prosím o kontrolu logu

[Skratchy]

Dobrý den!Tak jsem udělal ten sken a tady je log(zdá se mi poněkud krátký ,je to ten který jste myslela?)

Automatická kontrola: dokončeno před 8 hod. (události: 4, objekty: 729971, čas: 09:05:01)
8.3.2011 21:25:08 Úloha byla spuštěna
9.3.2011 3:19:58 Zjištěno: HackTool.Win32.BruteForce.it C:\Program Files\GamePark\GameparkUpdate.exe
9.3.2011 6:30:09 Odstraněno: HackTool.Win32.BruteForce.it C:\Program Files\GamePark\GameparkUpdate.exe
9.3.2011 6:30:10 Úloha byla dokončena

[motji]

Ano, takže ten vir se nepotvrdil .
Odinstalujte veškeré antivirové zapezpečení, co máte v pc.
(vemte to třeba přes revo uninstaller)

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

[Skratchy]

uf,to jsem rád...děkuji.K čemu combofix?A to odinstalování antivirů,je to moudré ?

[motji]

Máte tam přehršele antivirů, což moudré vůbec není. Na 1systém patří jeden antivir a 1 firewall.
Combofix je proto, aby zjistil, jeslti nemáte nějakého škůdce v počítači

[Skratchy]

log:

