Preventivní po fixnutí AWS\MINIBUG.EXE 1 Vyřešeno

[iluminator01]

Dobrý den,prosím o preventivní kontrolu logu po fixnutí AWS\MINIBUG.EXE 1
děkuji :)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:54:17, on 18.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\OO Software\DriveLED\oodlag.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\CrystalDiskInfo\DiskInfo.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1434207
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\PROGRA~1\FREEDO~1\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Svátky a výročí] c:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CrystalDiskInfo] "C:\Program Files\CrystalDiskInfo\DiskInfo.exe" /Startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpybotSD TeaTimer.lnk = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{120BC874-EC5E-4A77-8C49-A3BB94ABCE22}: NameServer = 77.48.254.254,77.48.100.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{120BC874-EC5E-4A77-8C49-A3BB94ABCE22}: NameServer = 77.48.254.254,77.48.100.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{120BC874-EC5E-4A77-8C49-A3BB94ABCE22}: NameServer = 77.48.254.254,77.48.100.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: O&O DriveLED - O&O Software GmbH - C:\Program Files\OO Software\DriveLED\oodlag.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 11653 bytes

[Reklama]

[Žbeky]

Odinstaluj:
ASK Toolbar
Spybot S&D

V HJT fixni:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1434207
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin
O4 - Startup: SpybotSD TeaTimer.lnk = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[iluminator01]

Ahoj,díky za rychlou reakci,jsem mile překvapen :)
Zato mně to chvilku trvalo.....tak tady je výsledek snažení

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5802

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18.2.2011 20:03:59
mbam-log-2011-02-18 (20-02-01).txt

Typ kontroly: Rychlý test
Testované objekty: 176043
Uplynulý čas: 4 minut, 49 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 2
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\tomáš_games\Plocha\stressrelief.exe (Joke.Stressreducer) -> No action taken.
c:\documents and settings\tomáš_games\local settings\Temp\moz_mapi\stressrelief.exe (Joke.Stressreducer) -> No action taken.
c:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.

[Žbeky]

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[iluminator01]

Tu jeMbAM log....

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5802

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18.2.2011 20:15:36
mbam-log-2011-02-18 (20-15-36).txt

Typ kontroly: Rychlý test
Testované objekty: 176042
Uplynulý čas: 3 minut, 9 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[iluminator01]

a ještě ComboFix log

ComboFix 11-02-17.02 - Jirka 18.02.2011 20:32:06.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1338 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Internet\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Jirka\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Jirka\Local Settings\Temporary Internet Files\SLOVA.WAV
c:\documents and settings\Jirka\Local Settings\Temporary Internet Files\TMP.WAV
c:\documents and settings\Jirka\Local Settings\Temporary Internet Files\WTRAN32.INI
c:\documents and settings\Jirka\System
c:\documents and settings\Jirka\System\win_qs8.jqx
c:\documents and settings\Tomáš_Games\Data aplikací\ACD Systems\ACDSee\ImageDB.ddf
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\Golden\Golden.exe
c:\windows\config.ini
c:\windows\d.ini
c:\windows\system32\Drivers\extbviy.sys
c:\windows\system32\systeminfo3.dll
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_jifqnb


((((((((((((((((((((((((( Soubory vytvořené od 2011-01-18 do 2011-02-18 )))))))))))))))))))))))))))))))
.

