Prosím o RADU

[motji]

Soubor je na správném místě, ale nevím proč se skript vůbec neprovedl .
Máte ho správně uložený?

[holvyy]

Zde nejnovější log

ComboFix 10-08-03.04 - Bohuslav 06.08.2010 10:42:34.8.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.594 [GMT 2:00]
Spuštěný z: c:\documents and settings\Bohuslav\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Bohuslav\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *disabled* {CB8DE467-2367-41d1-87BA-D0AE12284F9A}

file zipped: c:\documents and settings\Bohuslav\Nabídka Start\Programy\Po spuštění\updpxe32.exe
file zipped: c:\windows\system32\drivers\sdljptvc.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bohuslav\Nabídka Start\Programy\Po spuštění\updpxe32.exe
c:\windows\system32\drivers\sdljptvc.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-06 do 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-06 08:51 . 2010-08-06 08:52 -------- d-----w- c:\windows\LastGood
2010-08-06 02:53 . 2010-08-06 08:16 -------- d-----w- C:\aec.sys
2010-08-05 22:36 . 2010-08-05 22:37 -------- d-----w- C:\Nová složka
2010-08-05 10:20 . 2010-08-06 08:52 0 ----a-w- c:\windows\system32\drivers\aec.sys
2010-08-04 20:23 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 20:23 . 2010-08-04 20:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 20:23 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-03 13:29 . 2010-08-03 13:31 -------- d-----w- c:\program files\trend micro
2010-08-03 13:29 . 2010-08-03 13:33 -------- d-----w- C:\rsit
2010-08-03 01:50 . 2008-04-13 22:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-08-03 01:50 . 2008-04-13 22:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-08-03 01:50 . 2008-04-13 22:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-08-03 01:50 . 2008-04-13 22:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-08-03 01:50 . 2008-04-13 22:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-08-03 01:50 . 2008-04-13 22:11 8192 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-07-15 14:14 . 2010-07-15 14:14 -------- d-----w- c:\program files\Common Files\Skype
2010-07-13 16:21 . 2010-07-13 16:21 -------- d-----w- c:\program files\Common Files\PCSuite
2010-07-13 16:21 . 2010-07-13 16:21 -------- d-----w- c:\program files\Common Files\Nokia
2010-07-13 16:18 . 2010-07-13 16:18 -------- d-----w- c:\program files\DIFX
2010-07-13 16:18 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-07-13 16:18 . 2010-07-13 16:18 -------- d-----w- c:\program files\PC Connectivity Solution
2010-07-13 16:18 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-07-13 16:18 . 2010-02-26 12:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-07-13 16:18 . 2010-02-26 12:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-07-13 16:18 . 2010-02-26 12:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-07-13 16:18 . 2010-02-26 12:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 10:21 . 2010-06-07 14:29 -------- d-----w- c:\program files\DScaler
2010-08-05 09:49 . 2010-06-07 13:21 -------- d-----w- c:\program files\Driver Genius
2010-08-04 14:54 . 2006-01-24 17:45 -------- d-----w- c:\program files\CCleaner
2010-08-02 17:45 . 2001-10-25 12:00 47410 ----a-w- c:\windows\system32\perfc005.dat
2010-08-02 17:45 . 2001-10-25 12:00 312606 ----a-w- c:\windows\system32\perfh005.dat
2010-07-31 02:34 . 2010-03-17 16:15 -------- d-----w- c:\program files\Spyware Terminator
2010-07-27 10:33 . 2010-03-29 22:08 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-07-15 14:13 . 2005-09-15 19:28 -------- d-----w- c:\program files\Skype
2010-07-13 16:30 . 2010-07-13 16:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-13 16:30 . 2010-07-13 16:30 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-07-13 16:29 . 2010-07-13 16:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-07-13 16:29 . 2010-07-13 16:29 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-13 16:21 . 2008-02-12 00:01 -------- d-----w- c:\program files\Nokia
2010-07-13 03:03 . 2010-03-20 03:45 -------- d-----w- c:\program files\Burn4Free
2010-07-12 03:19 . 2010-07-12 03:19 113322 ----a-w- c:\program files\_JPOD, 6. dub 1931.sav
2010-07-07 15:35 . 2010-03-25 09:14 -------- d-----w- c:\program files\ICQ7.1
2010-07-01 14:05 . 2007-12-09 15:24 -------- d-----w- c:\program files\GRETECH
2010-06-28 20:57 . 2010-06-29 06:07 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-04-28 13:25 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-28 13:25 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-28 13:25 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-28 13:25 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-28 13:25 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-04-28 13:25 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-04-28 13:25 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-04-28 13:25 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 15:25 . 2004-04-01 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-23 14:48 . 2010-06-23 14:48 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-06-23 14:48 . 2010-06-23 14:48 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-06-23 14:48 . 2010-06-23 14:47 -------- d-----w- c:\program files\WinFast
2010-06-23 14:48 . 2010-06-23 14:48 -------- d-----w- c:\program files\Windows Sidebar
2010-06-23 14:41 . 2010-06-23 14:41 -------- d-----w- c:\program files\Leadtek Research Inc
2010-06-23 13:50 . 2010-06-23 13:50 -------- d-----w- c:\program files\win fst
2010-06-23 13:36 . 2010-06-07 13:58 -------- d-----w- c:\program files\ChrisTV PVR
2010-06-14 15:47 . 2010-06-13 20:29 -------- d-----w- c:\program files\LifeView MVP
2010-06-12 19:55 . 2010-03-01 17:20 -------- d-----w- c:\program files\Ashampoo
2010-06-08 10:08 . 2010-06-08 10:08 -------- d-----w- c:\program files\Common Files\NacreWare
2010-06-08 10:08 . 2010-06-08 10:08 -------- d-----w- c:\program files\AMC2000
2010-06-07 14:02 . 2010-05-05 10:16 4456 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-07 14:00 . 2010-04-21 12:02 -------- d-----w- c:\program files\BS_Player
2010-06-07 13:17 . 2010-06-07 13:17 -------- d-----w- c:\program files\ATI Technologies
2008-08-18 08:55 . 2008-08-18 08:55 148766 ----a-w- c:\program files\PC Tools Firewall Plus_40045_cz.exe
2008-08-18 08:37 . 2008-08-18 08:37 2405 ----a-w- c:\program files\Přečti si!.txt
.

