Nejdou spustit exe; infikace minimálně ave.exe a braviax.exe

Zpráva

Leam · #1 Příspěvek od **Leam** » 16 kvě 2010 12:14

Pěkný den!

Prosím o pomoc s řešením problému - chtěl jsem přidat log z RSIT, ale bohužel to je zrovna jeden z těch, které nespustím

Povedlo se spustit DDS, vkládám pro jistotu aspoň ten.

O co jde - nejdou spustit soubory exe, jak se tu už několikrát řešilo - stalo se tak nejspíš po infikaci ave.exe, ale zřejmě toho je v pc mnohem víc.. :/

Pro info - mám k dispozici momentálně jeden pc, připojení na net jede, některé soubory nainstaluju a spustím, některé ne (viz RSIT a DDS). Klasické exe jako Firefox, Winamp, TC apod. spouštím tak, že po kliku na ikonu vyskočí okno s nabídkou, kde program spusit - vyberu ten, který chci pustit a většinou to jde.. určitě u těch běžných.

Prozatím díky moc komukoliv, kdo se toho ujme..

Luboš

Log z DDS:

DDS (Ver_10-03-17.01) - FAT32x86
Run by Luboç at 13:12:25,40 on ne 16.05.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.502.88 [GMT 2:00]

AV: avast! antivirus 4.8.1335 [VPS 090729-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
SVCHOST.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Luboš\Dokumenty\DC\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
mWinlogon: Taskman=c:\documents and settings\luboš\data aplikací\uxjj.exe
TB: Alexa: {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - c:\windows\system32\SHDOCVW.DLL
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: Microsoft CommBand: {4d5c8c2a-d075-11d0-b416-00c04fb90376} - %SystemRoot%\system32\browseui.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Centrum.cz Notifikátor] "c:\program files\netcentrum\notifikator\Notifikator.exe"
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
mRun: [preload] c:\windows\RUNXMLPL.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EPM-DM] c:\acer\epm\epm-dm.exe
mRun: [ePowerManagement] c:\acer\epm\ePM.exe boot
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LaunchAp] "c:\program files\launch manager\LaunchAp.exe"
mRun: [PowerKey] "c:\program files\launch manager\PowerKey.exe"
mRun: [LManager] "c:\program files\launch manager\HotkeyApp.exe"
mRun: [CtrlVol] "c:\program files\launch manager\CtrlVol.exe"
mRun: [LMgrOSD] "c:\program files\launch manager\OSDCtrl.exe"
mRun: [Wbutton] "c:\program files\launch manager\Wbutton.exe"
mRun: [eRecoveryService] c:\program files\acer\erecovery\Monitor.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [Module Loader] c:\program files\creative\shared files\module loader\DLLML.exe -StartUpRun
mRun: [CTAPR2] "c:\program files\creative\sound blaster x-fi surround 5.1\console launcher\CTAPR2.exe" /r
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi surround 5.1\volume panel\VolPanlu.exe" /r
mRun: [Creative KSRun Persistence Module] RunDll32 KSRun.dll,RunDLLEntry
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [MRT] "c:\windows\system32\MRT.exe" /R
mRun: [braviax] braviax.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\nabídk~1\programy\pospuš~1\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\nabídk~1\programy\pospuš~1\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Mail to a Friend... - http://client.alexa.com/holiday/script/ ... mailto.htm
IE: See Related Links - http://client.alexa.com/holiday/script/ ... elated.htm
IE: Write a Review... - http://client.alexa.com/holiday/script/ ... review.htm
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdat ... 7401378843
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: cru629.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.jit.chrome", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2007-2-14 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2007-2-14 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-4 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-4 20560]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe

[2009-6-16 20480]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2008-12-11 768768]
R3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [2008-10-24 1830912]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [1980-1-1 69120]
S1 mailKmd;mailKmd; [x]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2006-2-22 138680]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2006-2-22 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2006-2-22 352920]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs

shared\service\CTAELicensing.exe [2009-3-4 79360]
S3 IpwP;IPWireless 3G PCMCIA Network Adapter;c:\windows\system32\drivers\ipwpnet.sys [2008-11-9 43184]
S3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys --> c:\windows\system32\drivers\ndisrd.sys [?]
S3 POWERKEY;POWERKEY;c:\program files\launch manager\POWERKEY.SYS [2005-9-30 2343]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-12-20 11520]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-05-16 09:36:40 9216 ----a-w- c:\windows\braviax.exe
2010-05-12 22:38:25 434 ----a-w- c:\windows\system32\Zvuky a zvuková zařízení.lnk

