Prosím o kontrolu logu Vyřešeno

[Miroslav46]

ComboFix 10-03-04.05 - Drábek Miroslav 05.03.2010 16:59:15.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1584 [GMT 1:00]
Spuštěný z: c:\documents and settings\Drábek Miroslav\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\EventSystem.log
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Ijl11.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\vbpng1.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Soubory vytvořené od 2010-02-05 do 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-05 15:50 . 2010-03-05 15:49 390144 ----a-w- c:\windows\system32\CF9352.exe
2010-03-05 14:42 . 2010-03-05 14:42 -------- d-----w- c:\program files\Trend Micro
2010-03-05 13:41 . 2010-03-05 13:40 390144 ----a-w- c:\windows\system32\CF16796.exe
2010-03-04 11:56 . 2010-03-04 11:56 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-03 07:27 . 2010-03-03 07:27 -------- d-----w- c:\program files\Redsystem
2010-03-01 10:17 . 2010-02-25 10:03 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-03-01 10:17 . 2010-02-25 09:56 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-03-01 10:16 . 2010-03-01 14:05 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-02-27 08:50 . 2010-02-27 08:50 -------- d-----w- c:\program files\Common Files\Skype
2010-02-23 10:28 . 2010-03-01 13:06 -------- d-----w- c:\program files\ProgDVB
2010-02-22 10:41 . 2010-02-22 10:41 -------- d-----w- c:\program files\TrendMicro
2010-02-19 11:45 . 2010-02-19 11:45 -------- d-----w- c:\program files\Uniblue
2010-02-14 09:29 . 2010-01-25 22:09 180807 ----a-w- c:\windows\system32\nfsILOVEU02.scr
2010-02-14 09:28 . 2010-01-25 22:13 206158 ----a-w- c:\windows\system32\nfsILOVEU04.scr
2010-02-14 09:05 . 2008-11-28 12:23 450011 ----a-w- c:\windows\system32\nfsClock03.scr
2010-02-14 07:52 . 2010-02-25 13:38 -------- d-----w- c:\program files\CCleaner
2010-02-12 21:22 . 2010-02-12 21:34 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-12 20:48 . 2010-02-12 20:48 -------- d-----w- c:\windows\Mozilla
2010-02-12 20:26 . 2010-02-14 07:50 -------- d-----w- c:\windows\Thunderbird
2010-02-11 17:20 . 2010-02-11 17:20 -------- d-----w- c:\program files\GRETECH
2010-02-10 08:21 . 2010-02-10 08:21 -------- d-----w- c:\program files\YoWindow

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 16:05 . 2008-07-18 09:49 0 -c--a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-05 16:05 . 2008-07-19 14:03 0 -c--a-w- c:\windows\system32\drivers\logiflt.iad
2010-03-05 16:04 . 2008-07-16 21:16 12 -c--a-w- c:\windows\bthservsdp.dat
2010-03-04 14:17 . 2009-11-18 21:11 -------- d-----w- c:\program files\Lavalys
2010-03-04 12:39 . 2010-03-04 11:37 5146 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-03-04 12:39 . 2008-03-26 13:01 539270 ----a-w- c:\windows\system32\perfh005.dat
2010-03-04 12:39 . 2008-03-26 13:01 121682 ----a-w- c:\windows\system32\perfc005.dat
2010-03-03 04:57 . 2009-06-14 00:05 -------- d-----w- c:\program files\Recuva
2010-03-02 09:45 . 2009-08-15 14:18 -------- d-----w- c:\program files\Opera
2010-02-22 10:31 . 2009-11-29 03:34 -------- d-----w- c:\program files\NewFreeScreensavers
2010-02-16 23:20 . 2010-01-24 23:14 -------- d-----w- c:\program files\The KMPlayer
2010-02-11 18:53 . 2009-12-12 17:36 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-11 18:53 . 2009-12-12 17:35 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-11 18:42 . 2009-12-12 17:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-11 18:42 . 2009-12-12 17:36 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-11 18:39 . 2009-12-12 17:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-11 18:38 . 2009-12-12 17:36 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-11 18:38 . 2009-12-12 17:36 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-11 18:38 . 2009-12-12 17:36 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-11 18:38 . 2009-12-12 17:36 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-22 09:56 . 2009-12-06 07:57 -------- d-----w- c:\program files\Translate Client
2010-01-21 06:44 . 2008-07-30 15:08 -------- d-----w- c:\program files\Alwil Software
2010-01-20 08:23 . 2009-08-19 08:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 18:45 . 2008-07-16 21:15 -------- d-----w- c:\program files\Launch Manager
2010-01-19 18:28 . 2010-01-19 18:28 -------- d-----w- c:\program files\Foxit Software
2010-01-19 18:16 . 2009-03-20 20:48 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-19 13:47 . 2010-01-12 03:44 -------- d-----w- c:\program files\Seznam.cz
2010-01-19 11:43 . 2008-04-01 01:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-10 14:05 . 2008-12-23 14:51 -------- d-----w- c:\program files\Bonjour
2010-01-08 10:56 . 2009-12-05 12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 15:07 . 2009-12-05 12:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-05 12:00 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2004-08-18 04:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-23 13:13 . 2009-12-23 13:13 -------- d-----w- c:\windows\Fonts\tu_rar_59582
2009-12-21 19:08 . 2007-12-07 01:08 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2004-08-18 04:00 343552 -c--a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 21:38 . 2009-12-09 21:38 -------- d-----w- c:\windows\Fonts\tu_rar_48821
2009-12-09 11:06 . 2009-12-09 11:06 341504 ----a-w- c:\windows\system32\yowindow.scr
2009-12-09 10:11 . 2007-02-28 16:09 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2007-02-28 16:08 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Seznam Postak"="c:\documents and settings\Drábek Miroslav\Local Settings\Data aplikací\Seznam.cz\postak.exe" [2010-03-01 451224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-02-11 2756488]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2008-07-26 439568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClocX]
2007-07-26 15:43 270336 -c--a-w- c:\program files\ClocX\ClocX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2007-07-04 09:44 475136 -c--a-w- c:\acer\Empowering Technology\ePower\ePower_DMC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Kalendar"=c:\program files\Kalendar\kalendar.exe
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"RocketDock"="c:\program files\RocketDock\RocketDock.exe"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"ClocX"=c:\program files\ClocX\ClocX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OODefragTray"=c:\program files\OO Software\Defrag\oodtray.exe
"Acer ePresentation HPD"=c:\acer\Empowering Technology\ePresentation\ePresentation.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"eRecoveryService"=c:\acer\Empowering Technology\eRecovery\eRAgent.exe
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"ePower_DMC"=c:\acer\Empowering Technology\ePower\ePower_DMC.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"Boot"=c:\acer\Empowering Technology\ePower\Boot.exe
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"LManager"=c:\progra~1\LAUNCH~1\LManager.exe
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.6.2009 17:09 721904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.12.2009 18:36 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.12.2009 18:36 19024]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 10:59 1047880]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S2 gupdate1c98a4559482ec3;Google Update Service (gupdate1c98a4559482ec3);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 SCRCAMDRV;ScreenCamera IM Device;c:\windows\system32\drivers\SCRCAMDRV.sys [20.2.2009 9:58 225536]
S4 SS_ACdrv;SeeStorm;c:\windows\system32\DRIVERS\ss_acdrv.sys --> c:\windows\system32\DRIVERS\ss_acdrv.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-03-01 c:\windows\Tasks\Automatická údržba.job
- c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2010-02-25 10:07]