2011-02-18 18:55 . 2011-02-18 18:55 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Malwarebytes
2011-02-18 18:55 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-18 18:55 . 2011-02-18 18:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-02-18 18:54 . 2011-02-18 18:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-18 18:54 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-18 17:17 . 2011-02-18 17:17 388096 ----a-r- c:\documents and settings\Jirka\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-18 17:17 . 2011-02-18 17:17 -------- d-----w- c:\program files\Trend Micro
2011-02-18 15:25 . 2011-02-18 15:25 -------- d-----w- c:\program files\GameSpy Arcade
2011-02-18 13:09 . 2011-02-18 13:09 -------- d-----w- c:\documents and settings\Jirka\Data aplikacˇ
2011-02-17 19:16 . 2011-02-17 19:16 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Electronics 2000
2011-02-17 19:16 . 2011-02-17 19:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Electronics 2000
2011-02-15 15:16 . 2011-02-15 15:16 -------- d-----w- c:\documents and settings\Internet\Data aplikací\LEGO Company
2011-02-14 15:16 . 2011-02-14 15:16 -------- d-----w- c:\documents and settings\Internet\Data aplikací\Friday's games
2011-02-12 12:16 . 2011-02-12 12:16 -------- d-----w- c:\program files\LEGO Company
2011-02-12 12:16 . 2011-02-12 12:16 -------- d-----w- c:\program files\Unity
2011-02-06 14:32 . 2011-02-06 14:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alawar Stargaze
2011-01-27 20:49 . 2011-01-27 20:50 -------- d-----w- C:\Mosaic_Prj
2011-01-27 20:49 . 2011-01-27 20:49 -------- d-----w- c:\program files\Common Files\Mosaic
2011-01-21 17:23 . 2011-01-21 17:23 -------- d-----w- c:\program files\Fox
2011-01-21 16:50 . 2011-01-21 16:50 -------- d-----w- c:\documents and settings\Jirka\Local Settings\Data aplikací\Temp
2011-01-21 16:40 . 2011-01-21 16:40 -------- d-----w- c:\documents and settings\Tomáš_Games\Local Settings\Data aplikací\Temp
2011-01-21 14:44 . 2011-01-21 14:44 440320 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-20 19:55 . 2011-01-20 19:55 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Vso
2011-01-20 19:55 . 2011-01-20 19:55 81920 ----a-w- c:\documents and settings\Jirka\Data aplikací\ezpinst.exe
2011-01-20 19:55 . 2011-01-20 19:55 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-01-20 19:55 . 2011-01-20 19:55 47360 ----a-w- c:\documents and settings\Jirka\Data aplikací\pcouffin.sys
2011-01-20 19:55 . 2011-01-20 19:55 -------- d-----w- c:\program files\CloneDVD
2011-01-20 19:55 . 2011-01-20 19:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DVDXStudio

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2007-10-29 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2010-06-29 15:43 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2009-04-29 18:28 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-04-29 18:28 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-04-29 18:28 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2009-04-29 18:28 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2009-04-29 18:28 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2009-04-29 18:28 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-04-29 18:28 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2009-04-29 18:28 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2007-10-29 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2007-10-29 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2007-10-29 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2007-10-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2007-10-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2007-10-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2007-10-29 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2007-10-29 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2007-10-29 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-17 15:45 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2007-10-29 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2007-10-29 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-04 14:08 . 2010-10-09 07:30 2288128 ----a-w- c:\windows\system32\TUKernel.exe
2008-02-25 17:09 . 2009-04-29 20:04 5689344 ----a-w- c:\program files\mplayerc.exe
2007-02-08 08:48 . 2007-02-08 08:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\program files\OKsoftware\Svátky a výročí\Vyroci.exe" [2006-04-28 1019904]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"CrystalDiskInfo"="c:\program files\CrystalDiskInfo\DiskInfo.exe" [2010-08-07 996824]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 196608]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-06-04 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-06-04 131072]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Internet\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]

c:\documents and settings\Tom ç_Games\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\Jirka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Free Download Manager"=c:\progra~1\FREEDO~1\fdm.exe -autorun
"Cobian Backup 9"="c:\program files\Cobian Backup 9\Cobian.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Jirka\\Plocha\\SkypePortable\\Skype_3\\Portable Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [18.6.2010 10:00 38448]
R0 OODrvled;OODrvled;c:\windows\system32\drivers\OODrvled.sys [28.9.2009 16:24 25608]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.4.2009 18:13 717296]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.4.2009 19:28 294608]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [24.9.2010 16:45 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 3:54 66600]
R2 ASIXIo;ASIXIo;c:\windows\system32\drivers\asixio.sys [16.11.2010 17:18 3078]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.4.2009 19:28 17744]
R2 O&O DriveLED;O&O DriveLED;c:\program files\OO Software\DriveLED\oodlag.exe [28.9.2009 16:23 529664]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 6:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 6:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [24.9.2010 16:45 65576]
S3 PORTMON;PORTMON;\??\c:\test\systernals\PORTMSYS.SYS --> c:\test\systernals\PORTMSYS.SYS [?]
S3 SaiHF51A;SaiHF51A;c:\windows\system32\drivers\SaiHF51A.sys [24.12.2009 18:11 135048]
S3 SaiUF51A;SaiUF51A;c:\windows\system32\drivers\SaiUF51A.sys [24.12.2009 18:11 28544]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2011-02-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2011-02-18 c:\windows\Tasks\User_Feed_Synchronization-{7402EBCF-550E-49E9-AF52-2B67A85061BF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: {120BC874-EC5E-4A77-8C49-A3BB94ABCE22} = 77.48.254.254,77.48.100.254
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\d2swul5g.default\
FF - prefs.js: browser.search.selectedEngine - Seznam Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
AddRemove-Jištění kabelů_is1 - e:\backup\Zalohy\Elektronika\PROFI\kabely_2\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-18 20:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CrystalDiskInfo = "c:\program files\CrystalDiskInfo\DiskInfo.exe" /Startup?S

