Vyskakující reklamy v prohlížečích

[Donuts]

OK, skutecne jsem mazal omylem dvakrat, nicmene az po vasem pokynu. Ale s tou naslednou kontrolou to nechapu, ale zrejme taky moje blbost.

No kdyz to se mnou jeste zkusite, tak bude pochopitelne rad.

[vyosek]

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Donuts]

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/03/2012 08:02:47 AM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* gpsvc => %windir%\system32\svchost.exe -k GPSvcGroup [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 11/03/2012 08:03:04 AM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)

[Donuts]

ComboFix 12-11-02.02 - klug 03.11.2012 8:08.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2047.873 [GMT 1:00]
Spuštěný z: c:\users\klug\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\klug\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\muzapp.exe
c:\windows\system32\test
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-03 do 2012-11-03 )))))))))))))))))))))))))))))))
.
.
2012-11-03 07:15 . 2012-11-03 07:21 -------- d-----w- c:\users\klug\AppData\Local\temp
2012-11-03 07:15 . 2012-11-03 07:15 -------- d-----w- c:\users\TRONICEK\AppData\Local\temp
2012-11-03 07:15 . 2012-11-03 07:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-03 07:12 . 2012-11-03 07:12 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E887BCC-FE74-4785-91FD-6D3011AC57F5}\offreg.dll
2012-11-02 05:57 . 2012-10-17 01:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E887BCC-FE74-4785-91FD-6D3011AC57F5}\mpengine.dll
2012-11-01 06:26 . 2012-11-01 06:39 -------- d-----w- c:\program files\trend micro
2012-11-01 06:26 . 2012-11-02 06:07 -------- d-----w- C:\rsit
2012-10-31 09:33 . 2012-08-23 08:19 4916224 ----a-w- c:\windows\system32\mstscax.dll
2012-10-31 09:33 . 2012-10-31 09:33 -------- d-----w- c:\users\UpdatusUser
2012-10-31 09:32 . 2012-10-10 20:14 52584 ----a-w- c:\windows\system32\OpenCL.dll
2012-10-31 09:31 . 2012-10-31 09:31 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-10-31 09:31 . 2012-10-31 09:33 -------- d-----w- c:\program files\NVIDIA Corporation
2012-10-31 09:24 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-31 09:24 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-31 09:24 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2012-10-31 09:24 . 2012-08-24 16:57 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-31 09:24 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-31 09:24 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-10-31 09:10 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-31 09:09 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-31 09:09 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-10-31 09:09 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-10-31 09:09 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2012-10-31 09:09 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-31 09:09 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-10-31 09:09 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-10-31 09:09 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-31 09:09 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-31 09:09 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-24 04:53 . 2012-10-24 04:53 -------- d-----w- c:\program files\Common Files\Java
2012-10-12 05:25 . 2012-10-12 05:25 -------- d-----w- c:\users\klug\AppData\Roaming\LavasoftStatistics
2012-10-12 05:24 . 2012-10-12 05:25 -------- d-----w- c:\users\klug\AppData\Roaming\Ad-Aware Antivirus
2012-10-10 20:15 . 2012-10-10 20:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:15 . 2012-10-10 20:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:14 . 2012-10-10 20:14 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-10 20:14 . 2012-10-10 20:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:14 . 2012-10-10 20:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:14 . 2012-10-10 20:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:14 . 2012-10-10 20:14 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-10-10 20:14 . 2012-10-10 20:14 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-10 20:14 . 2012-10-10 20:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 07:43 . 2012-04-04 05:05 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-22 07:43 . 2011-05-16 04:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 20:14 . 2009-09-17 23:33 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-10-10 20:14 . 2009-09-17 23:33 2428776 ----a-w- c:\windows\system32\nvapi.dll
2012-10-10 20:14 . 2009-09-17 23:33 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
2012-10-02 19:29 . 2009-07-14 17:50 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:29 . 2009-07-14 17:50 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:29 . 2009-07-14 17:50 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:29 . 2009-07-14 17:50 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:29 . 2009-07-14 17:50 2853224 ----a-w- c:\windows\system32\nvsvc.dll
2012-10-02 19:28 . 2009-07-14 17:50 3965288 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe
2012-09-24 13:32 . 2012-09-06 05:02 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 13:32 . 2010-12-08 08:29 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-23 15:52 . 2012-10-31 09:34 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-10-27 09:31 . 2012-10-19 10:16 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-03-31 954256]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-31 21392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"AutoLockProcess"="c:\program files\Acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe" [2009-02-17 446464]
"Acer PowerSaver"="c:\program files\Acer\Acer PowerSaver\PowerSaverTray.exe" [2009-04-17 434176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-03-31 3521424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\users\klug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 eLock2BurnerLockDriver;Disk Performance Monitor Filter Driver;c:\windows\system32\DRIVERS\eLock2BurnerLockDriver.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\DRIVERS\eLock2FSCTLDriver.sys [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [x]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 07:43]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 09:45]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 09:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=veriton_m480g&r=17050310kz06p73253rk5jh801i977
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
FF - ProfilePath - c:\users\klug\AppData\Roaming\Mozilla\Firefox\Profiles\ucnic6n5.default\
FF - ExtSQL: 2012-09-06 07:02; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-09-11 10:38; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\klug\AppData\Roaming\Mozilla\Firefox\Profiles\ucnic6n5.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: 2012-10-24 06:52; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-WavXMgr - c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
HKLM-Run-EmbassySecurityCheck - c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-11-03 08:26:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-03 07:26
.
Před spuštěním: Volných bajtů: 88 096 825 344
Po spuštění: Volných bajtů: 87 831 740 416
.
- - End Of File - - 03EB8919A88340DCB516C74954D738EE