==================== Find3M ====================

2010-05-16 09:36:42 6144 ----a-w- c:\windows\system32\cru629.dat
2010-05-16 09:36:42 6144 ----a-w- c:\windows\cru629.dat
2010-05-15 11:56:44 9175040 ---ha-w- c:\documents and settings\luboš\NTUSER.DAT
2010-03-10 06:17:40 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:17:40 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 09:48:52 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:08 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:53:12 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 12:09:02 2192128 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-17 12:09:02 2192128 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 19:09:02 2068992 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:09:02 2068992 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 19:08:58 2026496 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2008-03-12 08:37:48 229376 ----a-w- c:\program files\foo_channel_mixer.dll
2008-12-26 07:23:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122620081227

\index.dat

============= FINISH: 13:14:15,67 ===============

#2 Příspěvek od **Caroprd111** » 16 kvě 2010 12:46

Zdravím

Stáhněte http://www.raktor.net/exeHelper/exeHelper.com

2 krát klikněte na exeHelper.com
Po dokončení opravy stiskněte libovolnou klávesu.
Vložte sem obsah log.txt (bude v adresáři, kde jste spustil exeHelper.com)

Leam · #3 Příspěvek od **Leam** » 16 kvě 2010 12:51

Zdravím taky

tak exe už jedou, tak jednoduchou jsem tuhle část nečekal.. díky

Log:

exeHelper by Raktor
Build 20100414
Run at 13:48:31 on 05/16/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\WINDOWS\braviax.exe
Deleting file C:\WINDOWS\system32\cru629.dat
Deleting file C:\WINDOWS\cru629.dat
Checking for bad registry entries...
Removing

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax
Removing

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32
Resetting filetype association for .exe
Removing HKCR\secfile
Resetting filetype association for .com
Removing HKCR\secfile
Resetting userinit and shell values...
Resetting policies...
--Finished--

#4 Příspěvek od **Caroprd111** » 16 kvě 2010 12:54

OK

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Leam · #5 Příspěvek od **Leam** » 16 kvě 2010 13:57

tak OTL úspěšně běželo asi 10-15 minut, pak se zaseklo (neodpovídá, nereaguje) - prohledávaný soubor je právě msxml6r.dll, nejede to dál. Zkoušel jsem ho vypnout a pustit znovu, zaseklo se to znovu na stejnym místě. Vyhodilo to okno s nějakou hláškou, ale bohužel jsem ho úplně nestihl - zřejmě to bylo něco jako "nelze najít požadovanou cestu"..? Vidět je "nou cestu", při tom jak se to kouslo tam zůstal seklej kus toho vyskočenýho okna.. :/

konkrétně to vypadá takto:

Ještě doplním - po opravení spouštění souborů exe se opět naplno rozjel braviax.. takže klasicky hlásí infikaci pc a ať si nainstaluju jejich antivir či co, bla bla.. musim ho vypínat hned po spuštění pc. Mimo braviaxe taky jede tak dvakrát víc procesů než před tím (před opravením exe).
Co asi souvisí s braviaxem - avast vůbec nejde spustit ani v něm nic nastavit, podobně to asi vypadá s windows firewallem..
Dík, L.

#6 Příspěvek od **Caroprd111** » 16 kvě 2010 17:43

Zkuste spustit OTL bez skriptu.

Leam · #7 Příspěvek od **Leam** » 16 kvě 2010 18:52

takže logy bez skriptu:

OTL.txt

OTL logfile created on: 16.5.2010 19:35:26 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Luboš\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

502,00 Mb Total Physical Memory | 104,00 Mb Available Physical Memory | 21,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 60,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26,27 Gb Total Space | 1,22 Gb Free Space | 4,66% Space Free | Partition Type: FAT32
Drive D: | 26,66 Gb Total Space | 0,05 Gb Free Space | 0,18% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LEE
Current User Name: Luboš
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.16 13:58:02 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luboš\Plocha\OTL.exe
PRC - [2010.04.12 20:16:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.10.14 14:32:46 | 009,085,760 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009.10.14 14:32:46 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009.10.14 14:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009.06.16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009.02.05 22:08:46 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009.02.05 22:01:26 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008.04.30 10:35:20 | 000,425,984 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.08.03 14:29:36 | 000,061,611 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Console Launcher\CTAPR2.exe
PRC - [2007.07.23 15:43:42 | 000,057,344 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2007.04.16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2007.02.01 11:13:06 | 000,094,208 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
PRC - [2005.07.25 13:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe
PRC - [2005.07.25 13:34:28 | 000,081,920 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2005.07.25 10:45:00 | 000,241,664 | ---- | M] () -- C:\Program Files\Launch Manager\OSDCtrl.exe
PRC - [2005.06.29 17:26:14 | 000,352,256 | ---- | M] (acer Inc.) -- C:\Program Files\acer\eRecovery\Monitor.exe
PRC - [2005.06.06 19:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
PRC - [2005.06.01 14:17:08 | 000,192,512 | ---- | M] (Acer Inc) -- C:\Acer\ePM\epm-dm.exe
PRC - [2005.02.04 11:12:58 | 000,102,490 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2002.08.30 15:02:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Launch Manager\Powerkey.exe