2010-03-05 c:\windows\Tasks\User_Feed_Synchronization-{E4384B36-5BC6-468B-B6C7-95303BBE6C48}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {C3870A29-01AD-4E5C-AC52-40BC84D49FA6} = 85.132.169.2,212.71.176.49
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Drábek Miroslav\Data aplikací\Mozilla\Firefox\Profiles\dvukb146.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\Drábek Miroslav\Data aplikací\Mozilla\Firefox\Profiles\dvukb146.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-deskTannenbaum - d:\tipy\Tannenbaum.exe
MSConfigStartUp-DesktopXmasTree - d:\tipy\Xmas.exe
MSConfigStartUp-Magic Tree - d:\tipy\MagicTree.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 17:06
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spwf.sys >>UNKNOWN [0x8A6C5938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76dbf28
\Driver\ACPI -> ACPI.sys @ 0xf7495cb8
\Driver\atapi -> atapi.sys @ 0xf7a40b40
\Driver\iaStor -> iaStor.sys @ 0xf7b5c6d0
IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e668e
SecurityProcedure -> TUKERNEL.EXE @ 0x805d96a1
\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e668e
SecurityProcedure -> TUKERNEL.EXE @ 0x805d96a1
NDIS: Intel(R) PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xba62dbb0
PacketIndicateHandler -> NDIS.sys @ 0xba63aa21
SendHandler -> NDIS.sys @ 0xba61887b
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="5FB6529C13E36CD9E1FAFE93732E8DA45CBDC5874ECDB8C833BEB202FD4141E1DB511DF6315A0A2AF523E29AE74F655FAA0EEF473D4DC52E6678947484A9BD32D8CA323D399653044C6D3075B4F199D6C861C653C19E2A2808DD1624F56C5D7CBE848E11DD98E3AFAAA4AAF7F9D11C55F78B75520A534C217AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A6A0AC4980AC7933BA7FD869164D679488397CC4B821D0AE9D102DA028E0AC099C644ADD93A0BD6921B6C9236382832B9B1D3E551DE615E525C23CE0FC95989961C7D05520C83FB9ECE68A5740F0CF01E56D8B557B624A91FB84359BB03B156C91CAD82CEBA938B86F3B04EB5D7C32D00864D19F657E502F4AF5563AAE2E9F9D7F1311F4D9B86DB9C4FE7441B74C504D0814808190B94D6F1E8C6015056282F7631AABB872FCE4496DD1A1AD6F1F91DE4F5E8CBC5826AA356C8F9AFC6760C57F582EDE72E0126AA54DA4D2F9C946A1212BFB6E093969941C891DCD342D4237E7DEEFE612F4AA8C402EC0D2E2B0A5F1624CF7A38DD53EFC6DB0A547F1CFB6E91B58D581FBA3099F41BA3FF198AF3935A64933ACEAF47318AB7F6D58616E02B4378E2BF00983853A02050F84C0778BE4A61A600DB2FD6BDF8A798E5721CD7C308D2A8A7C04518DB61100736075DEBEBBCC1D87CD6A809B117304F31FC4520E3BA3BC686EAEED20B432058361425C09BA3993857C8BAD0F2D02E9DF0B5309B9F733380A953ADA53975A502868280F32273FA20829845DE2F8075966FD472091CC297508C551414D07B40122591EB61907E5549468B8864AFD8666F05E10E83BE2272FD0538FED4BEDA09D831A0A37ADA768160353FBC98B893A053B1490DCF3A98205A69903CE1EF92E8D33184C1CF5193838FD0699E6802C8D10570D20150AD2C5791F7932F9A9A0A71D6CC1B3100B2FF67085A15045173C214829BB09516154AEF423D19426E497047CBD8B06659A827CD9EDCA50EDD3D0CACC69968A7471E82D42F10D14AEDD59F3C088EBFB8F64EE55EEDEA9C08E4AC891A6A4155884C38D67111C9293943528D8E10560C3A840154014D46BBAF9A544B2BDBCB619AD798537F40854657B9D03CA3CBDE7FCEC1558B00D1D404E2625A99EE2E5FB68BDC4562A646F4252AA5FB3911091053DBD61E1CE82DD5D7C2C1AA1F9C7A9EA5328ED4A813C6053160F58452E83B2C00DA0359C75040E7AB94A6A189C82E28EDF84506F33BB3B8460B77786D21C29A56ABC38B83481F9D4F1629040938D43F1820C5998E884B651D5D8410A6448CDC4455F212C4ED0412D827A1C8D9FC6D0A7A79E8EDB7E205D3E0EC94E277F5751AF037BBFAD3C2B57483D3C2EB9B47163C72D40859207780CD19588CA79"
"OODEFRAG12.00.00.01PROFESSIONAL"="3A0DC0ADE8A312FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34528EDD5E5BE2F6E667BA7FD869164D6794BAB04B66DDB0138E6DEC2017D7615E68A114C3BF04B942D947CD488E399E66ECA9850234CFB5B7B774D3D60155DB94C70F715A8F0D1F568A44BA367CBD4E21D4B6D06CB2D39610F730B3624652359FDEB601B9DC92B1FB4173B7022ED52D8E6AED8D338324C5E5899258755EFC7E69908D02461B59415B2BF0905F2E7C6EB2C22E3C74EC8F76BB895F933E6A1A0E0D24DC3859E2B9E84D5AAA9C73AE3D8AC4D5AC62C25878A2457B2F3D5AAD7FFDDEC643E83D6EA08160C0643154853A3DAF826F88A4D4D407EB456F2C5C8D192BE386B2DE339E8D2B5838342A91A9A8071309D3BA1392AE264A3160404D16E53BD3D56F69ED7894482B7D04682CB9D02DC311880A7C68A444B3EE18D826F57A111E0E955A96A1DE8082AF15CE97F592B548A0920BC3D0E969A90FFD5ED6FE7C576369110949E6A7BE3ED277C43E425C6EDC27C856BD6843E3E688CF38C1A9A77D7A0824D094B93FB2EE511336FB2935E56F76D58834720BC457379CD4BE10CB35EAEBE48E7EAC8B4E5EF6A292A3D6B57225423BC2E653B0E19A57CA2619714C7373FD3C267E7683C904F2B54E789C8BA955A5CCA986963553860C92228F3020730509697DFE75332110DAADDF346EF6E90A9CB1E4B869B0F623DC01C054D35134C5BDFC00E1A83B9164A642C483E54F53050AE5A1991DCBEDAC3376020F8680750F2DDC9B7A33501F1732FDF908BF7B483931B891B4A8449C94DCA8655A186140EE50C3C3915DBA11F340BF85D6DC7A71CB3ECD678DA36EAB7D8D1FF1467A3ADC2681BDEEE1925572F8F1BAEDF843DBBC9BBC1EDD1950AF0AC25B37B1D4C567D82A02AE171CE41391D85174BE691AC657361F7430C28C8168ED40A1B0FDB3568824F2CABBE3857583784B48881D2E73B8DFB9711F67DFF23BC11BE2802B238C01F25C9CDE52CD161D74AEE55D75F2B096104687EF5AF3263CB1AD55B93D989F9B27AB02877239A17B9B324FD6CDF95DEDF162806B5F96D1E7E69E237207B8BBF7062EACBF4567D67D6D6B5B10F1FE6FFEE48FF55D33B9BE00BD784FCA4DD020768A962197BC1E8C45A3D934A7A25C71CDFCB2D8168274CC0AC5A9AD62CD4E9E3FDFFE3BA0C242283B285B5A42959580A20295EB6C6E7E6E4E4485E6E0364320BAEAE0277134E2280918B59E86744E4C886EE649378EB72959B2C0F7EEAA68A018BD9C67A4DDAC9B1FC610A8A0DB4F1B52F2355A536DA016FD3CF532B941182D4A2473D1598676A7B03B787341DB85C61272785FA18660E551412539F48451E9859A8F0FB266B503B3AFDD4D1B7A81BA9F04886D06CD40D82BD7AE07"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1564)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(9484)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\RocketDock\RocketDock.dll
c:\program files\CyberLink\PowerDVD\deskband32.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\OO Software\Defrag\oodag.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\TUProgSt.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\docume~1\DRBEKM~1\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Celkový čas: 2010-03-05 17:12:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-05 16:12