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODLED3.00.02.01WSSV"="8D344AED907FE82FA7154ED8B321DE493285918710CC29E93242F3A0EDFCCC0B1C4F4DE9076FE66EDB57522C592213E96FDDFB6805B3E484133F0EDE470AE56378FE9CDF75C7388396EC3172921D304B7E1176C8F25395E0496DF703EAC1E35C121270C6157EA2C180F6A520A3EACB4B60B35AB943894389D1F84D5C0B28DB50FE68C3CA03D86E6DE72CAB5E33387F3D3E72C6004707F780CCA26DEDC215E90BF67658CAC0F3E742BE570508C90668E8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DFEBC9E127BECC74C8EDD5E5BE2F6E6677CB9187EC44AA244F1290D3B81674AD4749FED05313072B698B10C2E1143389D2DD0803B200DA1904A200FC46F50833AEB2E13A8857D768A99EF7D97D1DD611C2217E65E2F868AF1E8AAA694F4A8C10A3BFE88891DA195303FF1888B6EE99AB36C792280C9CBC0DC168DAB41766A3C3F85CB49560399F6D1278268793C8C9C5D41FA4FE92F442F37BF1DBC9137622B5012DD13F52738C21190039A03F33AA18578AECE1DFEABBED8F844B902E330CDA14B9668015C232B81DE686400B0BEE88F8F3FC3CCBF906212F681C8C38AC96490C0E60FC55A54E02C9A3A4B79F4B7384EA769965FDAD78FA393E6D2BB9CF8B5E9A55612C53C191A8B6F141B2E231AD58B857EF4711D39BC454C1A848270588AF14F023F3603121390AD28E29004AB8D8492644C52B7C0681E4456CFE2C1D93160B918A7818FB7891E48B876484506AFE95A13D306404E134F4069E85F2E417B5F845B22C2ABD1400ED71F6CAE75998EE18F9881C3B01440E82A36C9AB3829BD8D70A3C8CD80FEFD2B18C79F520BA88303851691F5679C787191B2AEB0467C53FDE65CFAA89F2F0E36E8B1AEF65CC8695C36C1053DA3C04A6326691A89A27D98B87084590AF9AB3CE14F73FE1227E61FEE3DE3206D0B32C3ABBEF6CF887C4070B6BD2FCA62690B5FD771B2354E0C400A2EDC596A8D28737CADD50FD932E42DBEE92105795128BCCAB39CAD3E898EE78F05F914AFD9E7DD0ABE0878853ED281EE33113FD2ADD5025B043FB3C75816451D4F9B9A02BF9C9B0CA8198CE219A1CDED6A292E0900F5F0EDCEEEA9C6007192A1DEF00333E479AEA1AA6D39C8E28DF62DDA283513066F73E60C6107F07ACF5E11F74A7D5C211AE76EF40E034EF1BB362343F0CA2BB08D462BA57558C1F6C58CE2531CCA5A7DF9709CAEAB7D52CCAF1848560AFBCEA780FBA6FDA83F79D7CB52929E7FBECBBBFC45D87296D3F4B056FD1BBA9E6640425B7A476720EC98333FBB217B3144164E66B353CB44459B8FFC9A9C8C7DBD8510957B00AB232DE8D4DD27107E13D7E15E5F62C0404F23708A55F7535A99C9694F0A0D48059DDAF43ACD4668B0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2444)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\nvLsp.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\windows\System32\TUProgSt.exe
c:\program files\bin32\nSvcAppFlt.exe
c:\program files\bin32\nSvcIp.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2011-02-18 20:51:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-18 19:51

Před spuštěním: Volných bajtů: 115 461 611 520
Po spuštění: Volných bajtů: 115 842 592 768