[vyosek]

Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam

• Nahrady za Spybota:
  • Spyware Terminator - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=44730
  • SuperAntiSpyare - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=51359
• Samozrejme pouzivejte jen jeden z nich
• Osobne doporucuji SuperAntiSpyware

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "KiesHelper"=-
  "KiesPDLR"=-
  "Skype"=-
  "SpybotSD TeaTimer"=-
  "swg"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Adobe Reader Speed Launcher"=-
  "RemoteControl8"=-
  "PDVD8LanguageShortcut"=-
  "Adobe ARM"=-
  "Windows Mobile Device Center"=-
  "KiesTrayAgent"=-
  "SunJavaUpdateSched"=-
  
  File::
  c:\windows\Tasks\Adobe Flash Player Updater.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  DDS::
  mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5jh801i977
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Donuts]

ComboFix 12-11-02.02 - klug 03.11.2012 9:51.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2047.874 [GMT 1:00]
Spuštěný z: c:\users\klug\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\klug\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-03 do 2012-11-03 )))))))))))))))))))))))))))))))
.
.
2012-11-03 08:57 . 2012-11-03 08:59 -------- d-----w- c:\users\klug\AppData\Local\temp
2012-11-03 08:57 . 2012-11-03 08:57 -------- d-----w- c:\users\TRONICEK\AppData\Local\temp
2012-11-03 08:57 . 2012-11-03 08:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-03 08:41 . 2012-11-03 08:41 -------- d-----w- c:\users\klug\AppData\Roaming\SUPERAntiSpyware.com
2012-11-03 08:41 . 2012-11-03 08:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-11-03 08:41 . 2012-11-03 08:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-11-03 07:12 . 2012-11-03 07:43 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E887BCC-FE74-4785-91FD-6D3011AC57F5}\offreg.dll
2012-11-02 05:57 . 2012-10-17 01:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E887BCC-FE74-4785-91FD-6D3011AC57F5}\mpengine.dll
2012-11-01 06:26 . 2012-11-01 06:39 -------- d-----w- c:\program files\trend micro
2012-11-01 06:26 . 2012-11-02 06:07 -------- d-----w- C:\rsit
2012-10-31 09:33 . 2012-08-23 08:19 4916224 ----a-w- c:\windows\system32\mstscax.dll
2012-10-31 09:33 . 2012-10-31 09:33 -------- d-----w- c:\users\UpdatusUser
2012-10-31 09:32 . 2012-10-10 20:14 52584 ----a-w- c:\windows\system32\OpenCL.dll
2012-10-31 09:31 . 2012-10-31 09:31 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-10-31 09:31 . 2012-10-31 09:33 -------- d-----w- c:\program files\NVIDIA Corporation
2012-10-31 09:24 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-31 09:24 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-31 09:24 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2012-10-31 09:24 . 2012-08-24 16:57 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-31 09:24 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-31 09:24 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-10-31 09:10 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-31 09:09 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-31 09:09 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-10-31 09:09 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-10-31 09:09 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2012-10-31 09:09 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-31 09:09 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-10-31 09:09 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-10-31 09:09 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-31 09:09 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-31 09:09 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-24 04:53 . 2012-10-24 04:53 -------- d-----w- c:\program files\Common Files\Java
2012-10-12 05:25 . 2012-10-12 05:25 -------- d-----w- c:\users\klug\AppData\Roaming\LavasoftStatistics
2012-10-12 05:24 . 2012-10-12 05:25 -------- d-----w- c:\users\klug\AppData\Roaming\Ad-Aware Antivirus
