prosím o radu se spywarem

[tob2]

Když na to kliknu tak mi to napíše : " Položka CFScript.txt, na kterou odkazuje tento zástupce, byla změněna nebo přesunuta, takže zástupce již nebude pracovat správně. Chcete tohoto zástupce odstranit?"

[vyosek]

Ale log z CF by mel byt c:\combofix.txt

[tob2]

Ano, omlouvám se tady je ten log:

ComboFix 12-11-22.03 - Tomas 25.11.2012 22:47:02.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3069.1760 [GMT 1:00]
Spuštěný z: c:\users\Tomas\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Tomas\Desktop\CFScript.txt
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_yksvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-25 do 2012-11-25 )))))))))))))))))))))))))))))))
.
.
2012-11-25 21:54 . 2012-11-25 21:54 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA1DC49B-F819-4950-A215-9E950EF64959}\offreg.dll
2012-11-25 21:53 . 2012-11-25 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-24 22:08 . 2012-11-24 22:08 -------- d-----w- C:\_OTL
2012-11-24 13:04 . 2012-11-24 13:04 512 ----a-w- C:\PhysicalMBR.bin
2012-11-23 22:27 . 2012-11-23 22:27 -------- d-----w- c:\program files\Verdict Free
2012-11-23 14:26 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA1DC49B-F819-4950-A215-9E950EF64959}\mpengine.dll
2012-11-22 21:54 . 2012-11-22 21:54 -------- d-----w- c:\users\Tomas\AppData\Local\CRE
2012-11-20 22:26 . 2012-11-20 22:26 14336 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-11-19 10:23 . 2012-11-19 10:23 -------- d-----w- c:\program files\MSSOAP
2012-11-19 09:12 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-19 09:12 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-19 09:12 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-19 09:09 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-19 09:09 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-19 09:09 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-19 09:09 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-19 09:09 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-19 09:09 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-19 09:09 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-18 21:32 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-18 21:32 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-18 21:32 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-18 21:32 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-18 21:32 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-18 21:32 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-18 21:32 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-18 21:32 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-18 21:30 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-18 21:30 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-18 21:30 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-18 21:30 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-18 21:27 . 2012-11-18 21:27 -------- d-----w- c:\users\Tomas\AppData\Roaming\Malwarebytes
2012-11-18 21:27 . 2012-11-18 21:27 -------- d-----w- c:\programdata\Malwarebytes
2012-11-17 20:06 . 2012-11-22 18:18 -------- d-----w- c:\program files\trend micro
2012-11-17 20:06 . 2012-11-17 20:06 -------- d-----w- C:\rsit
2012-11-02 19:41 . 2012-11-02 19:47 -------- d-----w- c:\users\Tomas\AppData\Local\STDUViewer
2012-11-02 19:41 . 2012-11-02 19:41 -------- d-----w- c:\program files\Common Files\STDUtility
2012-11-02 19:41 . 2012-11-02 19:41 -------- d-----w- c:\program files\STDU Viewer
2012-10-31 23:09 . 2012-10-31 23:40 -------- d-----w- c:\users\Tomas\AppData\Local\NPE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-14 18:28 . 2012-10-09 18:50 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18 . 2012-10-09 18:48 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-09 18:48 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-09 18:48 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 22:19 . 2012-07-17 09:26 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-05 458844]
.
c:\users\Tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Game Alarm.lnk - c:\games\Game Alarm\gamealarm.exe [2010-7-13 19721728]
Landi 11.lnk - c:\program files\landi 11\Landi11.exe [2011-1-16 2691072]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-3 525664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604000.009\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604000.009\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20121106.001\BHDrvx86.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604000.009\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20121123.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604000.009\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0604000.009\SYMNETS.SYS [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_78abd0f66cc3a020\aestsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
S3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\DRIVERS\5U876.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page =
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\
FF - ExtSQL: 2012-11-19 11:23; toolbar@ask.com; c:\users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\toolbar@ask.com
FF - ExtSQL: 2012-11-22 22:54; {3cb37734-f8da-48ef-89e2-f393f707e839}; c:\users\Tomas\AppData\Roaming\Mozilla\Firefox\Profiles\jwpo806d.default\extensions\{3cb37734-f8da-48ef-89e2-f393f707e839}
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5148)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_78abd0f66cc3a020\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-11-25 23:00:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-25 22:00
ComboFix2.txt 2012-11-25 14:38
.
Před spuštěním: Volných bajtů: 250 045 878 272
Po spuštění: Volných bajtů: 249 559 597 056
.
- - End Of File - - EB08B7088E4A731BF082010E1BF9AB04

[vyosek]

No, to je vonco a uz i log se mi zda byt cisty...

Jak se chova PC, muzem pouklizet

[tob2]

Ano. Děkuji moc.

[vyosek]

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[tob2]

Děkuji Vám!

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy

A na zaklade Pravidla o zamykani temat