ComboFix 11-03-08.09 - Standard 09.03.2011 16:52:53.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3070.2550 [GMT 1:00]
Spuštěný z: c:\documents and settings\Standard\Dokumenty\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Autorun.inf
c:\windows\system32\Ijl11.dll
c:\windows\system32\vbpng1.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-09 do 2011-03-09 )))))))))))))))))))))))))))))))
.
.
2011-03-09 15:47 . 2011-03-09 15:47 -------- d-----w- c:\windows\LastGood
2011-03-09 13:43 . 2011-03-09 13:43 -------- d-----w- c:\documents and settings\LocalService\Plocha
2011-03-08 20:11 . 2011-03-08 20:11 -------- d-----w- c:\program files\CCleaner
2011-03-08 20:08 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\72691762.sys
2011-03-08 20:08 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\7269176.sys
2011-03-08 20:08 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\72691761.sys
2011-03-08 19:05 . 2011-03-08 19:05 -------- d-----w- C:\rsit
2011-03-08 19:05 . 2011-03-08 19:05 -------- d-----w- c:\program files\trend micro
2011-02-23 17:47 . 2011-02-23 17:47 -------- d-----w- c:\documents and settings\Standard\Local Settings\Data aplikací\Chromium
2011-02-23 17:44 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-02-23 17:44 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-02-23 17:44 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-02-23 17:44 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-02-13 17:26 . 2011-02-13 17:26 -------- d-----w- c:\program files\Common Files\BioWare
2011-02-13 15:47 . 2011-02-14 15:17 -------- d-----w- c:\program files\mass effect
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-09 14:23 . 2010-11-17 13:41 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-09 14:21 . 2010-11-17 13:40 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-09 14:21 . 2009-10-24 18:59 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-21 14:44 . 1980-01-01 00:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 1980-01-01 00:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 1980-01-01 00:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 1980-01-01 00:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 1980-01-01 00:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 1980-01-01 00:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 1980-01-01 00:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 1980-01-01 00:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 1980-01-01 00:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-13 15:56 . 2010-12-13 15:56 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-11-17 1242448]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-11-16 172856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-14 98304]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-30 18082304]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Standard\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-9-11 393216]
setup_9.0.0.722_08.03.2011_22-29.lnk - c:\documents and settings\Standard\Plocha\Virus Removal Tool\setup_9.0.0.722_08.03.2011_22-29\startup.exe [2011-3-8 72208]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.0\\cnc3ep1.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.2\\cnc3ep1.dat"=
"c:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\Steam\\steamapps\\skratchy78\\source dedicated server\\srcds.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\F4Fx\\HalfLife2\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Midway Home Entertainment\\Rise and Fall\\RiseAndFall.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e. beta\\Ruse.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
"c:\\Documents and Settings\\Standard\\Plocha\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Steam\\steamapps\\skratchy78\\zombie panic! source dedicated server\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\skratchy78\\insurgency dedicated server\\srcds.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.3.game"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 4 Tiberian Twilight\\Data\\CNC4.game"=
"c:\\Program Files\\mass effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\mass effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\total war shogun 2 demo\\Shogun2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\napoleon total war\\Napoleon.exe"=
.
R0 72691762;72691762 Boot Guard Driver;c:\windows\system32\drivers\72691762.sys [8.3.2011 21:08 37392]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.12.2010 16:56 691696]
R1 72691761;72691761;c:\windows\system32\drivers\72691761.sys [8.3.2011 21:08 128016]
R1 setup_9.0.0.722_08.03.2011_22-29drv;setup_9.0.0.722_08.03.2011_22-29drv;c:\windows\system32\drivers\7269176.sys [8.3.2011 21:08 315408]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [10.7.2009 10:03 222456]
R4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.9.2010 20:00 135664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [26.12.2010 19:57 88176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]
S3 utm3mjuw;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utm3mjuw.sys --> c:\windows\system32\Drivers\utm3mjuw.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 19:00]
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 19:00]
.
2011-03-09 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 20:44]
.
2011-03-09 c:\windows\Tasks\User_Feed_Synchronization-{784765F5-BA96-438B-97D0-EF8805692BD1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Standard\Data aplikací\Mozilla\Firefox\Profiles\qfdwzdgr.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=42&tp=ab&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: PandoraTV Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-09 16:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3723271197-3137500025-2304659736-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c7,35,fb,59,26,f1,96,d7,87,e4,13,60,c4,ef,61,d3,a5,29,5e,01,36,eb,af,
6c,4d,f9,2e,41,bd,b0,45,b3,90,10,9f,85,1f,73,91,6a,ab,19,64,2d,a8,09,59,cc,\
"??"=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95
.
[HKEY_USERS\S-1-5-21-3723271197-3137500025-2304659736-1006\Software\SecuROM\License information*]
"datasecu"=hex:5c,59,b9,b4,ef,d2,25,39,93,c4,ab,83,1a,be,fe,b0,73,54,50,49,79,
6d,88,c8,c1,db,38,34,3b,2e,64,a0,4a,c4,8d,5f,ff,d7,54,32,c2,1c,08,67,82,63,\
"rkeysecu"=hex:17,0c,8b,a8,75,cb,05,56,56,b0,06,85,72,9c,ba,40
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2011-03-09 16:57:51
ComboFix-quarantined-files.txt 2011-03-09 15:57
.
Před spuštěním: Volných bajtů: 620 082 355 712
Po spuštění: Volných bajtů: 620 071 862 784
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - EB21206EAD794E63F1E045551B82C2F2

[motji]

Který antivir necháte? Zbytky Vám domažu.

[Skratchy]

AVG si asi nechám a prosím Vás ten log je v pořádku?

[tuvok07]

Mno nevím, AVG zrovna nepatří mezi špičku - ovšem pokud vám ještě běží licence, je to něco jiného.... K logu se vyjádří kolegyně

[motji]

Zrovna AVG bych Vám nedoporučovala, ale záleží na Vás

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

File::
 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\windows\system32\Drivers\utm3mjuw.sys
c:\windows\system32\drivers\72691762.sys
c:\windows\system32\drivers\72691761.sys 
c:\windows\system32\drivers\7269176.sys 
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk 

Folder::
c:\program files\Ask.com
c:\program files\McAfee Security Scan
c:\progra~1\mcafee

Driver::
utm3mjuw
McComponentHostService
McAfee SiteAdvisor Service
setup_9.0.0.722_08.03.2011_22-29drv
72691761
 72691762

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[Skratchy]

no já mám ještě licenci tak proto ....jenom před tím než udělám to s tim combofixem,mám zase odinstalovat AVG?