========== Modules (SafeList) ==========

MOD - [2010.05.16 13:58:02 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luboš\Plocha\OTL.exe
MOD - [2008.04.14 05:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005.02.04 11:12:50 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (iPodService)
SRV - [2009.10.14 14:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009.06.16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009.03.04 21:29:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009.02.05 22:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.02.05 22:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.02.05 22:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.02.05 22:01:26 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.30 10:35:20 | 000,425,984 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2005.06.06 19:08:58 | 001,273,344 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)

========== Driver Services (SafeList) ==========

DRV - [2009.10.29 18:33:40 | 000,020,480 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ndisrd.sys -- (ndisrd)
DRV - [2009.08.03 22:28:16 | 000,027,136 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2009.02.13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009.02.05 22:08:10 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.02.05 22:07:24 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.02.05 22:07:12 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.02.05 22:06:20 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.02.05 22:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.02.05 22:05:12 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008.12.11 11:04:36 | 000,768,768 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ksaud.sys -- (ksaud)
DRV - [2008.10.24 18:27:06 | 001,830,912 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ksaudfl.sys -- (ksaudfl)
DRV - [2008.09.24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008.04.13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2008.04.13 20:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008.04.13 20:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2005.09.30 23:58:04 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2005.07.30 10:29:50 | 000,043,184 | R--- | M] (IPWireless) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipwpnet.sys -- (IpwP)
DRV - [2005.06.03 13:47:06 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2005.06.03 13:47:04 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005.06.03 13:47:00 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005.06.03 13:46:58 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005.06.03 13:46:52 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2005.04.07 18:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005.03.04 16:37:26 | 000,008,704 | ---- | M] (Avocent/OSA Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005.02.04 10:59:46 | 000,193,216 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005.01.14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2004.12.22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004.12.15 15:18:34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004.12.15 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004.12.15 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004.12.02 16:36:08 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004.08.22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004.08.22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004.07.19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2003.12.05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003.07.16 07:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HOTKEY.sys -- (Hotkey)
DRV - [2001.10.24 11:54:40 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001.08.17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001.08.17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001.08.17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001.08.17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001.08.17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001.08.17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001.08.17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001.08.17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001.08.17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001.08.17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001.08.17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001.08.17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001.08.17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001.08.17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2000.12.19 18:29:52 | 000,002,343 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Launch Manager\POWERKEY.SYS -- (POWERKEY)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2663428208-713818168-3378214460-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2663428208-713818168-3378214460-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2663428208-713818168-3378214460-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-2663428208-713818168-3378214460-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2663428208-713818168-3378214460-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-2663428208-713818168-3378214460-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.deepbassnine.com/tracker2"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.3.105
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2006.11.07 00:26:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2006.11.07 00:26:30 | 000,000,000 | ---D | M]