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer /TUTag=8E075Z /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Záloha)" /noexecute=optin /fastdetect /usepmtimer /TUTag=8E075Z-BAK

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 28890F69DA16855E58F6D5CFB5AC6A83

[memphisto]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"word:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"word:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"word:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"word:00000000

Driver::
PORTMON

File::
c:\test\systernals\PORTMSYS.SYS

Firefox::
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\d2swul5g.default\
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[iluminator01]

dobré ráno,tak tady je ten log......
ComboFix 11-02-17.02 - Jirka 19.02.2011 8:38.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1437 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jirka\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

FILE ::
"c:\test\systernals\PORTMSYS.SYS"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PORTMON
-------\Service_PORTMON


((((((((((((((((((((((((( Soubory vytvořené od 2011-01-19 do 2011-02-19 )))))))))))))))))))))))))))))))
.

2011-02-18 18:55 . 2011-02-18 18:55 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Malwarebytes
2011-02-18 18:55 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-18 18:55 . 2011-02-18 18:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-02-18 18:54 . 2011-02-18 18:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-18 18:54 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-18 17:17 . 2011-02-18 17:17 388096 ----a-r- c:\documents and settings\Jirka\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-18 17:17 . 2011-02-18 17:17 -------- d-----w- c:\program files\Trend Micro
2011-02-18 15:25 . 2011-02-18 15:25 -------- d-----w- c:\program files\GameSpy Arcade
2011-02-18 13:09 . 2011-02-18 13:09 -------- d-----w- c:\documents and settings\Jirka\Data aplikacˇ
2011-02-17 19:16 . 2011-02-17 19:16 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Electronics 2000
2011-02-17 19:16 . 2011-02-17 19:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Electronics 2000
2011-02-15 15:16 . 2011-02-15 15:16 -------- d-----w- c:\documents and settings\Internet\Data aplikací\LEGO Company
2011-02-14 15:16 . 2011-02-14 15:16 -------- d-----w- c:\documents and settings\Internet\Data aplikací\Friday's games
2011-02-12 12:16 . 2011-02-12 12:16 -------- d-----w- c:\program files\LEGO Company
2011-02-12 12:16 . 2011-02-12 12:16 -------- d-----w- c:\program files\Unity
2011-02-06 14:32 . 2011-02-06 14:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alawar Stargaze
2011-01-27 20:49 . 2011-01-27 20:50 -------- d-----w- C:\Mosaic_Prj
2011-01-27 20:49 . 2011-01-27 20:49 -------- d-----w- c:\program files\Common Files\Mosaic
2011-01-21 17:23 . 2011-01-21 17:23 -------- d-----w- c:\program files\Fox
2011-01-21 16:50 . 2011-01-21 16:50 -------- d-----w- c:\documents and settings\Jirka\Local Settings\Data aplikací\Temp
2011-01-21 16:40 . 2011-01-21 16:40 -------- d-----w- c:\documents and settings\Tomáš_Games\Local Settings\Data aplikací\Temp
2011-01-21 14:44 . 2011-01-21 14:44 440320 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-20 19:55 . 2011-01-20 19:55 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Vso
2011-01-20 19:55 . 2011-01-20 19:55 81920 ----a-w- c:\documents and settings\Jirka\Data aplikací\ezpinst.exe
2011-01-20 19:55 . 2011-01-20 19:55 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-01-20 19:55 . 2011-01-20 19:55 47360 ----a-w- c:\documents and settings\Jirka\Data aplikací\pcouffin.sys
2011-01-20 19:55 . 2011-01-20 19:55 -------- d-----w- c:\program files\CloneDVD
2011-01-20 19:55 . 2011-01-20 19:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DVDXStudio

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2007-10-29 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2010-06-29 15:43 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2009-04-29 18:28 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-04-29 18:28 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-04-29 18:28 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2009-04-29 18:28 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2009-04-29 18:28 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2009-04-29 18:28 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-04-29 18:28 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2009-04-29 18:28 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2007-10-29 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2007-10-29 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2007-10-29 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2007-10-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2007-10-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2007-10-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2007-10-29 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2007-10-29 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2007-10-29 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-17 15:45 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2007-10-29 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2007-10-29 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-04 14:08 . 2010-10-09 07:30 2288128 ----a-w- c:\windows\system32\TUKernel.exe
2008-02-25 17:09 . 2009-04-29 20:04 5689344 ----a-w- c:\program files\mplayerc.exe
2007-02-08 08:48 . 2007-02-08 08:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\program files\OKsoftware\Svátky a výročí\Vyroci.exe" [2006-04-28 1019904]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"CrystalDiskInfo"="c:\program files\CrystalDiskInfo\DiskInfo.exe" [2010-08-07 996824]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 196608]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-06-04 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-06-04 131072]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Internet\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]