------- Sigcheck -------

[-] 2010-08-06 08:56 . !HASH: COULD NOT OPEN FILE !!!!! . 585472 . . [------] . . c:\windows\system32\drivers\aec.sys
[-] 2008-04-13 21:09 . !HASH: COULD NOT OPEN FILE !!!!! . 142592 . . [------] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 20:09 . !HASH: COULD NOT OPEN FILE !!!!! . 142592 . . [------] . . c:\windows\ERDNT\cache\aec.sys
[-] 2008-04-13 20:09 . !HASH: COULD NOT OPEN FILE !!!!! . 142592 . . [------] . . c:\windows\system32\dllcache\aec.sys
[-] 2006-02-15 00:30 . !HASH: COULD NOT OPEN FILE !!!!! . 142464 . . [------] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . !HASH: COULD NOT OPEN FILE !!!!! . 142464 . . [------] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-03 20:39 . !HASH: COULD NOT OPEN FILE !!!!! . 142464 . . [------] . . c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2002-08-28 21:16 . !HASH: COULD NOT OPEN FILE !!!!! . 142208 . . [------] . . c:\windows\SoftwareDistribution\Download\S-1-5-18\2bc6990d5261226b377910d10bc586ad\backup\aec.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-06-07 14:00 2515552 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-03-01 451224]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-17 3037696]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-03-25 2924544]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-03-17 2166784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-31 185872]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2010-04-07 79360]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" silent loginmode=4
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SoundMan"=SOUNDMAN.EXE
"WinampAgent"=c:\program files\Winamp\winampa.exe
"DTVRemote"="c:\program files\LifeView MVP\RemoteControl.exe"
"ChrisTV Agent"="c:\program files\ChrisTV PVR\ChrisTV_Agent.exe" /SILENT

