VIRY.CZ

Co jste instalovala těsně před tím, než se problém objevil?

odinstalovala som ICQ a terminator spyware

To je chyba spojení. Zkuste nejprve vypnout antivir, příp firewall a vyzkoušet, co to provede. Když nic, prověřte kabel k modemu, příp dalšímu síť prvku v datové cestě. Zkuste restartovat modem, v PC síť kartu ve správci zařízení. Vypadá to, že se PC nedostane na venkovní síť.

aj tak to nejde....neexistuje nejaky program ktory by to skontroloval

Existuje. Start>spustit>(napsat) cmd>OK. Do otevřeného okna napište.

ping www.seznam.cz

a stskněte >Enter<. Odpoví vám pravděpodobně "Vypršel časový limit...". Takže budete vědět to, co už víte.

Zkuste ještě WinsockFix: http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=22 . Utilita reinstaluje TCP/IP protokol. Máte-li parametry sítě zadány ručně, budete je muset po restartu PC znovu nastavit. Problém klidně může být i v tom, že providerovi internet prostě vypadl.

prosim o kontrolu logu z COMBOFIXU

ComboFix 11-11-02.03 - PC 02.11.2011 18:31:46.15.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.511.288 [GMT 1:00]
Running from: c:\documents and settings\PC\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 )))))))))))))))))))))))))))))))
.
.
2011-11-01 12:36 . 2011-11-01 12:36 -------- d-----w- c:\program files\Rychlé nastavení sítě
2011-11-01 11:12 . 2011-11-01 11:12 -------- d-----w- c:\program files\ICQToolbar1221
2011-10-28 21:01 . 2011-11-01 09:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-10-23 16:03 . 2011-10-23 16:03 -------- d-----w- c:\documents and settings\PC\Application Data\Avira
2011-10-23 15:59 . 2011-10-23 16:19 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-23 15:59 . 2011-10-23 16:19 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-23 15:59 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-10-23 15:59 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-10-23 15:59 . 2011-10-23 15:59 -------- d-----w- c:\program files\Avira
2011-10-23 15:59 . 2011-10-23 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-10-23 15:06 . 2011-10-23 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-10-23 14:10 . 2011-10-23 14:10 -------- d-----w- c:\program files\Crawler
2011-10-23 14:09 . 2011-06-21 09:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-10-23 13:16 . 2011-10-23 13:17 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 03:06 . 2010-09-05 08:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2009-01-24 13:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 09:41 . 2009-10-08 12:57 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2002-12-31 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2002-12-31 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2002-12-31 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2002-12-31 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2002-12-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2002-12-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2002-12-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2002-12-31 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2002-12-31 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-23_13.42.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-02 17:40 . 2011-11-02 17:40 16384 c:\windows\temp\Perflib_Perfdata_644.dat
+ 2002-12-31 12:00 . 2011-10-30 10:55 53608 c:\windows\system32\perfc009.dat
- 2002-12-31 12:00 . 2011-03-27 08:59 53608 c:\windows\system32\perfc009.dat
+ 2011-10-23 15:59 . 2009-05-11 07:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2011-11-01 09:57 . 2011-11-01 09:57 19968 c:\windows\Installer\23a2c.msi
- 2004-01-07 09:21 . 2004-01-07 09:21 237936 c:\windows\system32\unicows.dll
+ 2004-01-07 09:21 . 2004-01-07 10:21 237936 c:\windows\system32\unicows.dll
+ 2002-12-31 12:00 . 2011-10-30 10:55 383254 c:\windows\system32\perfh009.dat
- 2002-12-31 12:00 . 2011-03-27 08:59 383254 c:\windows\system32\perfh009.dat
+ 2009-08-03 13:07 . 2009-08-03 13:07 403816 c:\windows\system32\OGACheckControl.DLL
+ 2011-10-28 19:09 . 2011-10-03 03:06 157472 c:\windows\system32\javaws.exe
- 2011-08-08 15:48 . 2011-05-04 02:52 157472 c:\windows\system32\javaws.exe
- 2011-08-08 15:48 . 2011-05-04 02:52 145184 c:\windows\system32\javaw.exe
+ 2011-10-28 19:09 . 2011-10-03 03:06 145184 c:\windows\system32\javaw.exe
- 2011-08-08 15:48 . 2011-05-04 02:52 145184 c:\windows\system32\java.exe
+ 2011-10-28 19:09 . 2011-10-03 03:06 145184 c:\windows\system32\java.exe
+ 2011-10-28 19:10 . 2011-10-28 19:10 203776 c:\windows\Installer\757a50.msi
+ 2007-03-15 16:19 . 2009-06-25 11:20 1485176 c:\windows\system32\LegitCheckControl.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"Advanced SystemCare 4"="d:\advanced systemcare 4\ASCTray.exe" [2011-04-21 402832]
"ICQ"="d:\icq6\ICQ.exe" [2007-10-31 181496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-23 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2002-12-31 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2002-12-31 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2002-12-31 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\ICQ6\\ICQ.exe"=
.
R2 AdvancedSystemCareService;Advanced SystemCare Service;d:\advanced systemcare 4\ASCService.exe [6.5.2011 18:31 352656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [23.10.2011 16:59 136360]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [17.8.2011 12:00 402328]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys --> c:\windows\system32\DRIVERS\CnxTgNP.sys [?]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [11.5.2005 12:12 52384]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42]
.
2011-05-06 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- d:\advanced systemcare 4\PMonitor.exe [2011-05-06 14:54]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-746137067-1343024091-1003Core1cc7217431c80b0.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 18:48]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-746137067-1343024091-1003UA.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 18:48]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {22371112-FFB4-471E-A2F3-626B864780EE} - hxxp://www.citrid.sk/plugin/MaeCi3D.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-02 18:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2772)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\wdfmgr.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
.
**************************************************************************
.
Completion time: 2011-11-02 18:47:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-02 17:47
ComboFix2.txt 2011-10-23 15:49
ComboFix3.txt 2011-10-23 13:48
.
Pre-Run: 4 324 327 424 bytes free
Post-Run: 4 329 664 512 bytes free
.
- - End Of File - - ECFA9E8B6A8472D6B07618A733F7F1AE

Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\ICQToolbar1221

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

http://img517.imageshack.us/img517/8662 ... cript10uc2[/img].gif

to je výsledok a je možne ze preto mi nesiel aj internet


ComboFix 11-11-02.03 - PC 02.11.2011 21:18:51.16.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.511.174 [GMT 1:00]
Running from: c:\documents and settings\PC\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\PC\Desktop\CFScript.txt.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 )))))))))))))))))))))))))))))))
.
.
2011-11-01 12:36 . 2011-11-01 12:36 -------- d-----w- c:\program files\Rychlé nastavení sítě
2011-11-01 11:12 . 2011-11-01 11:12 -------- d-----w- c:\program files\ICQToolbar1221
2011-10-28 21:01 . 2011-11-01 09:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-10-23 15:06 . 2011-10-23 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-10-23 14:10 . 2011-10-23 14:10 -------- d-----w- c:\program files\Crawler
2011-10-23 14:09 . 2011-06-21 09:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-10-23 13:16 . 2011-10-23 13:17 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 03:06 . 2010-09-05 08:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2009-01-24 13:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 09:41 . 2009-10-08 12:57 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2002-12-31 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2002-12-31 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2002-12-31 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2002-12-31 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2002-12-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2002-12-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2002-12-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2002-12-31 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2002-12-31 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"Advanced SystemCare 4"="d:\advanced systemcare 4\ASCTray.exe" [2011-04-21 402832]
"ICQ"="d:\icq6\ICQ.exe" [2007-10-31 181496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2002-12-31 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2002-12-31 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2002-12-31 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\ICQ6\\ICQ.exe"=
.
R2 AdvancedSystemCareService;Advanced SystemCare Service;d:\advanced systemcare 4\ASCService.exe [6.5.2011 18:31 352656]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [17.8.2011 12:00 402328]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys --> c:\windows\system32\DRIVERS\CnxTgNP.sys [?]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [11.5.2005 12:12 52384]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42]
.
2011-05-06 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- d:\advanced systemcare 4\PMonitor.exe [2011-05-06 14:54]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-746137067-1343024091-1003Core1cc7217431c80b0.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 18:48]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-746137067-1343024091-1003UA.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 18:48]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {22371112-FFB4-471E-A2F3-626B864780EE} - hxxp://www.citrid.sk/plugin/MaeCi3D.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-02 21:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1392)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-11-02 21:28:44
ComboFix-quarantined-files.txt 2011-11-02 20:28
ComboFix2.txt 2011-11-02 17:47
ComboFix3.txt 2011-10-23 15:49
ComboFix4.txt 2011-10-23 13:48
.
Pre-Run: 4 519 587 840 bytes free
Post-Run: 4 510 101 504 voľných bajtov
.
- - End Of File - - 5ADB6F2AD03224779BBA5CE219766805