[2009.05.17 21:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luboš\Data aplikací\Mozilla\Extensions
[2006.11.07 00:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luboš\Data aplikací\Mozilla\Firefox\Profiles\84hexb47.default\extensions
[2009.08.03 19:59:00 | 000,000,000 | ---D | M] (Azerty III) -- C:\Documents and Settings\Luboš\Data aplikací\Mozilla\Firefox\Profiles\84hexb47.default\extensions\{04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}
[2007.05.28 19:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Luboš\Data aplikací\Mozilla\Firefox\Profiles\84hexb47.default\extensions\{13407856-f9ea-4536-bd03-70fb56d5d0cd}
[2008.04.04 11:07:00 | 000,000,000 | ---D | M] (Metal Lion - Vista) -- C:\Documents and Settings\Luboš\Data aplikací\Mozilla\Firefox\Profiles\84hexb47.default\extensions\{1AF3FC34-0725-4485-A939-6B40EB7CA96A}
[2010.01.03 19:11:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Luboš\Data aplikací\Mozilla\Firefox\Profiles\84hexb47.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007.12.03 07:56:08 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Documents and Settings\Luboš\Data aplikací\Mozilla\Firefox\Profiles\84hexb47.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}
[2008.04.17 08:37:12 | 000,000,000 | ---D | M] (Blue Ice 2) -- C:\Documents and Settings\Luboš\Data aplikací\Mozilla\Firefox\Profiles\84hexb47.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2009.07.26 13:34:44 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Luboš\Data aplikací\Mozilla\Firefox\Profiles\84hexb47.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010.02.28 04:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luboš\Data aplikací\Mozilla\Firefox\Profiles\84hexb47.default\extensions\toolbar@ask.com
[2006.11.07 00:26:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2005.12.05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2010.03.31 00:07:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.31 00:07:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.31 00:07:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.31 00:07:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.31 00:07:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2004.08.18 05:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-2663428208-713818168-3378214460-1005\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKU\S-1-5-21-2663428208-713818168-3378214460-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Creative KSRun Persistence Module] C:\WINDOWS\System32\KSRun.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [CTAPR2] C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Console Launcher\CTAPR2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe (Wistron)
O4 - HKLM..\Run: [EPM-DM] c:\Acer\ePM\epm-dm.exe (Acer Inc)
O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [eRecoveryService] C:\Program Files\acer\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [Module Loader] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PowerKey] C:\Program Files\Launch Manager\PowerKey.exe ()
O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O4 - HKU\S-1-5-21-2663428208-713818168-3378214460-1005..\Run: [Centrum.cz Notifikátor] C:\Program Files\NetCentrum\Notifikator\Notifikator.exe (NetCentrum, s.r.o.)
O4 - HKU\S-1-5-21-2663428208-713818168-3378214460-1005..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2663428208-713818168-3378214460-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 7401378843 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (cru629.dat\system32\) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Luboš\Data aplikací\uxjj.exe) - C:\Documents and Settings\Luboš\Data aplikací\uxjj.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{09ee767a-62b9-11db-ad7a-000ae4e589da}\Shell - "" = AutoRun
O33 - MountPoints2\{09ee767a-62b9-11db-ad7a-000ae4e589da}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{186e1f4c-ecd7-11de-a055-0014a43527ab}\Shell - "" = AutoRun
O33 - MountPoints2\{186e1f4c-ecd7-11de-a055-0014a43527ab}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{9a43105a-f5ec-11dd-9f16-000ae4e589da}\Shell\AutoRun\command - "" = wd_windows_tools\WDEULA.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2663428208-713818168-3378214460-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010.05.16 15:33:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010.05.16 15:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Wisdom-soft ScreenHunter 5 Free
[2010.05.16 13:57:55 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Luboš\Plocha\OTL.exe
[2010.05.15 12:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luboš\Local Settings\Data aplikací\Adobe
[2010.05.15 12:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luboš\Dokumenty\My eBooks
[2010.05.12 20:55:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Luboš\Dokumenty\Stažené soubory
[2007.02.14 11:51:35 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2007.02.14 11:51:35 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[21 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Luboš\Plocha\*.tmp files -> C:\Documents and Settings\Luboš\Plocha\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.16 19:34:30 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Luboš\Plocha\cmd.bat
[2010.05.16 19:04:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2010.05.16 19:04:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.16 19:04:10 | 000,000,096 | ---- | M] () -- C:\WINDOWS\ComponentList.xml
[2010.05.16 19:03:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.16 19:03:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.16 19:03:42 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.16 19:03:40 | 000,009,216 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe
[2010.05.16 19:03:40 | 000,009,216 | ---- | M] () -- C:\WINDOWS\braviax.exe
[2010.05.16 19:03:40 | 000,006,144 | ---- | M] () -- C:\WINDOWS\System32\cru629.dat
[2010.05.16 19:03:40 | 000,006,144 | ---- | M] () -- C:\WINDOWS\cru629.dat
[2010.05.16 16:06:36 | 009,175,040 | -H-- | M] () -- C:\Documents and Settings\Luboš\NTUSER.DAT
[2010.05.16 16:06:36 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Luboš\ntuser.ini
[2010.05.16 16:01:16 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.05.16 15:04:00 | 000,000,127 | ---- | M] () -- C:\WINDOWS\ScreenHunter.INI
[2010.05.16 13:58:02 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luboš\Plocha\OTL.exe