Před spuštěním: Volných bajtů: 91 263 913 984
Po spuštění: Volných bajtů: 91 356 413 952

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=EE5SSA /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional (TuneUp Záloha)" /noexecute=optin /fastdetect /TUTag=EE5SSA-BAK

- - End Of File - - 0AA8F52C052977A43F8CC1705CCAD925

[Reklama]

[Damned]

Sám se můžeš přesvědčit, že smázl šmejdy, které bych ani já běžným pohledem nemusel odhalit.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\PerfStringBackup.TMP

Folder::
c:\program files\Crawler\Toolbar

FileLook::
c:\windows\system32\nfsILOVEU02.scr
c:\windows\system32\nfsILOVEU04.scr
c:\windows\system32\nfsClock03.scr
c:\windows\system32\DRIVERS\ss_acdrv.sys

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=-



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Miroslav46]

ComboFix 10-03-04.06 - Drábek Miroslav 05.03.2010 18:12:32.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1533 [GMT 1:00]
Spuštěný z: c:\documents and settings\Drábek Miroslav\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Drábek Miroslav\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\system32\PerfStringBackup.TMP"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\PerfStringBackup.TMP

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-05 do 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-05 15:50 . 2010-03-05 15:49 390144 ----a-w- c:\windows\system32\CF9352.exe
2010-03-05 14:42 . 2010-03-05 14:42 -------- d-----w- c:\program files\Trend Micro
2010-03-05 13:41 . 2010-03-05 13:40 390144 ----a-w- c:\windows\system32\CF16796.exe
2010-03-04 11:56 . 2010-03-04 11:56 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-03 07:27 . 2010-03-03 07:27 -------- d-----w- c:\program files\Redsystem
2010-03-01 10:17 . 2010-02-25 10:03 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-03-01 10:17 . 2010-02-25 09:56 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-03-01 10:16 . 2010-03-01 14:05 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-02-27 08:50 . 2010-02-27 08:50 -------- d-----w- c:\program files\Common Files\Skype
2010-02-23 10:28 . 2010-03-01 13:06 -------- d-----w- c:\program files\ProgDVB
2010-02-22 10:41 . 2010-02-22 10:41 -------- d-----w- c:\program files\TrendMicro
2010-02-19 11:45 . 2010-02-19 11:45 -------- d-----w- c:\program files\Uniblue
2010-02-14 09:29 . 2010-01-25 22:09 180807 ----a-w- c:\windows\system32\nfsILOVEU02.scr
2010-02-14 09:28 . 2010-01-25 22:13 206158 ----a-w- c:\windows\system32\nfsILOVEU04.scr
2010-02-14 09:05 . 2008-11-28 12:23 450011 ----a-w- c:\windows\system32\nfsClock03.scr
2010-02-14 07:52 . 2010-02-25 13:38 -------- d-----w- c:\program files\CCleaner
2010-02-12 21:22 . 2010-02-12 21:34 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-12 20:48 . 2010-02-12 20:48 -------- d-----w- c:\windows\Mozilla
2010-02-12 20:26 . 2010-02-14 07:50 -------- d-----w- c:\windows\Thunderbird
2010-02-11 17:20 . 2010-02-11 17:20 -------- d-----w- c:\program files\GRETECH
2010-02-10 08:21 . 2010-02-10 08:21 -------- d-----w- c:\program files\YoWindow