[motji]

ANo

[Skratchy]

tady je ten log:

ComboFix 11-03-08.09 - Standard 10.03.2011 17:20:39.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3070.2456 [GMT 1:00]
Spuštěný z: c:\documents and settings\Standard\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Standard\Plocha\CFScript.txt
.
FILE ::
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk"
"c:\windows\system32\drivers\7269176.sys"
"c:\windows\system32\drivers\72691761.sys"
"c:\windows\system32\drivers\72691762.sys"
"c:\windows\system32\Drivers\utm3mjuw.sys"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\mcafee
c:\progra~1\mcafee\SiteAdvisor\ActUtil.exe
c:\progra~1\mcafee\SiteAdvisor\Components\IMcFFPlg.xpt
c:\progra~1\mcafee\SiteAdvisor\Components\McFFPlg.dll
c:\progra~1\mcafee\SiteAdvisor\contents.rdf
c:\progra~1\mcafee\SiteAdvisor\default.txt
c:\progra~1\mcafee\SiteAdvisor\Download\s27k
c:\progra~1\mcafee\SiteAdvisor\elist.dat
c:\progra~1\mcafee\SiteAdvisor\chr.inf
c:\progra~1\mcafee\SiteAdvisor\chrome.manifest
c:\progra~1\mcafee\SiteAdvisor\install.rdf
c:\progra~1\mcafee\SiteAdvisor\mcbrwctl.dll
c:\progra~1\mcafee\SiteAdvisor\McChPlg.crx
c:\progra~1\mcafee\SiteAdvisor\McIEPlg.dll
c:\progra~1\mcafee\SiteAdvisor\McPlgUI.dll
c:\progra~1\mcafee\SiteAdvisor\McSACore.exe
c:\progra~1\mcafee\SiteAdvisor\McSACorePS.dll
c:\progra~1\mcafee\SiteAdvisor\SA_indep.inf
c:\progra~1\mcafee\SiteAdvisor\SA_main.inf
c:\progra~1\mcafee\SiteAdvisor\SA_win32.inf
c:\progra~1\mcafee\SiteAdvisor\sahook.dll
c:\progra~1\mcafee\SiteAdvisor\saplugin.dll
c:\progra~1\mcafee\SiteAdvisor\sares.dll
c:\progra~1\mcafee\SiteAdvisor\saSets.ini
c:\progra~1\mcafee\SiteAdvisor\SaSSHMod.dll
c:\progra~1\mcafee\SiteAdvisor\saupkeep.dll
c:\progra~1\mcafee\SiteAdvisor\Scripts\balloon.html
c:\progra~1\mcafee\SiteAdvisor\Scripts\balloon.js
c:\progra~1\mcafee\SiteAdvisor\Scripts\balloon_logo.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\balloon_logo_plus.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\blackpixel.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\bullet.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\button_black.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\button_black_lock.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\button_disabled.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\button_green.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\button_green_lock.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\button_grey.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\button_grey_lock.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\button_hs.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\button_hs_lock.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\button_red.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\button_red_lock.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\button_yellow.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\button_yellow_lock.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\common.js
c:\progra~1\mcafee\SiteAdvisor\Scripts\corner-solid.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\cornersm-hollow.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\cornersm-solid.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\down_arrow.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\download_careful.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\download_unsafe.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\empty.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\error-icon.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\favicon.ico
c:\progra~1\mcafee\SiteAdvisor\Scripts\g_banner_c.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\g_banner_l.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\g_banner_r.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\g_banner_sep.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\g_bottom_c.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\g_bottom_l.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\g_bottom_r.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\g_bottom_sep.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\g_facet.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\g_footer_c.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\g_footer_l.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\g_footer_r.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\g_header_c.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\g_header_l.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\g_header_r.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\g_icon.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\g_upsell_border.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\gleftarrow.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\green.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\grightarrow.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\hackersafe.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\hs.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\hs_icon.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\inst-background.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\inst-top.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\inst-xup.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\large-buttonC.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\large-buttonL.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\large-buttonR.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\main.js