2012-10-10 20:15 . 2012-10-10 20:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:15 . 2012-10-10 20:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:14 . 2012-10-10 20:14 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-10 20:14 . 2012-10-10 20:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:14 . 2012-10-10 20:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:14 . 2012-10-10 20:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:14 . 2012-10-10 20:14 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-10-10 20:14 . 2012-10-10 20:14 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-10 20:14 . 2012-10-10 20:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 07:43 . 2012-04-04 05:05 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-22 07:43 . 2011-05-16 04:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 20:14 . 2009-09-17 23:33 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-10-10 20:14 . 2009-09-17 23:33 2428776 ----a-w- c:\windows\system32\nvapi.dll
2012-10-10 20:14 . 2009-09-17 23:33 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
2012-10-02 19:29 . 2009-07-14 17:50 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:29 . 2009-07-14 17:50 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:29 . 2009-07-14 17:50 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:29 . 2009-07-14 17:50 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:29 . 2009-07-14 17:50 2853224 ----a-w- c:\windows\system32\nvsvc.dll
2012-10-02 19:28 . 2009-07-14 17:50 3965288 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe
2012-09-24 13:32 . 2012-09-06 05:02 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 13:32 . 2010-12-08 08:29 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-23 15:52 . 2012-10-31 09:34 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-10-27 09:31 . 2012-10-19 10:16 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"AutoLockProcess"="c:\program files\Acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe" [2009-02-17 446464]
"Acer PowerSaver"="c:\program files\Acer\Acer PowerSaver\PowerSaverTray.exe" [2009-04-17 434176]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
c:\users\klug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 eLock2BurnerLockDriver;Disk Performance Monitor Filter Driver;c:\windows\system32\DRIVERS\eLock2BurnerLockDriver.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\DRIVERS\eLock2FSCTLDriver.sys [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [x]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
GPSvcGroup REG_MULTI_SZ GPSvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
FF - ProfilePath - c:\users\klug\AppData\Roaming\Mozilla\Firefox\Profiles\ucnic6n5.default\
FF - ExtSQL: 2012-09-06 07:02; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-09-11 10:38; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\klug\AppData\Roaming\Mozilla\Firefox\Profiles\ucnic6n5.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: 2012-10-24 06:52; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2012-11-03 10:03:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-03 09:03
ComboFix2.txt 2012-11-03 07:26
.
Před spuštěním: Volných bajtů: 87 865 352 192
Po spuštění: Volných bajtů: 87 620 530 176
.
- - End Of File - - 73712EAE2701412D0B1FFB4C2CE5694C

[vyosek]

Jak se chova PC

[Donuts]

Reklama na me znovu vyskocila.

Uz to vypadalo, ze je vsechno v poradku ale po chvili pouzivani prohlizece je vse pri starem.

[vyosek]

Dejte mi prosim screen te reklamy

[Donuts]

scr.jpg (158.36 KiB) Zobrazeno 4991 x

[vyosek]

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

• Provedte aktualizaci
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[Donuts]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.11.03.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
klug :: TRONICEK-PC [administrátor]

Ochrana: Povolena

3.11.2012 11:28:00
mbam-log-2012-11-03 (11-28-00).txt

Typ: Úplná kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 358336
Uplynulý čas: 49 minut, 35 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[vyosek]

Zkuste jeste SAS http://forum.viry.cz/viewtopic.php?f=29&t=51359

Tak reklama vyskakuje ve vsech prohlizecich na vsech strankach

[Donuts]

Zkousel jsem IE, Firefox a Chrome, vyskakujou nahodne ve vsech.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/05/2012 at 11:56 AM

Application Version : 5.6.1014

Core Rules Database Version : 9528
Trace Rules Database Version: 7340

Scan type : Complete Scan
Total Scan Time : 00:43:47

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 786
Memory threats detected : 0
Registry items scanned : 41727
Registry threats detected : 0
File items scanned : 44878
File threats detected : 36