[2010.05.15 12:48:56 | 000,076,288 | RHS- | M] () -- C:\Documents and Settings\Luboš\Data aplikací\uxjj.exe
[2010.05.13 00:38:26 | 000,000,434 | ---- | M] () -- C:\WINDOWS\System32\Zvuky a zvuková zařízení.lnk
[2010.05.13 00:31:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.05.12 19:32:34 | 000,000,484 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010.05.06 21:20:34 | 000,046,555 | -H-- | M] () -- C:\treeinfo.wc
[2010.05.02 18:29:40 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.04.25 19:43:10 | 000,006,704 | -HS- | M] () -- C:\Documents and Settings\Luboš\Local Settings\Data aplikací\3486DGBgi8A
[2010.04.25 19:43:10 | 000,006,704 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\3486DGBgi8A
[21 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Luboš\Plocha\*.tmp files -> C:\Documents and Settings\Luboš\Plocha\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.16 15:28:05 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\braviax.exe
[2010.05.16 15:28:05 | 000,009,216 | ---- | C] () -- C:\WINDOWS\braviax.exe
[2010.05.16 15:28:05 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\cru629.dat
[2010.05.16 15:28:05 | 000,006,144 | ---- | C] () -- C:\WINDOWS\cru629.dat
[2010.05.16 15:03:58 | 000,000,127 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2010.05.16 14:12:40 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Luboš\Plocha\cmd.bat
[2010.05.16 13:48:31 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\Luboš\exehelperlog.txt
[2010.05.15 12:48:55 | 000,076,288 | RHS- | C] () -- C:\Documents and Settings\Luboš\Data aplikací\uxjj.exe
[2010.05.13 00:38:25 | 000,000,434 | ---- | C] () -- C:\WINDOWS\System32\Zvuky a zvuková zařízení.lnk
[2010.04.25 19:22:12 | 000,006,704 | -HS- | C] () -- C:\Documents and Settings\Luboš\Local Settings\Data aplikací\3486DGBgi8A
[2010.04.25 19:22:12 | 000,006,704 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\3486DGBgi8A
[2009.08.29 18:47:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009.08.14 00:55:08 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.08.06 00:29:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2009.03.04 22:07:31 | 000,000,152 | ---- | C] () -- C:\WINDOWS\wsdebug.ini
[2009.03.04 22:07:27 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009.03.04 21:26:50 | 000,189,440 | ---- | C] () -- C:\WINDOWS\System32\KSXPPI32.dll
[2009.03.04 20:22:37 | 000,033,126 | ---- | C] () -- C:\WINDOWS\System32\kschimp.ini
[2008.12.22 05:59:26 | 000,025,312 | ---- | C] () -- C:\WINDOWS\System32\DivXVfWCodec.dll
[2008.12.22 05:59:24 | 000,025,312 | ---- | C] () -- C:\WINDOWS\System32\SamsungVfWCodec.dll
[2008.12.22 05:59:08 | 000,447,200 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008.12.22 05:52:02 | 000,066,272 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2008.12.01 14:14:56 | 000,029,778 | ---- | C] () -- C:\WINDOWS\System32\ksaud.ini
[2008.03.29 03:44:46 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008.03.29 03:44:45 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.03.29 03:44:45 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.03.29 03:44:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.03.29 03:44:39 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2008.01.09 19:27:27 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.01.09 19:27:27 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007.12.20 22:01:15 | 000,000,148 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2007.10.14 23:19:30 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.07.16 17:36:28 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007.03.28 15:27:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2006.11.11 15:00:32 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Luboš.ini
[2006.09.19 21:45:21 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006.08.04 22:34:31 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006.07.18 00:38:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2006.05.16 17:11:45 | 000,000,143 | ---- | C] () -- C:\WINDOWS\WB.ini
[2006.05.01 10:48:36 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ChkMail.Ini
[2006.01.24 17:25:08 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.11.16 22:49:17 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.10.31 16:46:03 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.10.30 21:15:37 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005.10.14 20:19:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 003,223,552 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005.10.14 11:56:48 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005.10.14 11:56:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005.10.14 11:56:48 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005.10.13 18:09:16 | 000,092,078 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2005.10.03 11:05:14 | 000,000,738 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2005.09.30 19:03:05 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005.09.30 18:46:32 | 000,005,778 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2005.07.13 11:41:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.07.13 11:32:51 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005.07.13 11:32:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005.07.13 11:32:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005.07.13 11:32:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005.07.13 11:32:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005.07.13 11:30:42 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2005.07.13 11:15:47 | 000,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll
[2005.07.13 11:15:47 | 000,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll
[2005.07.13 11:15:47 | 000,225,280 | ---- | C] () -- C:\WINDOWS\Capsule.dll
[2005.07.13 11:15:47 | 000,001,150 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004.09.17 12:08:27 | 000,003,568 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003.04.09 14:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.03.21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002.03.05 12:35:49 | 000,285,696 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1980.01.01 00:00:00 | 000,619,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntfs.sys
[1980.01.01 00:00:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\beep.sys