c:\documents and settings\Tom ç_Games\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\Jirka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Free Download Manager"=c:\progra~1\FREEDO~1\fdm.exe -autorun
"Cobian Backup 9"="c:\program files\Cobian Backup 9\Cobian.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Jirka\\Plocha\\SkypePortable\\Skype_3\\Portable Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [18.6.2010 10:00 38448]
R0 OODrvled;OODrvled;c:\windows\system32\drivers\OODrvled.sys [28.9.2009 16:24 25608]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.4.2009 18:13 717296]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.4.2009 19:28 294608]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [24.9.2010 16:45 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 3:54 66600]
R2 ASIXIo;ASIXIo;c:\windows\system32\drivers\asixio.sys [16.11.2010 17:18 3078]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.4.2009 19:28 17744]
R2 O&O DriveLED;O&O DriveLED;c:\program files\OO Software\DriveLED\oodlag.exe [28.9.2009 16:23 529664]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 6:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 6:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [24.9.2010 16:45 65576]
S3 SaiHF51A;SaiHF51A;c:\windows\system32\drivers\SaiHF51A.sys [24.12.2009 18:11 135048]
S3 SaiUF51A;SaiUF51A;c:\windows\system32\drivers\SaiUF51A.sys [24.12.2009 18:11 28544]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2011-02-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2011-02-19 c:\windows\Tasks\User_Feed_Synchronization-{7402EBCF-550E-49E9-AF52-2B67A85061BF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: {120BC874-EC5E-4A77-8C49-A3BB94ABCE22} = 77.48.254.254,77.48.100.254
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\d2swul5g.default\
FF - prefs.js: browser.search.selectedEngine - Seznam Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-19 08:51
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CrystalDiskInfo = "c:\program files\CrystalDiskInfo\DiskInfo.exe" /Startup?S

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODLED3.00.02.01WSSV"="8D344AED907FE82FA7154ED8B321DE493285918710CC29E93242F3A0EDFCCC0B1C4F4DE9076FE66EDB57522C592213E96FDDFB6805B3E484133F0EDE470AE56378FE9CDF75C7388396EC3172921D304B7E1176C8F25395E0496DF703EAC1E35C121270C6157EA2C180F6A520A3EACB4B60B35AB943894389D1F84D5C0B28DB50FE68C3CA03D86E6DE72CAB5E33387F3D3E72C6004707F780CCA26DEDC215E90BF67658CAC0F3E742BE570508C90668E8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DFEBC9E127BECC74C8EDD5E5BE2F6E6677CB9187EC44AA244F1290D3B81674AD4749FED05313072B698B10C2E1143389D2DD0803B200DA1904A200FC46F50833AEB2E13A8857D768A99EF7D97D1DD611C2217E65E2F868AF1E8AAA694F4A8C10A3BFE88891DA195303FF1888B6EE99AB36C792280C9CBC0DC168DAB41766A3C3F85CB49560399F6D1278268793C8C9C5D41FA4FE92F442F37BF1DBC9137622B5012DD13F52738C21190039A03F33AA18578AECE1DFEABBED8F844B902E330CDA14B9668015C232B81DE686400B0BEE88F8F3FC3CCBF906212F681C8C38AC96490C0E60FC55A54E02C9A3A4B79F4B7384EA769965FDAD78FA393E6D2BB9CF8B5E9A55612C53C191A8B6F141B2E231AD58B857EF4711D39BC454C1A848270588AF14F023F3603121390AD28E29004AB8D8492644C52B7C0681E4456CFE2C1D93160B918A7818FB7891E48B876484506AFE95A13D306404E134F4069E85F2E417B5F845B22C2ABD1400ED71F6CAE75998EE18F9881C3B01440E82A36C9AB3829BD8D70A3C8CD80FEFD2B18C79F520BA88303851691F5679C787191B2AEB0467C53FDE65CFAA89F2F0E36E8B1AEF65CC8695C36C1053DA3C04A6326691A89A27D98B87084590AF9AB3CE14F73FE1227E61FEE3DE3206D0B32C3ABBEF6CF887C4070B6BD2FCA62690B5FD771B2354E0C400A2EDC596A8D28737CADD50FD932E42DBEE92105795128BCCAB39CAD3E898EE78F05F914AFD9E7DD0ABE0878853ED281EE33113FD2ADD5025B043FB3C75816451D4F9B9A02BF9C9B0CA8198CE219A1CDED6A292E0900F5F0EDCEEEA9C6007192A1DEF00333E479AEA1AA6D39C8E28DF62DDA283513066F73E60C6107F07ACF5E11F74A7D5C211AE76EF40E034EF1BB362343F0CA2BB08D462BA57558C1F6C58CE2531CCA5A7DF9709CAEAB7D52CCAF1848560AFBCEA780FBA6FDA83F79D7CB52929E7FBECBBBFC45D87296D3F4B056FD1BBA9E6640425B7A476720EC98333FBB217B3144164E66B353CB44459B8FFC9A9C8C7DBD8510957B00AB232DE8D4DD27107E13D7E15E5F62C0404F23708A55F7535A99C9694F0A0D48059DDAF43ACD4668B0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3404)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\nvLsp.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\windows\System32\TUProgSt.exe
c:\program files\bin32\nSvcAppFlt.exe
c:\program files\bin32\nSvcIp.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2011-02-19 08:59:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-19 07:59
ComboFix2.txt 2011-02-18 19:51