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 17:07 . 2008-07-18 09:49 0 -c--a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-05 17:07 . 2008-07-19 14:03 0 -c--a-w- c:\windows\system32\drivers\logiflt.iad
2010-03-05 17:06 . 2008-07-16 21:16 12 -c--a-w- c:\windows\bthservsdp.dat
2010-03-04 14:17 . 2009-11-18 21:11 -------- d-----w- c:\program files\Lavalys
2010-03-04 12:39 . 2008-03-26 13:01 539270 ----a-w- c:\windows\system32\perfh005.dat
2010-03-04 12:39 . 2008-03-26 13:01 121682 ----a-w- c:\windows\system32\perfc005.dat
2010-03-03 04:57 . 2009-06-14 00:05 -------- d-----w- c:\program files\Recuva
2010-03-02 09:45 . 2009-08-15 14:18 -------- d-----w- c:\program files\Opera
2010-02-22 10:31 . 2009-11-29 03:34 -------- d-----w- c:\program files\NewFreeScreensavers
2010-02-16 23:20 . 2010-01-24 23:14 -------- d-----w- c:\program files\The KMPlayer
2010-02-11 18:53 . 2009-12-12 17:36 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-11 18:53 . 2009-12-12 17:35 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-11 18:42 . 2009-12-12 17:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-11 18:42 . 2009-12-12 17:36 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-11 18:39 . 2009-12-12 17:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-11 18:38 . 2009-12-12 17:36 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-11 18:38 . 2009-12-12 17:36 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-11 18:38 . 2009-12-12 17:36 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-11 18:38 . 2009-12-12 17:36 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-22 09:56 . 2009-12-06 07:57 -------- d-----w- c:\program files\Translate Client
2010-01-21 06:44 . 2008-07-30 15:08 -------- d-----w- c:\program files\Alwil Software
2010-01-20 08:23 . 2009-08-19 08:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 18:45 . 2008-07-16 21:15 -------- d-----w- c:\program files\Launch Manager
2010-01-19 18:28 . 2010-01-19 18:28 -------- d-----w- c:\program files\Foxit Software
2010-01-19 18:16 . 2009-03-20 20:48 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-19 13:47 . 2010-01-12 03:44 -------- d-----w- c:\program files\Seznam.cz
2010-01-19 11:43 . 2008-04-01 01:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-10 14:05 . 2008-12-23 14:51 -------- d-----w- c:\program files\Bonjour
2010-01-08 10:56 . 2009-12-05 12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 15:07 . 2009-12-05 12:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-05 12:00 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2004-08-18 04:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-23 13:13 . 2009-12-23 13:13 -------- d-----w- c:\windows\Fonts\tu_rar_59582
2009-12-21 19:08 . 2007-12-07 01:08 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2004-08-18 04:00 343552 -c--a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 21:38 . 2009-12-09 21:38 -------- d-----w- c:\windows\Fonts\tu_rar_48821
2009-12-09 11:06 . 2009-12-09 11:06 341504 ----a-w- c:\windows\system32\yowindow.scr
2009-12-09 10:11 . 2007-02-28 16:09 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2007-02-28 16:08 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\nfsClock03.scr ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 450011
Created time: 2010-02-14 09:05
Modified time: 2008-11-28 12:23
MD5: 04015333AA29B8DAE126A82D435F3A16
SHA1: 8065BB3ED37A08F2B551CA08CF70E73B5F6DA44F


--- c:\windows\system32\nfsILOVEU02.scr ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 180807
Created time: 2010-02-14 09:29
Modified time: 2010-01-25 22:09
MD5: 13252726F6C958AA589AEDA08AD3E8F3
SHA1: ECE33F37E6265CBE61FE85AD3484119FBD0F9B37


--- c:\windows\system32\nfsILOVEU04.scr ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 206158
Created time: 2010-02-14 09:28
Modified time: 2010-01-25 22:13
MD5: 6A241AF48AE63952D243D7F96C8DFE8B
SHA1: 8FA22F4C079D8B88D1D8D6FD612F32054059BF05


((((((((((((((((((((((((((((( SnapShot@2010-03-05_16.06.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-05 17:07 . 2010-03-05 17:07 16384 c:\windows\Temp\Perflib_Perfdata_394.dat
+ 2010-03-05 17:11 . 2010-03-05 17:11 16384 c:\windows\Temp\Perflib_Perfdata_13e8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Seznam Postak"="c:\documents and settings\Drábek Miroslav\Local Settings\Data aplikací\Seznam.cz\postak.exe" [2010-03-01 451224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-02-11 2756488]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2008-07-26 439568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClocX]
2007-07-26 15:43 270336 -c--a-w- c:\program files\ClocX\ClocX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2007-07-04 09:44 475136 -c--a-w- c:\acer\Empowering Technology\ePower\ePower_DMC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Kalendar"=c:\program files\Kalendar\kalendar.exe
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"RocketDock"="c:\program files\RocketDock\RocketDock.exe"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"ClocX"=c:\program files\ClocX\ClocX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OODefragTray"=c:\program files\OO Software\Defrag\oodtray.exe
"Acer ePresentation HPD"=c:\acer\Empowering Technology\ePresentation\ePresentation.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"eRecoveryService"=c:\acer\Empowering Technology\eRecovery\eRAgent.exe
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"ePower_DMC"=c:\acer\Empowering Technology\ePower\ePower_DMC.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"Boot"=c:\acer\Empowering Technology\ePower\Boot.exe
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"LManager"=c:\progra~1\LAUNCH~1\LManager.exe
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.12.2009 18:36 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.12.2009 18:36 19024]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 10:59 1047880]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.6.2009 17:09 721904]
S2 gupdate1c98a4559482ec3;Google Update Service (gupdate1c98a4559482ec3);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 SCRCAMDRV;ScreenCamera IM Device;c:\windows\system32\drivers\SCRCAMDRV.sys [20.2.2009 9:58 225536]
S4 SS_ACdrv;SeeStorm;c:\windows\system32\DRIVERS\ss_acdrv.sys --> c:\windows\system32\DRIVERS\ss_acdrv.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-03-01 c:\windows\Tasks\Automatická údržba.job
- c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2010-02-25 10:07]