Chybně jste uložila skript. Musí se uložit jako CFScript.txt (nikoli jako CFScript.txt.txt). Adresář tím pádem nebyl smazán.

a teraz je to uz v poriadku


ComboFix 11-11-02.03 - PC 02.11.2011 22:08:10.17.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.511.175 [GMT 1:00]
Running from: c:\documents and settings\PC\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\PC\Desktop\CFScript.txt.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-10-02 to 2011-11-02 )))))))))))))))))))))))))))))))
.
.
2011-11-01 12:36 . 2011-11-01 12:36 -------- d-----w- c:\program files\Rychlé nastavení sítě
2011-11-01 11:12 . 2011-11-01 11:12 -------- d-----w- c:\program files\ICQToolbar1221
2011-10-28 21:01 . 2011-11-01 09:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-10-23 15:06 . 2011-10-23 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-10-23 14:10 . 2011-10-23 14:10 -------- d-----w- c:\program files\Crawler
2011-10-23 14:09 . 2011-06-21 09:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-10-23 13:16 . 2011-10-23 13:17 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 03:06 . 2010-09-05 08:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 00:37 . 2009-01-24 13:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-26 09:41 . 2009-10-08 12:57 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2002-12-31 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2002-12-31 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2002-12-31 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2002-12-31 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2002-12-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2002-12-31 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2002-12-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2002-12-31 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2002-12-31 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"Advanced SystemCare 4"="d:\advanced systemcare 4\ASCTray.exe" [2011-04-21 402832]
"ICQ"="d:\icq6\ICQ.exe" [2007-10-31 181496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2002-12-31 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2002-12-31 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2002-12-31 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\ICQ6\\ICQ.exe"=
.
R2 AdvancedSystemCareService;Advanced SystemCare Service;d:\advanced systemcare 4\ASCService.exe [6.5.2011 18:31 352656]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [17.8.2011 12:00 402328]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys --> c:\windows\system32\DRIVERS\CnxTgNP.sys [?]
S3 CnxTgNW;Conexant AccessRunner ADSL WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [11.5.2005 12:12 52384]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42]
.
2011-05-06 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- d:\advanced systemcare 4\PMonitor.exe [2011-05-06 14:54]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-746137067-1343024091-1003Core1cc7217431c80b0.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 18:48]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-746137067-1343024091-1003UA.job
- c:\documents and settings\PC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-15 18:48]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {22371112-FFB4-471E-A2F3-626B864780EE} - hxxp://www.citrid.sk/plugin/MaeCi3D.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-02 22:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1592)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-11-02 22:17:55
ComboFix-quarantined-files.txt 2011-11-02 21:17
ComboFix2.txt 2011-11-02 20:28
ComboFix3.txt 2011-11-02 17:47
ComboFix4.txt 2011-10-23 15:49
ComboFix5.txt 2011-11-02 21:07
.
Pre-Run: 4 519 944 192 bytes free
Post-Run: 4 511 068 160 voľných bajtov
.
- - End Of File - - E28965637BE0CAF59FF042A64200489D

Opět ne:

Command switches used :: c:\documents and settings\PC\Desktop\CFScript.txt.txt

Zkusíme to jinak. Stáhněte a spusťte Avenger: http://www.viry.cz/forum/viewtopic.php?f=11&t=19832 tímto skriptem:

Folders to delete:
c:\program files\ICQToolbar1221