Před spuštěním: Volných bajtů: 115 828 236 288
Po spuštění: Volných bajtů: 115 807 084 544

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - FA8E36E971957C098A28AFDC74054F29

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\documents and settings\Jirka\Data aplikací\ezpinst.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

Firefox::
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\d2swul5g.default\
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT


Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

[iluminator01]

tak tady jsou ......... ,system naběhl bez problémů :)

ComboFix 11-02-17.02 - Jirka 19.02.2011 13:30:27.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1460 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jirka\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

FILE ::
"c:\documents and settings\Jirka\Data aplikací\ezpinst.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\icon.png
c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf
c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\preview.png

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-19 do 2011-02-19 )))))))))))))))))))))))))))))))
.

2011-02-18 18:55 . 2011-02-18 18:55 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Malwarebytes
2011-02-18 18:55 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-18 18:55 . 2011-02-18 18:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-02-18 18:54 . 2011-02-18 18:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-18 18:54 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-18 17:17 . 2011-02-18 17:17 388096 ----a-r- c:\documents and settings\Jirka\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-18 17:17 . 2011-02-18 17:17 -------- d-----w- c:\program files\Trend Micro
2011-02-18 15:25 . 2011-02-18 15:25 -------- d-----w- c:\program files\GameSpy Arcade
2011-02-18 13:09 . 2011-02-18 13:09 -------- d-----w- c:\documents and settings\Jirka\Data aplikacˇ
2011-02-17 19:16 . 2011-02-17 19:16 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Electronics 2000
2011-02-17 19:16 . 2011-02-17 19:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Electronics 2000
2011-02-15 15:16 . 2011-02-15 15:16 -------- d-----w- c:\documents and settings\Internet\Data aplikací\LEGO Company
2011-02-14 15:16 . 2011-02-14 15:16 -------- d-----w- c:\documents and settings\Internet\Data aplikací\Friday's games
2011-02-12 12:16 . 2011-02-12 12:16 -------- d-----w- c:\program files\LEGO Company
2011-02-12 12:16 . 2011-02-12 12:16 -------- d-----w- c:\program files\Unity
2011-02-06 14:32 . 2011-02-06 14:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alawar Stargaze
2011-01-27 20:49 . 2011-01-27 20:50 -------- d-----w- C:\Mosaic_Prj
2011-01-27 20:49 . 2011-01-27 20:49 -------- d-----w- c:\program files\Common Files\Mosaic
2011-01-21 17:23 . 2011-01-21 17:23 -------- d-----w- c:\program files\Fox
2011-01-21 16:50 . 2011-01-21 16:50 -------- d-----w- c:\documents and settings\Jirka\Local Settings\Data aplikací\Temp
2011-01-21 16:40 . 2011-01-21 16:40 -------- d-----w- c:\documents and settings\Tomáš_Games\Local Settings\Data aplikací\Temp
2011-01-21 14:44 . 2011-01-21 14:44 440320 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-20 19:55 . 2011-01-20 19:55 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Vso
2011-01-20 19:55 . 2011-01-20 19:55 81920 ----a-w- c:\documents and settings\Jirka\Data aplikací\ezpinst.exe
2011-01-20 19:55 . 2011-01-20 19:55 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2011-01-20 19:55 . 2011-01-20 19:55 47360 ----a-w- c:\documents and settings\Jirka\Data aplikací\pcouffin.sys
2011-01-20 19:55 . 2011-01-20 19:55 -------- d-----w- c:\program files\CloneDVD
2011-01-20 19:55 . 2011-01-20 19:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DVDXStudio