c:\progra~1\mcafee\SiteAdvisor\Scripts\mcafee_logo.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\mcafee_yahoo_cobranded_toolbar.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\mcafeesiteadvisor.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\mcwedge.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\nb_arrow_down.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\nb_arrow_up.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\nb_button_black.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\nb_button_black_lock.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\nb_button_disabled.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\nb_button_green.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\nb_button_green_lock.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\nb_button_grey.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\nb_button_grey_lock.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\nb_button_hs.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\nb_button_hs_lock.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\nb_button_red.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\nb_button_red_lock.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\nb_button_yellow.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\nb_button_yellow_lock.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\protectedmode.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\protection.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\protmode-off.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\protmode-on.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\question-icon.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\r_banner_c.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\r_banner_l.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\r_banner_r.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\r_banner_sep.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\r_bottom_c.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\r_bottom_l.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\r_bottom_r.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\r_bottom_sep.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\r_facet.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\r_footer_c.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\r_footer_l.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\r_footer_r.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\r_header_c.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\r_header_l.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\r_header_r.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\r_header_r_nox.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\r_icon.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\r_upsell_border.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\red.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\redarrow.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\rleftarrow.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\rrightarrow.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\sa-logo-plus.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\sa-logo.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\safe.js
c:\progra~1\mcafee\SiteAdvisor\Scripts\safe.xul
c:\progra~1\mcafee\SiteAdvisor\Scripts\safe_im.js
c:\progra~1\mcafee\SiteAdvisor\Scripts\safeshare_green.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\safeshare_grey.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\safeshare_red.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\safeshare_yellow.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\saffplg.js
c:\progra~1\mcafee\SiteAdvisor\Scripts\SAPlus-graphic.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\searchglass.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\selected_tab.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\siteadvisor.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\SliderA1.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\SliderA2.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\SliderA3.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\SliderA4.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\SliderD1.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\SliderD2.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\SliderD3.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\SliderD4.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\small-buttonC.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\small-buttonL.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\small-buttonR.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\ss_bottom_c.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\ss_bottom_l.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\ss_bottom_r.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\ss_copylink_off.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\ss_copylink_on.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\ss_facebook_off.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\ss_facebook_on.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\ss_footer_c.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\ss_footer_l.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\ss_footer_r.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\ss_header_c.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\ss_header_l.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\ss_header_r.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\ss_twitter_off.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\ss_twitter_on.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\unselected_tab.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\untested.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\w_banner_c.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\w_banner_l.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\w_banner_r.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\w_banner_sep.