2010-03-05 c:\windows\Tasks\User_Feed_Synchronization-{E4384B36-5BC6-468B-B6C7-95303BBE6C48}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {C3870A29-01AD-4E5C-AC52-40BC84D49FA6} = 85.132.169.2,212.71.176.49
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Drábek Miroslav\Data aplikací\Mozilla\Firefox\Profiles\dvukb146.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\Drábek Miroslav\Data aplikací\Mozilla\Firefox\Profiles\dvukb146.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="5FB6529C13E36CD9E1FAFE93732E8DA45CBDC5874ECDB8C833BEB202FD4141E1DB511DF6315A0A2AF523E29AE74F655FAA0EEF473D4DC52E6678947484A9BD32D8CA323D399653044C6D3075B4F199D6C861C653C19E2A2808DD1624F56C5D7CBE848E11DD98E3AFAAA4AAF7F9D11C55F78B75520A534C217AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A6A0AC4980AC7933BA7FD869164D679488397CC4B821D0AE9D102DA028E0AC099C644ADD93A0BD6921B6C9236382832B9B1D3E551DE615E525C23CE0FC95989961C7D05520C83FB9ECE68A5740F0CF01E56D8B557B624A91FB84359BB03B156C91CAD82CEBA938B86F3B04EB5D7C32D00864D19F657E502F4AF5563AAE2E9F9D7F1311F4D9B86DB9C4FE7441B74C504D0814808190B94D6F1E8C6015056282F7631AABB872FCE4496DD1A1AD6F1F91DE4F5E8CBC5826AA356C8F9AFC6760C57F582EDE72E0126AA54DA4D2F9C946A1212BFB6E093969941C891DCD342D4237E7DEEFE612F4AA8C402EC0D2E2B0A5F1624CF7A38DD53EFC6DB0A547F1CFB6E91B58D581FBA3099F41BA3FF198AF3935A64933ACEAF47318AB7F6D58616E02B4378E2BF00983853A02050F84C0778BE4A61A600DB2FD6BDF8A798E5721CD7C308D2A8A7C04518DB61100736075DEBEBBCC1D87CD6A809B117304F31FC4520E3BA3BC686EAEED20B432058361425C09BA3993857C8BAD0F2D02E9DF0B5309B9F733380A953ADA53975A502868280F32273FA20829845DE2F8075966FD472091CC297508C551414D07B40122591EB61907E5549468B8864AFD8666F05E10E83BE2272FD0538FED4BEDA09D831A0A37ADA768160353FBC98B893A053B1490DCF3A98205A69903CE1EF92E8D33184C1CF5193838FD0699E6802C8D10570D20150AD2C5791F7932F9A9A0A71D6CC1B3100B2FF67085A15045173C214829BB09516154AEF423D19426E497047CBD8B06659A827CD9EDCA50EDD3D0CACC69968A7471E82D42F10D14AEDD59F3C088EBFB8F64EE55EEDEA9C08E4AC891A6A4155884C38D67111C9293943528D8E10560C3A840154014D46BBAF9A544B2BDBCB619AD798537F40854657B9D03CA3CBDE7FCEC1558B00D1D404E2625A99EE2E5FB68BDC4562A646F4252AA5FB3911091053DBD61E1CE82DD5D7C2C1AA1F9C7A9EA5328ED4A813C6053160F58452E83B2C00DA0359C75040E7AB94A6A189C82E28EDF84506F33BB3B8460B77786D21C29A56ABC38B83481F9D4F1629040938D43F1820C5998E884B651D5D8410A6448CDC4455F212C4ED0412D827A1C8D9FC6D0A7A79E8EDB7E205D3E0EC94E277F5751AF037BBFAD3C2B57483D3C2EB9B47163C72D40859207780CD19588CA79"
"OODEFRAG12.00.00.01PROFESSIONAL"="3A0DC0ADE8A312FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34528EDD5E5BE2F6E667BA7FD869164D6794BAB04B66DDB0138E6DEC2017D7615E68A114C3BF04B942D947CD488E399E66ECA9850234CFB5B7B774D3D60155DB94C70F715A8F0D1F568A44BA367CBD4E21D4B6D06CB2D39610F730B3624652359FDEB601B9DC92B1FB4173B7022ED52D8E6AED8D338324C5E5899258755EFC7E69908D02461B59415B2BF0905F2E7C6EB2C22E3C74EC8F76BB895F933E6A1A0E0D24DC3859E2B9E84D5AAA9C73AE3D8AC4D5AC62C25878A2457B2F3D5AAD7FFDDEC643E83D6EA08160C0643154853A3DAF826F88A4D4D407EB456F2C5C8D192BE386B2DE339E8D2B5838342A91A9A8071309D3BA1392AE264A3160404D16E53BD3D56F69ED7894482B7D04682CB9D02DC311880A7C68A444B3EE18D826F57A111E0E955A96A1DE8082AF15CE97F592B548A0920BC3D0E969A90FFD5ED6FE7C576369110949E6A7BE3ED277C43E425C6EDC27C856BD6843E3E688CF38C1A9A77D7A0824D094B93FB2EE511336FB2935E56F76D58834720BC457379CD4BE10CB35EAEBE48E7EAC8B4E5EF6A292A3D6B57225423BC2E653B0E19A57CA2619714C7373FD3C267E7683C904F2B54E789C8BA955A5CCA986963553860C92228F3020730509697DFE75332110DAADDF346EF6E90A9CB1E4B869B0F623DC01C054D35134C5BDFC00E1A83B9164A642C483E54F53050AE5A1991DCBEDAC3376020F8680750F2DDC9B7A33501F1732FDF908BF7B483931B891B4A8449C94DCA8655A186140EE50C3C3915DBA11F340BF85D6DC7A71CB3ECD678DA36EAB7D8D1FF1467A3ADC2681BDEEE1925572F8F1BAEDF843DBBC9BBC1EDD1950AF0AC25B37B1D4C567D82A02AE171CE41391D85174BE691AC657361F7430C28C8168ED40A1B0FDB3568824F2CABBE3857583784B48881D2E73B8DFB9711F67DFF23BC11BE2802B238C01F25C9CDE52CD161D74AEE55D75F2B096104687EF5AF3263CB1AD55B93D989F9B27AB02877239A17B9B324FD6CDF95DEDF162806B5F96D1E7E69E237207B8BBF7062EACBF4567D67D6D6B5B10F1FE6FFEE48FF55D33B9BE00BD784FCA4DD020768A962197BC1E8C45A3D934A7A25C71CDFCB2D8168274CC0AC5A9AD62CD4E9E3FDFFE3BA0C242283B285B5A42959580A20295EB6C6E7E6E4E4485E6E0364320BAEAE0277134E2280918B59E86744E4C886EE649378EB72959B2C0F7EEAA68A018BD9C67A4DDAC9B1FC610A8A0DB4F1B52F2355A536DA016FD3CF532B941182D4A2473D1598676A7B03B787341DB85C61272785FA18660E551412539F48451E9859A8F0FB266B503B3AFDD4D1B7A81BA9F04886D06CD40D82BD7AE07"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1548)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-03-05 18:20:56
ComboFix-quarantined-files.txt 2010-03-05 17:20
ComboFix2.txt 2010-03-05 16:12

Před spuštěním: Volných bajtů: 91 361 034 240
Po spuštění: Volných bajtů: 91 314 360 320

- - End Of File - - 30316BE87D15611B1C655BCB1A4DC84B

[Damned]

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.
Zkontroluj také, zda ve výsledku souhlasí název souboru

c:\windows\system32\nfsILOVEU02.scr
c:\windows\system32\nfsILOVEU04.scr
c:\windows\system32\nfsClock03.scr
c:\windows\system32\DRIVERS\ss_acdrv.sys

[Miroslav46]