Adware.Tracking Cookie
C:\Users\klug\AppData\Roaming\Microsoft\Windows\Cookies\WOE9VMOL.txt [ /www.mediahouse.cz ]
C:\Users\klug\AppData\Roaming\Microsoft\Windows\Cookies\3AI3SE3G.txt [ /imedia.cz ]
C:\Users\klug\AppData\Roaming\Microsoft\Windows\Cookies\P0TZTL1Q.txt [ /adform.net ]
C:\Users\klug\AppData\Roaming\Microsoft\Windows\Cookies\785RFYQT.txt [ /imrworldwide.com ]
C:\Users\klug\AppData\Roaming\Microsoft\Windows\Cookies\4S8W6QRT.txt [ /idnes.cz ]
C:\Users\klug\AppData\Roaming\Microsoft\Windows\Cookies\XC6SQCOY.txt [ /collective-media.net ]
C:\Users\klug\AppData\Roaming\Microsoft\Windows\Cookies\KOMO30AZ.txt [ /track.adform.net ]
C:\Users\klug\AppData\Roaming\Microsoft\Windows\Cookies\V4KVV9X7.txt [ /ona.idnes.cz ]
C:\Users\klug\AppData\Roaming\Microsoft\Windows\Cookies\0D000TI8.txt [ /etargetnet.com ]
C:\Users\klug\AppData\Roaming\Microsoft\Windows\Cookies\UVAOHXRB.txt [ /serving-sys.com ]
C:\Users\klug\AppData\Roaming\Microsoft\Windows\Cookies\4R130DAI.txt [ /www.idnes.cz ]
C:\Users\klug\AppData\Roaming\Microsoft\Windows\Cookies\1PQSXRDH.txt [ /exoclick.com ]
C:\Users\klug\AppData\Roaming\Microsoft\Windows\Cookies\B2D3C1RO.txt [ /ad.yieldmanager.com ]
C:\Users\klug\AppData\Roaming\Microsoft\Windows\Cookies\AX51DG95.txt [ /zpravy.idnes.cz ]
C:\Users\klug\AppData\Roaming\Microsoft\Windows\Cookies\8NL7L4BB.txt [ /e-webtrack.net ]
ad.adverticum.net [ C:\USERS\KLUG\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LQYW94UV ]
cdn.complexmedianetwork.com [ C:\USERS\KLUG\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LQYW94UV ]
core.insightexpressai.com [ C:\USERS\KLUG\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LQYW94UV ]
core.saymedia.com [ C:\USERS\KLUG\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LQYW94UV ]
g.idnes.cz [ C:\USERS\KLUG\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LQYW94UV ]
ia.media-imdb.com [ C:\USERS\KLUG\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LQYW94UV ]
media.novinky.cz [ C:\USERS\KLUG\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LQYW94UV ]
secure-uk.imrworldwide.com [ C:\USERS\KLUG\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LQYW94UV ]
track.adform.net [ C:\USERS\KLUG\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LQYW94UV ]
.toplist.cz [ C:\USERS\KLUG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCNIC6N5.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\KLUG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCNIC6N5.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\KLUG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCNIC6N5.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\KLUG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCNIC6N5.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\KLUG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCNIC6N5.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\KLUG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCNIC6N5.DEFAULT\COOKIES.SQLITE ]
.idnes.cz [ C:\USERS\KLUG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCNIC6N5.DEFAULT\COOKIES.SQLITE ]
.idnes.cz [ C:\USERS\KLUG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCNIC6N5.DEFAULT\COOKIES.SQLITE ]
okamura.blog.idnes.cz [ C:\USERS\KLUG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCNIC6N5.DEFAULT\COOKIES.SQLITE ]
okamura.blog.idnes.cz [ C:\USERS\KLUG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCNIC6N5.DEFAULT\COOKIES.SQLITE ]
blog2.idnes.cz [ C:\USERS\KLUG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCNIC6N5.DEFAULT\COOKIES.SQLITE ]
blog2.idnes.cz [ C:\USERS\KLUG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UCNIC6N5.DEFAULT\COOKIES.SQLITE ]

[vyosek]

Nalezy smazte

Zkuste jeste dle kolegyne

Smažte cache Opery/Firefoxu bud ručně nebo ATF Cleanerem
http://www.slunecnice.cz/sw/atf-cleaner/

- v menu nahoře vyberte záložku Firefox / Opera a klikněte na ni
- zatrhněte Select All a pak klikněte na Empty Selected

- Na záložce main zaškrtněte All users temp a potvrdte Empty selected