========== LOP Check ==========

[2005.09.30 19:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2007.03.23 22:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Teleca
[2008.01.17 09:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\WinZip
[2009.03.03 00:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SRSLabs
[2009.12.19 21:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Western Digital
[2005.09.30 19:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luboš\Data aplikací\ACD Systems
[2006.10.27 19:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luboš\Data aplikací\uTorrent
[2007.04.18 19:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luboš\Data aplikací\ICQ
[2008.02.20 18:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luboš\Data aplikací\TC PowerPack
[2008.12.27 09:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luboš\Data aplikací\Teleca
[2009.03.03 00:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luboš\Data aplikací\foobar2000
[2009.12.19 21:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Luboš\Data aplikací\Western Digital
[2007.12.16 17:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Data aplikací\Teleca
[2010.05.16 16:01:16 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

< End of report >

Leam · #8 Příspěvek od **Leam** » 16 kvě 2010 18:57

a Extras.txt

OTL Extras logfile created on: 16.5.2010 19:35:26 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Luboš\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

502,00 Mb Total Physical Memory | 104,00 Mb Available Physical Memory | 21,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 60,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26,27 Gb Total Space | 1,22 Gb Free Space | 4,66% Space Free | Partition Type: FAT32
Drive D: | 26,66 Gb Total Space | 0,05 Gb Free Space | 0,18% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LEE
Current User Name: Luboš
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2663428208-713818168-3378214460-1005\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\7.0\ACDSee7.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\totalcmd\TOTALCMD.EXE" = C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:TOTALCMD -- (C. Ghisler & Co.)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\FIREFOX.EXE" = C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, Inc.)
"H:\uTorrent\utorrent.exe" = H:\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\QIP\qip.exe" = C:\Program Files\QIP\qip.exe:*:Disabled:Quiet Internet Pager -- (The Author of QIP)
"G:\uTorrent\utorrent.exe" = G:\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0815D55A-5EFF-4E1B-8C04-7035E914D90D}" = OLYMPUS Master 2
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}" = Sound Blaster X-Fi Surround 5.1
"{1CFF36CE-2A4C-4ABD-9251-284491A383D2}" = PTDD Partition Table Doctor 3.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePowerManagement
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{B0625F16-B742-4F75-9FD8-20B47ACC7DE2}" = ACDSee 7.0 PowerPack
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5ADA65A-7828-4D85-B071-ECC52B51F794}" = Sony Ericsson PC Suite 1.20.173
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD0DC280-2489-4464-A2FC-16104676394A}" = WD SmartWare
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.0.8.8
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"µTorrent CZ_is1" = µTorrent CZ 1.7.7 (build 8179)
"3ivx MPEG-4 5.0.2" = 3ivx MPEG-4 5.0.2 (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced RAR Repair v1.2" = Advanced RAR Repair v1.2
"AudioCS" = Creative Audio Control Panel
"avast!" = avast! Antivirus
"AVIConverter" = AVIConverter 5.1
"BSPlayer1" = BSPlayer
"CCleaner" = CCleaner (remove only)
"CentrumNotifikator" = Centrum.cz E-mail Notifikátor 1.0
"Commercial Suicide" = Commercial Suicide
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"FLVPlayer" = FLV Player 1.3.3
"future-music.net Screensaver_is1" = future-music.net Screensaver 1.1
"Goalzone" = Goalzone
"GridVista" = Acer GridVista
"Host OpenAL" = Host OpenAL
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.52
"Liquid Art" = Liquid Art Screen Saver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"mpegable DS" = mpegable DS decoder
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NetMon&Stat_is1" = NetMon&Stat 1.10
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QIP 2005_is1" = QIP 2005 8090
"Rainlendar2" = Rainlendar2 (remove only)
"rajče.net_is1" = rajče beta53 sestavení 96
"RealPlayer 6.0" = RealPlayer
"RocketDock_is1" = RocketDock 1.3.5
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Skype_is1" = Skype 3.0
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"ST5UNST #1" = Kronika 20. století
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"TC PowerPack" = TC PowerPack 1.7
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