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2007-10-29 12:00 440320 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47 . 2010-06-29 15:43 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2009-04-29 18:28 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2009-04-29 18:28 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2009-04-29 18:28 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2009-04-29 18:28 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2009-04-29 18:28 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2009-04-29 18:28 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2009-04-29 18:28 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2009-04-29 18:28 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 14:09 . 2007-10-29 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2007-10-29 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2007-10-29 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2007-10-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2007-10-29 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2007-10-29 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2007-10-29 12:00 729088 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2007-10-29 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2007-10-29 12:00 713216 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-17 15:45 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:14 . 2007-10-29 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:30 . 2007-10-29 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-04 14:08 . 2010-10-09 07:30 2288128 ----a-w- c:\windows\system32\TUKernel.exe
2008-02-25 17:09 . 2009-04-29 20:04 5689344 ----a-w- c:\program files\mplayerc.exe
2007-02-08 08:48 . 2007-02-08 08:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Svátky a výročí"="c:\program files\OKsoftware\Svátky a výročí\Vyroci.exe" [2006-04-28 1019904]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"CrystalDiskInfo"="c:\program files\CrystalDiskInfo\DiskInfo.exe" [2010-08-07 996824]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-09-12 196608]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-06-04 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-06-04 131072]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Internet\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]

c:\documents and settings\Tom ç_Games\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\Jirka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Free Download Manager"=c:\progra~1\FREEDO~1\fdm.exe -autorun
"Cobian Backup 9"="c:\program files\Cobian Backup 9\Cobian.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Jirka\\Plocha\\SkypePortable\\Skype_3\\Portable Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [18.6.2010 10:00 38448]
R0 OODrvled;OODrvled;c:\windows\system32\drivers\OODrvled.sys [28.9.2009 16:24 25608]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.4.2009 18:13 717296]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.4.2009 19:28 294608]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [24.9.2010 16:45 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 3:54 66600]
R2 ASIXIo;ASIXIo;c:\windows\system32\drivers\asixio.sys [16.11.2010 17:18 3078]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.4.2009 19:28 17744]
R2 O&O DriveLED;O&O DriveLED;c:\program files\OO Software\DriveLED\oodlag.exe [28.9.2009 16:23 529664]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 6:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 6:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [24.9.2010 16:45 65576]
S3 SaiHF51A;SaiHF51A;c:\windows\system32\drivers\SaiHF51A.sys [24.12.2009 18:11 135048]
S3 SaiUF51A;SaiUF51A;c:\windows\system32\drivers\SaiUF51A.sys [24.12.2009 18:11 28544]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2011-02-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2011-02-19 c:\windows\Tasks\User_Feed_Synchronization-{7402EBCF-550E-49E9-AF52-2B67A85061BF}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: {120BC874-EC5E-4A77-8C49-A3BB94ABCE22} = 77.48.254.254,77.48.100.254
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\d2swul5g.default\
FF - prefs.js: browser.search.selectedEngine - Seznam Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-19 13:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CrystalDiskInfo = "c:\program files\CrystalDiskInfo\DiskInfo.exe" /Startup?S