Soubor Test.txt přijatý 2010.03.05 18:29:21 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/42 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.05 -
AhnLab-V3 5.0.0.2 2010.03.05 -
AntiVir 8.2.1.180 2010.03.05 -
Antiy-AVL 2.0.3.7 2010.03.05 -
Authentium 5.2.0.5 2010.03.05 -
Avast 4.8.1351.0 2010.03.05 -
Avast5 5.0.332.0 2010.03.05 -
AVG 9.0.0.730 2010.03.05 -
BitDefender 7.2 2010.03.05 -
CAT-QuickHeal 10.00 2010.03.05 -
ClamAV 0.96.0.0-git 2010.03.05 -
Comodo 4091 2010.02.28 -
DrWeb 5.0.1.12222 2010.03.05 -
eSafe 7.0.17.0 2010.03.04 -
eTrust-Vet 35.2.7341 2010.03.05 -
F-Prot 4.5.1.85 2010.03.04 -
F-Secure 9.0.15370.0 2010.03.05 -
Fortinet 4.0.14.0 2010.03.04 -
GData 19 2010.03.05 -
Ikarus T3.1.1.80.0 2010.03.05 -
Jiangmin 13.0.900 2010.03.05 -
K7AntiVirus 7.10.990 2010.03.04 -
Kaspersky 7.0.0.125 2010.03.05 -
McAfee 5911 2010.03.05 -
McAfee+Artemis 5911 2010.03.05 -
McAfee-GW-Edition 6.8.5 2010.03.05 -
Microsoft 1.5502 2010.03.05 -
NOD32 4918 2010.03.05 -
Norman 6.04.08 2010.03.05 -
nProtect 2009.1.8.0 2010.03.05 -
Panda 10.0.2.2 2010.03.04 -
PCTools 7.0.3.5 2010.03.04 -
Prevx 3.0 2010.03.05 -
Rising 22.37.04.04 2010.03.05 -
Sophos 4.51.0 2010.03.05 -
Sunbelt 5760 2010.03.05 -
Symantec 20091.2.0.41 2010.03.05 -
TheHacker 6.5.1.7.221 2010.03.05 -
TrendMicro 9.120.0.1004 2010.03.05 -
VBA32 3.12.12.2 2010.03.05 -
ViRobot 2010.3.5.2214 2010.03.05 -
VirusBuster 5.0.27.0 2010.03.05 -
Rozšiřující informace
File size: 66 bytes
MD5...: d4adeac7c8cb10312cb14a8c90b6a4e3
SHA1..: 9c70b056e74c3116921025feb203891a529b46f3
SHA256: d1c01f6590e9b77e8019413a651fbbee2ddeed95a83e93b440d70ecb1260ddf8
ssdeep: 3:mcwVyAybrwVyAybrwVyAybrwVyAn:mj9Sc9Sc9Sc9n
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

VAROVÁNÍ VAROVÁNÍ: VirusTotal je služba poskytovaná zdarma společnosti Hispasec Sistemas. Kvalita výsledků není nijak zaručena. Výsledky jsou závislé na tvůrci daného produktu. Vysledky testů nemusí být 100% správné. Tyto výsledky nemusí znamenat, že daný soubor je infikován, nebo čistý!

Scan another file
VirusTotal © Hispasec Sistemas - Blog - Kontakt: info@virustotal.com - Te

[Damned]

Soubor Test.txt přijatý 2010.03.05 18:29:21 (UTC)

Tento soubor ne e

[Miroslav46]

http://www.virustotal.com/cs/analisis/d ... 1267820243

http://www.virustotal.com/cs/analisis/d ... 1267822418

http://www.virustotal.com/cs/analisis/6 ... 1267822583

Poslední soubor ss_acdrv.sis jsem nenašel přesto,že mám zobrazené skryté soubory

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\nfsILOVEU02.scr
c:\windows\system32\nfsILOVEU04.scr
c:\windows\system32\nfsClock03.scr
c:\windows\system32\DRIVERS\ss_acdrv.sys

Driver::
SS_ACdrv;SeeStorm
SS_ACdrv

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"getPlusHelper"=-



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Miroslav46]

ComboFix 10-03-05.01 - Drábek Miroslav 05.03.2010 23:00:07.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1147 [GMT 1:00]
Spuštěný z: c:\documents and settings\Drábek Miroslav\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Drábek Miroslav\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\system32\DRIVERS\ss_acdrv.sys"
"c:\windows\system32\nfsClock03.scr"
"c:\windows\system32\nfsILOVEU02.scr"
"c:\windows\system32\nfsILOVEU04.scr"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\nfsClock03.scr
c:\windows\system32\nfsILOVEU02.scr
c:\windows\system32\nfsILOVEU04.scr

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SS_ACdrv


((((((((((((((((((((((((( Soubory vytvořené od 2010-02-05 do 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-05 15:50 . 2010-03-05 15:49 390144 ----a-w- c:\windows\system32\CF9352.exe
2010-03-05 14:42 . 2010-03-05 14:42 -------- d-----w- c:\program files\Trend Micro
2010-03-05 13:41 . 2010-03-05 13:40 390144 ----a-w- c:\windows\system32\CF16796.exe
2010-03-04 11:56 . 2010-03-04 11:56 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-03 07:27 . 2010-03-03 07:27 -------- d-----w- c:\program files\Redsystem
2010-03-01 10:17 . 2010-02-25 10:03 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-03-01 10:17 . 2010-02-25 09:56 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-03-01 10:16 . 2010-03-01 14:05 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-02-27 08:50 . 2010-02-27 08:50 -------- d-----w- c:\program files\Common Files\Skype
2010-02-23 10:28 . 2010-03-01 13:06 -------- d-----w- c:\program files\ProgDVB
2010-02-22 10:41 . 2010-02-22 10:41 -------- d-----w- c:\program files\TrendMicro
2010-02-19 11:45 . 2010-02-19 11:45 -------- d-----w- c:\program files\Uniblue
2010-02-14 07:52 . 2010-02-25 13:38 -------- d-----w- c:\program files\CCleaner
2010-02-12 21:22 . 2010-02-12 21:34 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-12 20:48 . 2010-02-12 20:48 -------- d-----w- c:\windows\Mozilla
2010-02-12 20:26 . 2010-02-14 07:50 -------- d-----w- c:\windows\Thunderbird
2010-02-11 17:20 . 2010-02-11 17:20 -------- d-----w- c:\program files\GRETECH
2010-02-10 08:21 . 2010-02-10 08:21 -------- d-----w- c:\program files\YoWindow