#9 Příspěvek od **Caroprd111** » 16 kvě 2010 19:00

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
SRV - File not found [Disabled | Stopped] -- -- (iPodService)
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.3.105
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (cru629.dat\system32\) - File not found
[21 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Luboš\Plocha\*.tmp files -> C:\Documents and Settings\Luboš\Plocha\*.tmp -> ]
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Luboš\Data aplikací\uxjj.exe) - C:\Documents and Settings\Luboš\Data aplikací\uxjj.exe ()
O37 - HKU\S-1-5-21-2663428208-713818168-3378214460-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found
[2010.05.16 19:03:40 | 000,009,216 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe
[2010.05.16 19:03:40 | 000,009,216 | ---- | M] () -- C:\WINDOWS\braviax.exe
[2010.05.16 19:03:40 | 000,006,144 | ---- | M] () -- C:\WINDOWS\System32\cru629.dat
[2010.05.16 19:03:40 | 000,006,144 | ---- | M] () -- C:\WINDOWS\cru629.dat
[2010.05.16 16:01:16 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.05.15 12:48:56 | 000,076,288 | RHS- | M] () -- C:\Documents and Settings\Luboš\Data aplikací\uxjj.exe
[2010.04.25 19:43:10 | 000,006,704 | -HS- | M] () -- C:\Documents and Settings\Luboš\Local Settings\Data aplikací\3486DGBgi8A
[2010.04.25 19:43:10 | 000,006,704 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\3486DGBgi8A

:Files
C:\Program Files\Ask.com

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.

Obrázek

Doporučuji odinstalovat µTorrent CZ 1.7.7 (build 8179)

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.

Leam · #10 Příspěvek od **Leam** » 16 kvě 2010 19:17

k předchozímu - nebyl vložený celý log Extras.txt, zlobilo mi načítání stránky a odeslání

Poslední skript vložen, pc se restartoval po klik na OK - po naběhnutí ale vykočilo okno s tím, že OTL.exe nejde najít v umístění ...\plocha - stejně tak jsou pryč předchozí logy, žádný soubor s aktuálním se nespustil..

Leam · #11 Příspěvek od **Leam** » 16 kvě 2010 19:17

(utorrent odinstalován;)

#12 Příspěvek od **Caroprd111** » 16 kvě 2010 19:28

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
Vložte do PC všechny flash disky, které používáte.
Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
Během skenování může být počítač restartován.

Leam · #13 Příspěvek od **Leam** » 16 kvě 2010 19:53

stáhnuto a uloženo na ploše - nejde spustit

nic se nestane.. a to ať byl braviax aktivní nebo neaktivní (braviax.exe..)

#14 Příspěvek od **Caroprd111** » 16 kvě 2010 19:57

Zkuste ComboFix přejmenovat třeba na cokoliv.com, případně přejmenovaný ComboFix spusťte v nouzovém režimu.

Leam · #15 Příspěvek od **Leam** » 16 kvě 2010 20:48

takže log z ComboFixu:

ComboFix 10-05-16.01 - Luboš 16.05.2010 21:18:51.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.502.275 [GMT 2:00]
Spuštěný z: c:\documents and settings\Luboš\Plocha\cokoliv.com
AV: avast! antivirus 4.8.1335 [VPS 090729-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Real\WeatherBug\MiniBugTransporter.dll
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\desktop
c:\windows\desktop\acidspunkdebug.txt
c:\windows\system32\autorun.ini
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat

Nakažená kopie c:\windows\system32\drivers\cmdide.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
c:\windows\system32\drivers\beep.sys . . . je infikován!!

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ndisrd

((((((((((((((((((((((((( Soubory vytvořené od 2010-04-16 do 2010-05-16 )))))))))))))))))))))))))))))))
.

2010-05-16 18:06 . 2010-05-16 18:06 -------- d-----w- C:\_OTL
2010-05-16 13:33 . 2010-05-16 13:33 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-16 13:02 . 2010-05-16 13:02 -------- d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Free

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-16 19:15 . 2004-09-17 11:54 6656 ----a-w- c:\windows\system32\drivers\cmdide.sys
2010-03-10 06:17 . 1979-12-31 22:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 1979-12-31 22:00 455680 ------w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 12:09 . 1979-12-31 22:00 2192128 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2004-08-17 13:45 2068992 ------w- c:\windows\system32\ntkrnlpa.exe
2008-03-12 08:37 . 2009-03-02 22:37 229376 ----a-w- c:\program files\foo_channel_mixer.dll
.