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\w_bottom_c.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\w_bottom_l.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\w_bottom_r.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\w_bottom_sep.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\w_footer_c.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\w_footer_l.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\w_footer_r.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\w_header_c.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\w_header_l.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\w_header_r.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\w_icon.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\w_upsell_border.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\wleftarrow.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\wrightarrow.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\xup.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\y_banner_c.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\y_banner_l.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\y_banner_r.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\y_banner_sep.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\y_bottom_c.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\y_bottom_l.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\y_bottom_r.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\y_bottom_sep.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\y_facet.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\y_footer_c.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\y_footer_l.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\y_footer_r.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\y_header_c.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\y_header_l.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\y_header_r.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\y_header_r_nox.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\y_icon.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\y_upsell_border.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\yellow.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\yleftarrow.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\yrightarrow.gif
c:\progra~1\mcafee\SiteAdvisor\Scripts\ytri.gif
c:\progra~1\mcafee\SiteAdvisor\uninstall.exe
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_9e.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\McAfee Security Scan
c:\program files\McAfee Security Scan\2.0.181\AVScanComponent.dll
c:\program files\McAfee Security Scan\2.0.181\AVScanner.ini
c:\program files\McAfee Security Scan\2.0.181\avvclean.dat
c:\program files\McAfee Security Scan\2.0.181\avvnames.dat
c:\program files\McAfee Security Scan\2.0.181\avvscan.dat
c:\program files\McAfee Security Scan\2.0.181\config.dat
c:\program files\McAfee Security Scan\2.0.181\ftconfig.ini
c:\program files\McAfee Security Scan\2.0.181\McAfee.ico
c:\program files\McAfee Security Scan\2.0.181\mcbrwsr2.dll
c:\program files\McAfee Security Scan\2.0.181\MCCompHostConfig.ini
c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe
c:\program files\McAfee Security Scan\2.0.181\mcscan32.dll
c:\program files\McAfee Security Scan\2.0.181\mcuicnt.exe
c:\program files\McAfee Security Scan\2.0.181\McUpdater.dll
c:\program files\McAfee Security Scan\2.0.181\sa_cache_sqlite.dll
c:\program files\McAfee Security Scan\2.0.181\sa_http_win32.dll
c:\program files\McAfee Security Scan\2.0.181\sa_mbl.dll
c:\program files\McAfee Security Scan\2.0.181\sa_store_sqlite.dll
c:\program files\McAfee Security Scan\2.0.181\sacore.db
c:\program files\McAfee Security Scan\2.0.181\sacore.dll
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_filetypes.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_hosting.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_tlds.txt
c:\program files\McAfee Security Scan\2.0.181\SecurityScanner.dll
c:\program files\McAfee Security Scan\2.0.181\SecurityScanner_LD.dll
c:\program files\McAfee Security Scan\2.0.181\sqlite3.dll
c:\program files\McAfee Security Scan\2.0.181\SSCustom_LD.dll
c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\program files\McAfee Security Scan\2.0.181\WebInfoScanner.dll
c:\program files\McAfee Security Scan\2.0.181\WMIScanner.dll
c:\program files\McAfee Security Scan\uninstall.exe
c:\windows\system32\drivers\7269176.sys
c:\windows\system32\drivers\72691761.sys
c:\windows\system32\drivers\72691762.sys
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_72691761
-------\Legacy_72691762
-------\Legacy_MCAFEE_SITEADVISOR_SERVICE
-------\Legacy_MCCOMPONENTHOSTSERVICE
-------\Legacy_SETUP_9.0.0.722_08.03.2011_22-29DRV
-------\Service_72691761
-------\Service_72691762
-------\Service_McAfee SiteAdvisor Service
-------\Service_McComponentHostService
-------\Service_setup_9.0.0.722_08.03.2011_22-29drv
-------\Service_utm3mjuw
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-10 do 2011-03-10 )))))))))))))))))))))))))))))))
.
.
2011-03-10 16:15 . 2011-03-10 16:15 -------- d-----w- c:\windows\LastGood.Tmp
2011-03-09 13:43 . 2011-03-09 13:43 -------- d-----w- c:\documents and settings\LocalService\Plocha
2011-03-08 20:11 . 2011-03-08 20:11 -------- d-----w- c:\program files\CCleaner
2011-03-08 19:05 . 2011-03-08 19:05 -------- d-----w- C:\rsit
2011-03-08 19:05 . 2011-03-08 19:05 -------- d-----w- c:\program files\trend micro
2011-02-23 17:47 . 2011-02-23 17:47 -------- d-----w- c:\documents and settings\Standard\Local Settings\Data aplikací\Chromium