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 22:06 . 2008-07-16 21:16 12 -c--a-w- c:\windows\bthservsdp.dat
2010-03-05 17:07 . 2008-07-18 09:49 0 -c--a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-05 17:07 . 2008-07-19 14:03 0 -c--a-w- c:\windows\system32\drivers\logiflt.iad
2010-03-04 14:17 . 2009-11-18 21:11 -------- d-----w- c:\program files\Lavalys
2010-03-04 12:39 . 2008-03-26 13:01 539270 ----a-w- c:\windows\system32\perfh005.dat
2010-03-04 12:39 . 2008-03-26 13:01 121682 ----a-w- c:\windows\system32\perfc005.dat
2010-03-03 04:57 . 2009-06-14 00:05 -------- d-----w- c:\program files\Recuva
2010-03-02 09:45 . 2009-08-15 14:18 -------- d-----w- c:\program files\Opera
2010-02-22 10:31 . 2009-11-29 03:34 -------- d-----w- c:\program files\NewFreeScreensavers
2010-02-16 23:20 . 2010-01-24 23:14 -------- d-----w- c:\program files\The KMPlayer
2010-02-11 18:53 . 2009-12-12 17:36 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-11 18:53 . 2009-12-12 17:35 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-11 18:42 . 2009-12-12 17:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-11 18:42 . 2009-12-12 17:36 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-11 18:39 . 2009-12-12 17:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-11 18:38 . 2009-12-12 17:36 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-11 18:38 . 2009-12-12 17:36 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-11 18:38 . 2009-12-12 17:36 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-11 18:38 . 2009-12-12 17:36 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-22 09:56 . 2009-12-06 07:57 -------- d-----w- c:\program files\Translate Client
2010-01-21 06:44 . 2008-07-30 15:08 -------- d-----w- c:\program files\Alwil Software
2010-01-20 08:23 . 2009-08-19 08:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 18:45 . 2008-07-16 21:15 -------- d-----w- c:\program files\Launch Manager
2010-01-19 18:28 . 2010-01-19 18:28 -------- d-----w- c:\program files\Foxit Software
2010-01-19 18:16 . 2009-03-20 20:48 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-19 13:47 . 2010-01-12 03:44 -------- d-----w- c:\program files\Seznam.cz
2010-01-19 11:43 . 2008-04-01 01:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-10 14:05 . 2008-12-23 14:51 -------- d-----w- c:\program files\Bonjour
2010-01-08 10:56 . 2009-12-05 12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 15:07 . 2009-12-05 12:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-12-05 12:00 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2004-08-18 04:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-23 13:13 . 2009-12-23 13:13 -------- d-----w- c:\windows\Fonts\tu_rar_59582
2009-12-21 19:08 . 2007-12-07 01:08 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2004-08-18 04:00 343552 -c--a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-18 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 21:38 . 2009-12-09 21:38 -------- d-----w- c:\windows\Fonts\tu_rar_48821
2009-12-09 11:06 . 2009-12-09 11:06 341504 ----a-w- c:\windows\system32\yowindow.scr
2009-12-09 10:11 . 2007-02-28 16:09 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2007-02-28 16:08 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-03-05_16.06.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-05 22:08 . 2010-03-05 22:08 16384 c:\windows\Temp\Perflib_Perfdata_f48.dat
+ 2010-03-05 17:07 . 2010-03-05 17:07 16384 c:\windows\Temp\Perflib_Perfdata_394.dat
+ 2010-03-05 22:07 . 2010-03-05 22:07 16384 c:\windows\Temp\Perflib_Perfdata_260.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Seznam Postak"="c:\documents and settings\Drábek Miroslav\Local Settings\Data aplikací\Seznam.cz\postak.exe" [2010-03-01 451224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-02-11 2756488]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2008-07-26 439568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClocX]
2007-07-26 15:43 270336 -c--a-w- c:\program files\ClocX\ClocX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2007-07-04 09:44 475136 -c--a-w- c:\acer\Empowering Technology\ePower\ePower_DMC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"Kalendar"=c:\program files\Kalendar\kalendar.exe
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"RocketDock"="c:\program files\RocketDock\RocketDock.exe"
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"ClocX"=c:\program files\ClocX\ClocX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OODefragTray"=c:\program files\OO Software\Defrag\oodtray.exe
"Acer ePresentation HPD"=c:\acer\Empowering Technology\ePresentation\ePresentation.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"eRecoveryService"=c:\acer\Empowering Technology\eRecovery\eRAgent.exe
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"ePower_DMC"=c:\acer\Empowering Technology\ePower\ePower_DMC.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"Boot"=c:\acer\Empowering Technology\ePower\Boot.exe
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"LManager"=c:\progra~1\LAUNCH~1\LManager.exe
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.6.2009 17:09 721904]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.12.2009 18:36 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.12.2009 18:36 19024]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 10:59 1047880]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S2 gupdate1c98a4559482ec3;Google Update Service (gupdate1c98a4559482ec3);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S2 SCRCAMDRV;ScreenCamera IM Device;c:\windows\system32\drivers\SCRCAMDRV.sys [20.2.2009 9:58 225536]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-03-01 c:\windows\Tasks\Automatická údržba.job
- c:\program files\TuneUp Utilities 2010\OneClickStarter.exe [2010-02-25 10:07]