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODLED3.00.02.01WSSV"="8D344AED907FE82FA7154ED8B321DE493285918710CC29E93242F3A0EDFCCC0B1C4F4DE9076FE66EDB57522C592213E96FDDFB6805B3E484133F0EDE470AE56378FE9CDF75C7388396EC3172921D304B7E1176C8F25395E0496DF703EAC1E35C121270C6157EA2C180F6A520A3EACB4B60B35AB943894389D1F84D5C0B28DB50FE68C3CA03D86E6DE72CAB5E33387F3D3E72C6004707F780CCA26DEDC215E90BF67658CAC0F3E742BE570508C90668E8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DFEBC9E127BECC74C8EDD5E5BE2F6E6677CB9187EC44AA244F1290D3B81674AD4749FED05313072B698B10C2E1143389D2DD0803B200DA1904A200FC46F50833AEB2E13A8857D768A99EF7D97D1DD611C2217E65E2F868AF1E8AAA694F4A8C10A3BFE88891DA195303FF1888B6EE99AB36C792280C9CBC0DC168DAB41766A3C3F85CB49560399F6D1278268793C8C9C5D41FA4FE92F442F37BF1DBC9137622B5012DD13F52738C21190039A03F33AA18578AECE1DFEABBED8F844B902E330CDA14B9668015C232B81DE686400B0BEE88F8F3FC3CCBF906212F681C8C38AC96490C0E60FC55A54E02C9A3A4B79F4B7384EA769965FDAD78FA393E6D2BB9CF8B5E9A55612C53C191A8B6F141B2E231AD58B857EF4711D39BC454C1A848270588AF14F023F3603121390AD28E29004AB8D8492644C52B7C0681E4456CFE2C1D93160B918A7818FB7891E48B876484506AFE95A13D306404E134F4069E85F2E417B5F845B22C2ABD1400ED71F6CAE75998EE18F9881C3B01440E82A36C9AB3829BD8D70A3C8CD80FEFD2B18C79F520BA88303851691F5679C787191B2AEB0467C53FDE65CFAA89F2F0E36E8B1AEF65CC8695C36C1053DA3C04A6326691A89A27D98B87084590AF9AB3CE14F73FE1227E61FEE3DE3206D0B32C3ABBEF6CF887C4070B6BD2FCA62690B5FD771B2354E0C400A2EDC596A8D28737CADD50FD932E42DBEE92105795128BCCAB39CAD3E898EE78F05F914AFD9E7DD0ABE0878853ED281EE33113FD2ADD5025B043FB3C75816451D4F9B9A02BF9C9B0CA8198CE219A1CDED6A292E0900F5F0EDCEEEA9C6007192A1DEF00333E479AEA1AA6D39C8E28DF62DDA283513066F73E60C6107F07ACF5E11F74A7D5C211AE76EF40E034EF1BB362343F0CA2BB08D462BA57558C1F6C58CE2531CCA5A7DF9709CAEAB7D52CCAF1848560AFBCEA780FBA6FDA83F79D7CB52929E7FBECBBBFC45D87296D3F4B056FD1BBA9E6640425B7A476720EC98333FBB217B3144164E66B353CB44459B8FFC9A9C8C7DBD8510957B00AB232DE8D4DD27107E13D7E15E5F62C0404F23708A55F7535A99C9694F0A0D48059DDAF43ACD4668B0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3812)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\nvLsp.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\windows\System32\TUProgSt.exe
c:\program files\bin32\nSvcAppFlt.exe
c:\program files\bin32\nSvcIp.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2011-02-19 13:52:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-19 12:51
ComboFix2.txt 2011-02-19 07:59
ComboFix3.txt 2011-02-18 19:51

Před spuštěním: Volných bajtů: 115 717 984 256
Po spuštění: Volných bajtů: 115 859 099 648

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - ADA6CEB664EFB07B2DA3AA73AE82431C



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:55:19, on 19.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\OO Software\DriveLED\oodlag.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CrystalDiskInfo\DiskInfo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\PROGRA~1\FREEDO~1\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKCU\..\Run: [Svátky a výročí] c:\Program Files\OKsoftware\Svátky a výročí\Vyroci.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CrystalDiskInfo] "C:\Program Files\CrystalDiskInfo\DiskInfo.exe" /Startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{120BC874-EC5E-4A77-8C49-A3BB94ABCE22}: NameServer = 77.48.254.254,77.48.100.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{120BC874-EC5E-4A77-8C49-A3BB94ABCE22}: NameServer = 77.48.254.254,77.48.100.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{120BC874-EC5E-4A77-8C49-A3BB94ABCE22}: NameServer = 77.48.254.254,77.48.100.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: O&O DriveLED - O&O Software GmbH - C:\Program Files\OO Software\DriveLED\oodlag.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 9051 bytes

[Žbeky]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

Jak se chová PC?

[iluminator01]

hotovo, PC se zdá pohodě,vše naběhlo jak má.....
díky za čas tobě i všem zúčastněným,moc mi to pomohlo :)