2011-02-23 17:44 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-02-23 17:44 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-02-23 17:44 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-02-23 17:44 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-02-13 17:26 . 2011-02-13 17:26 -------- d-----w- c:\program files\Common Files\BioWare
2011-02-13 15:47 . 2011-02-14 15:17 -------- d-----w- c:\program files\mass effect
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-09 18:51 . 2010-11-17 13:41 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-09 18:51 . 2010-11-17 13:40 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-09 18:51 . 2009-10-24 18:59 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-02-09 13:53 . 1980-01-01 00:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 1980-01-01 00:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-06-25 13:27 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-06-25 13:27 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 1980-01-01 00:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 1980-01-01 00:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 1980-01-01 00:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 1980-01-01 00:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 1980-01-01 00:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 1980-01-01 00:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 1980-01-01 00:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 1980-01-01 00:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 1980-01-01 00:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-13 15:56 . 2010-12-13 15:56 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-11-17 1242448]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-11-16 172856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-14 98304]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-30 18082304]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Standard\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-9-11 393216]
setup_9.0.0.722_08.03.2011_22-29.lnk - c:\documents and settings\Standard\Plocha\Virus Removal Tool\setup_9.0.0.722_08.03.2011_22-29\startup.exe [2011-3-8 72208]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.0\\cnc3ep1.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.2\\cnc3ep1.dat"=
"c:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\Steam\\steamapps\\skratchy78\\source dedicated server\\srcds.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\F4Fx\\HalfLife2\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Midway Home Entertainment\\Rise and Fall\\RiseAndFall.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e. beta\\Ruse.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
"c:\\Documents and Settings\\Standard\\Plocha\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Steam\\steamapps\\skratchy78\\zombie panic! source dedicated server\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\skratchy78\\insurgency dedicated server\\srcds.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.3.game"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 4 Tiberian Twilight\\Data\\CNC4.game"=
"c:\\Program Files\\mass effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\mass effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\total war shogun 2 demo\\Shogun2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\napoleon total war\\Napoleon.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.12.2010 16:56 691696]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [10.7.2009 10:03 222456]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.9.2010 20:00 135664]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 19:00]
.
2011-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-26 19:00]
.
2011-03-10 c:\windows\Tasks\User_Feed_Synchronization-{784765F5-BA96-438B-97D0-EF8805692BD1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Standard\Data aplikací\Mozilla\Firefox\Profiles\qfdwzdgr.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=42&tp=ab&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: PandoraTV Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A} - c:\program files\McAfee\SiteAdvisor\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-10 17:29
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3723271197-3137500025-2304659736-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c7,35,fb,59,26,f1,96,d7,87,e4,13,60,c4,ef,61,d3,a5,29,5e,01,36,eb,af,
6c,4d,f9,2e,41,bd,b0,45,b3,90,10,9f,85,1f,73,91,6a,ab,19,64,2d,a8,09,59,cc,\
"??"=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95
.
[HKEY_USERS\S-1-5-21-3723271197-3137500025-2304659736-1006\Software\SecuROM\License information*]
"datasecu"=hex:5c,59,b9,b4,ef,d2,25,39,93,c4,ab,83,1a,be,fe,b0,73,54,50,49,79,
6d,88,c8,c1,db,38,34,3b,2e,64,a0,4a,c4,8d,5f,ff,d7,54,32,c2,1c,08,67,82,63,\
"rkeysecu"=hex:17,0c,8b,a8,75,cb,05,56,56,b0,06,85,72,9c,ba,40
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2948)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Ovislink\Common\RalinkRegistryWriter.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.BIN
c:\documents and settings\Standard\Plocha\Virus Removal Tool\setup_9.0.0.722_08.03.2011_22-29\setup_9.0.0.722_08.03.2011_22-29.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-03-10 17:35:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-10 16:35
ComboFix2.txt 2011-03-09 15:57
.
Před spuštěním: Volných bajtů: 619 547 906 560
Po spuštění: Volných bajtů: 619 377 534 976
.
- - End Of File - - 5309AFB6B0388A92A473A2D4E92498C0

[motji]

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://tharifas.sweb.cz/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

[Skratchy]

Ten combofix mi nejde přes Start odstranit.Když zadám ten příkaz tak se spustí jako kdybych ho zapínal,nejde odstranit přes přidat/odebrat?

[tuvok07]

On se spustí a sám sebe odinstaluje