users\Dunco\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-17 10:42]
.
.
------- Supplementary Scan -------
.
uStart Page = astroburn-search.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{30B9C9BF-1534-4BC3-9C84-771C9613E08C}: NameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Astroburn Toolbar - c:\program files\Astroburn Toolbar\uninst.exe
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-06-27 22:14:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-27 20:14
ComboFix2.txt 2012-06-26 21:00
.
Pre-Run: 29 075 382 272 bytes free
Post-Run: 28 866 658 304 bytes free
.
- - End Of File - - C26280E3368EF26610C9695CD66092FA


Zaujimave je ze po skonceni skenu sa s pocitacom neda vobec pracovat. Akykolvek program/subor, ktory na pocitaci spustim vyhlasi chybu: <<cesta k suboru>> Illegal operation atempted on a registry key that has been marked for deletion. Po restarte sa zda ze pocitac ide znovu 'normalne'.

A to najdolezitejsie nakoniec. Internet stale nejde

[Rudy]

Smazáno. Restartujte modem, příp. další síť prvekm v datové cestě.

[tonysk]

Restartoval som a internet stale nejde. Som prekvapeny kolko sme toho zmazali a stale tam nieco zostalo. Tuto temu som zakladal v nadeji, ze to bude nejaky zo znamejsich virusov a pojde lahko odstranit. Mate este nejake napady alebo to co blokuje pristup na internet nie je virus?

[Rudy]

Blokování internetu nemusí vůbec způsobovat virus. Zkuste reinstalovat ovladač síť karty.

[tonysk]

Zrejme mate pravdu. Asi to uz nebude virusom. Dakujem velmi pekne za pomoc.