2010-03-05 c:\windows\Tasks\User_Feed_Synchronization-{E4384B36-5BC6-468B-B6C7-95303BBE6C48}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {C3870A29-01AD-4E5C-AC52-40BC84D49FA6} = 85.132.169.2,212.71.176.49
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Drábek Miroslav\Data aplikací\Mozilla\Firefox\Profiles\dvukb146.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\documents and settings\Drábek Miroslav\Data aplikací\Mozilla\Firefox\Profiles\dvukb146.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 23:08
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spsm.sys >>UNKNOWN [0x8A6C6938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76dbf28
\Driver\ACPI -> ACPI.sys @ 0xf7495cb8
\Driver\atapi -> atapi.sys @ 0xf7a40b40
\Driver\iaStor -> iaStor.sys @ 0xf7b5c6d0
IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e668e
SecurityProcedure -> TUKERNEL.EXE @ 0x805d96a1
\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e668e
SecurityProcedure -> TUKERNEL.EXE @ 0x805d96a1
NDIS: Intel(R) PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xba62dbb0
PacketIndicateHandler -> NDIS.sys @ 0xba63aa21
SendHandler -> NDIS.sys @ 0xba61887b
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="5FB6529C13E36CD9E1FAFE93732E8DA45CBDC5874ECDB8C833BEB202FD4141E1DB511DF6315A0A2AF523E29AE74F655FAA0EEF473D4DC52E6678947484A9BD32D8CA323D399653044C6D3075B4F199D6C861C653C19E2A2808DD1624F56C5D7CBE848E11DD98E3AFAAA4AAF7F9D11C55F78B75520A534C217AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A6A0AC4980AC7933BA7FD869164D679488397CC4B821D0AE9D102DA028E0AC099C644ADD93A0BD6921B6C9236382832B9B1D3E551DE615E525C23CE0FC95989961C7D05520C83FB9ECE68A5740F0CF01E56D8B557B624A91FB84359BB03B156C91CAD82CEBA938B86F3B04EB5D7C32D00864D19F657E502F4AF5563AAE2E9F9D7F1311F4D9B86DB9C4FE7441B74C504D0814808190B94D6F1E8C6015056282F7631AABB872FCE4496DD1A1AD6F1F91DE4F5E8CBC5826AA356C8F9AFC6760C57F582EDE72E0126AA54DA4D2F9C946A1212BFB6E093969941C891DCD342D4237E7DEEFE612F4AA8C402EC0D2E2B0A5F1624CF7A38DD53EFC6DB0A547F1CFB6E91B58D581FBA3099F41BA3FF198AF3935A64933ACEAF47318AB7F6D58616E02B4378E2BF00983853A02050F84C0778BE4A61A600DB2FD6BDF8A798E5721CD7C308D2A8A7C04518DB61100736075DEBEBBCC1D87CD6A809B117304F31FC4520E3BA3BC686EAEED20B432058361425C09BA3993857C8BAD0F2D02E9DF0B5309B9F733380A953ADA53975A502868280F32273FA20829845DE2F8075966FD472091CC297508C551414D07B40122591EB61907E5549468B8864AFD8666F05E10E83BE2272FD0538FED4BEDA09D831A0A37ADA768160353FBC98B893A053B1490DCF3A98205A69903CE1EF92E8D33184C1CF5193838FD0699E6802C8D10570D20150AD2C5791F7932F9A9A0A71D6CC1B3100B2FF67085A15045173C214829BB09516154AEF423D19426E497047CBD8B06659A827CD9EDCA50EDD3D0CACC69968A7471E82D42F10D14AEDD59F3C088EBFB8F64EE55EEDEA9C08E4AC891A6A4155884C38D67111C9293943528D8E10560C3A840154014D46BBAF9A544B2BDBCB619AD798537F40854657B9D03CA3CBDE7FCEC1558B00D1D404E2625A99EE2E5FB68BDC4562A646F4252AA5FB3911091053DBD61E1CE82DD5D7C2C1AA1F9C7A9EA5328ED4A813C6053160F58452E83B2C00DA0359C75040E7AB94A6A189C82E28EDF84506F33BB3B8460B77786D21C29A56ABC38B83481F9D4F1629040938D43F1820C5998E884B651D5D8410A6448CDC4455F212C4ED0412D827A1C8D9FC6D0A7A79E8EDB7E205D3E0EC94E277F5751AF037BBFAD3C2B57483D3C2EB9B47163C72D40859207780CD19588CA79"
"OODEFRAG12.00.00.01PROFESSIONAL"="3A0DC0ADE8A312FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34528EDD5E5BE2F6E667BA7FD869164D6794BAB04B66DDB0138E6DEC2017D7615E68A114C3BF04B942D947CD488E399E66ECA9850234CFB5B7B774D3D60155DB94C70F715A8F0D1F568A44BA367CBD4E21D4B6D06CB2D39610F730B3624652359FDEB601B9DC92B1FB4173B7022ED52D8E6AED8D338324C5E5899258755EFC7E69908D02461B59415B2BF0905F2E7C6EB2C22E3C74EC8F76BB895F933E6A1A0E0D24DC3859E2B9E84D5AAA9C73AE3D8AC4D5AC62C25878A2457B2F3D5AAD7FFDDEC643E83D6EA08160C0643154853A3DAF826F88A4D4D407EB456F2C5C8D192BE386B2DE339E8D2B5838342A91A9A8071309D3BA1392AE264A3160404D16E53BD3D56F69ED7894482B7D04682CB9D02DC311880A7C68A444B3EE18D826F57A111E0E955A96A1DE8082AF15CE97F592B548A0920BC3D0E969A90FFD5ED6FE7C576369110949E6A7BE3ED277C43E425C6EDC27C856BD6843E3E688CF38C1A9A77D7A0824D094B93FB2EE511336FB2935E56F76D58834720BC457379CD4BE10CB35EAEBE48E7EAC8B4E5EF6A292A3D6B57225423BC2E653B0E19A57CA2619714C7373FD3C267E7683C904F2B54E789C8BA955A5CCA986963553860C92228F3020730509697DFE75332110DAADDF346EF6E90A9CB1E4B869B0F623DC01C054D35134C5BDFC00E1A83B9164A642C483E54F53050AE5A1991DCBEDAC3376020F8680750F2DDC9B7A33501F1732FDF908BF7B483931B891B4A8449C94DCA8655A186140EE50C3C3915DBA11F340BF85D6DC7A71CB3ECD678DA36EAB7D8D1FF1467A3ADC2681BDEEE1925572F8F1BAEDF843DBBC9BBC1EDD1950AF0AC25B37B1D4C567D82A02AE171CE41391D85174BE691AC657361F7430C28C8168ED40A1B0FDB3568824F2CABBE3857583784B48881D2E73B8DFB9711F67DFF23BC11BE2802B238C01F25C9CDE52CD161D74AEE55D75F2B096104687EF5AF3263CB1AD55B93D989F9B27AB02877239A17B9B324FD6CDF95DEDF162806B5F96D1E7E69E237207B8BBF7062EACBF4567D67D6D6B5B10F1FE6FFEE48FF55D33B9BE00BD784FCA4DD020768A962197BC1E8C45A3D934A7A25C71CDFCB2D8168274CC0AC5A9AD62CD4E9E3FDFFE3BA0C242283B285B5A42959580A20295EB6C6E7E6E4E4485E6E0364320BAEAE0277134E2280918B59E86744E4C886EE649378EB72959B2C0F7EEAA68A018BD9C67A4DDAC9B1FC610A8A0DB4F1B52F2355A536DA016FD3CF532B941182D4A2473D1598676A7B03B787341DB85C61272785FA18660E551412539F48451E9859A8F0FB266B503B3AFDD4D1B7A81BA9F04886D06CD40D82BD7AE07"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1364)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(9988)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\RocketDock\RocketDock.dll
c:\program files\CyberLink\PowerDVD\deskband32.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\OO Software\Defrag\oodag.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\TUProgSt.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\docume~1\DRBEKM~1\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Celkový čas: 2010-03-05 23:13:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-05 22:13
ComboFix2.txt 2010-03-05 17:20
ComboFix3.txt 2010-03-05 16:12

Před spuštěním: Volných bajtů: 91 324 489 728
Po spuštění: Volných bajtů: 91 252 039 680

- - End Of File - - 90E0B416A2C71DB6E5396EAAE41752F8

[Damned]

Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Všechny ostatní nastavení ponech jak jsou. Klikni na Run Scan. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

[Miroslav46]

Dobrý den,zkopíroval jsem z plochy OTL zprávu apo vložení mi a následném odeslání mi to píše,že zpráva obsahuje 67192 znaků a povolených
je 60 OOO.Jak tedy dále.

[Damned]

Rozdělit OTL.txt na dvě části - nic samozřejmě nevynechat a nebo zabalit oba texťáky do archívu *rar nebo *zip a přiložit sem jako přílohu.

Extras by se měl vejít celý.