------- Sigcheck -------

[-] 2009-08-03 20:28 . 6C1B0BE3755A0ECF1288DFD78E5EBE69 . 27136 . . [------] . . c:\windows\system32\dllcache\beep.sys

[-] 2009-08-03 18:01 . 48FAB491F2DDAC025A0F5035035D5D11 . 619296 . . [------] . . c:\windows\system32\drivers\ntfs.sys
[-] 2009-08-03 18:01 . 48FAB491F2DDAC025A0F5035035D5D11 . 619296 . . [------] . . c:\windows\system32\dllcache\ntfs.sys
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-18 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

c:\windows\System32\drivers\beep.sys ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Centrum.cz Notifikátor"="c:\program files\NetCentrum\Notifikator\Notifikator.exe" [2006-04-14 560640]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-05-15 95536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 192512]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-18 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-18 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-18 455168]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-06-06 69632]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-07-25 81920]
"eRecoveryService"="c:\program files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-05-15 54576]
"Module Loader"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi Surround 5.1\Console Launcher\CTAPR2.exe" [2007-08-03 61611]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" [2007-12-19 217192]
"Creative KSRun Persistence Module"="KSRun.dll" [2008-08-29 16896]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 04:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 04:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ------w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2008-05-15 15:26 95536 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 13:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-07-14 23:07 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 14:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-25 18:23 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\QIP\\qip.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [14.2.2007 11:51 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [14.2.2007 11:51 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4.4.2008 11:10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4.4.2008 11:10 20560]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [14.10.2009 14:31 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16.6.2009 9:58 20480]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [30.9.2005 23:56 2343]
S1 mailKmd;mailKmd; [x]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [4.3.2009 21:29 79360]
S3 IpwP;IPWireless 3G PCMCIA Network Adapter;c:\windows\system32\drivers\ipwpnet.sys [9.11.2008 21:12 43184]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [11.12.2008 11:04 768768]
S3 ksaudfl;ksaudfl;c:\windows\system32\drivers\ksaudfl.sys [24.10.2008 18:27 1830912]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [20.12.2009 20:56 11520]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Luboš\Data aplikací\Mozilla\Firefox\Profiles\84hexb47.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.deepbassnine.com/tracker2
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-braviax - c:\windows\system32\braviax.exe
MSConfigStartUp-Google Update - c:\documents and settings\Luboš\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
MSConfigStartUp-hp32_nword - c:\windows\system32\hp32_nword.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-16 21:36
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82CA4AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf861cf28
\Driver\ACPI -> ACPI.sys @ 0xf83e9cb8
\Driver\atapi -> 0x82abd160
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
SecurityProcedure -> ntkrnlpa.exe @ 0x805791fa
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
SecurityProcedure -> ntkrnlpa.exe @ 0x805791fa SendCompleteHandler -> NDIS.sys @ 0xf829bbb0
PacketIndicateHandler -> NDIS.sys @ 0xf828aa0d
SendHandler -> NDIS.sys @ 0xf829eb40
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1092)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\acer\eManager\anbmServ.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\RunDll32.exe
c:\windows\SOUNDMAN.EXE
c:\docume~1\LUBOŠ\LOCALS~1\Temp\RtkBtMnt.EXE
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-05-16 21:43:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-16 19:43

Před spuštěním: 2 443 968 512
Po spuštění: 2 308 636 672

- - End Of File - - 3E855817DA1939139369957F7B27B9F2

VIRY.CZ

Nejdou spustit exe; infikace minimálně ave.exe a braviax.exe

Nejdou spustit exe; infikace minimálně ave.exe a braviax.exe

Re: Nejdou spustit exe; infikace minimálně ave.exe a braviax

Re: Nejdou spustit exe; infikace minimálně ave.exe a braviax

Re: Nejdou spustit exe; infikace minimálně ave.exe a braviax

Re: Nejdou spustit exe; infikace minimálně ave.exe a braviax

Re: Nejdou spustit exe; infikace minimálně ave.exe a braviax

Re: Nejdou spustit exe; infikace minimálně ave.exe a braviax

Re: Nejdou spustit exe; infikace minimálně ave.exe a braviax

Re: Nejdou spustit exe; infikace minimálně ave.exe a braviax

Re: Nejdou spustit exe; infikace minimálně ave.exe a braviax

Re: Nejdou spustit exe; infikace minimálně ave.exe a braviax

Re: Nejdou spustit exe; infikace minimálně ave.exe a braviax

Re: Nejdou spustit exe; infikace minimálně ave.exe a braviax

Re: Nejdou spustit exe; infikace minimálně ave.exe a braviax

Re: Nejdou spustit exe; infikace minimálně ave.exe a braviax