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Bohuslav\\Plocha\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.4.2010 15:25 165456]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [17.3.2010 18:15 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.4.2010 15:25 17744]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [23.6.2010 16:41 59776]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.3.2010 11:28 246520]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 10:59 1047880]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [23.6.2010 16:41 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [23.6.2010 16:41 9600]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.8.2007 22:37 685816]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
utvmhdnl
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80096&lng=cs
uInternet Settings,ProxyServer = 192.168.200.221:3128
IE: &ICQ Toolbar Search - c:\progra~1\ICQTOO~1\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://portal.mpsv.cz/sz/obcane/vmjedno
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-06 10:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\Bohuslav\LOCALS~1\Temp\ASFWHide"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aec]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="BEDF0E162D592E52B7BAEC663700D6CC162A0B998B7A3A05471626057DE6BF7A1F7FCC5C48F133D3934FD843F437292DC3433D6109AAB1FD52E1A112079E5E888C014FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D140700F9F580EE9F7A3F509BB07F5125FBB180A42937C0B26B9F8A1A02A1A309A0A413872200E3F2285D9B7BB1595FEEC2CCB7D8A957E9A7011FD7F8F360E03868AFA89B16944ECBA769F4A7718F997FDE75A9B815FB4C2178315904157763308C00590683492FBED5686E05E1E7CB913E7A035D3BC71E9FEF9372A8BB06E8577D64E629E15AEE3597D1420ABB5BA532D5A394743892F6768CF7AE6A7FE29464B018337CEABAD8EED113CAC4F99A3CC69DA7543E65E8D54EF6843BDEBE15EB642250458A9C8E1CFB708A08D45A0787048FB5DB90E3881AA2DCD26A301A59DA39CCB24773B9AF4C42608C9DEEE0B66575ABEBE55618E58BC16D72311DF5A0AE96355C09EA472B617C96E1545BD4F514F9F663D389AAA9D2515EE3AAF6FB0E98865E59FDB7904435B688C418F541C138C3F8212BBD062C7C48671E14A5997CB164522FBAB5A3EE0855B068F7AE74CD5BDABBA49498DB017AF2460BCFA18076F26220D4FB5251D47E0C8E6DA90A037E6A9850DDDD519F6821703B87E37AA4BDBA84D8332193B0541EE4236E82A0C270B3ACCA3276B60ADBABB48A66F8524046CB23912CAA8E1C7E53BEF6F57F1F5072ED9941FA74A91706B7887CEEDDDF4FB94C6C641042EE32186CCA130440C50A8430364F848F9F8647C4855FD8846B1471465FEE27B0F3D49C9E8D870E8AE613DFF5AC1690A522DBB0399D02D383D59382A8D1D2ACE67228B78063657AC3ECD26DA17CB8D3B74D600D5E92B981920F16ADC66B3550F5CF194B0C7745267853734DF6785E7769D4A0D6617EDF77121F296D552BC0B2150854ED234DC0615A2B65509D47339705FAEBBCD44BD040029F1E6DEEDF236D202A4C6887B976EFBB18DB7DA2E36646779A5622ACBA6C5A0ABD8A0E932F8C0A15DA37376166890993524D10761D2C885020389F435E9736F23EC6652391B38897CF8F0DBBD29FD900A5F3F4EC143BD6C58E2E80D41EBB3BA975F03AE6D4D25BEDD3135006CEE402BF735051BEC1509F307998C384B74543424EE90A8798A5E883C7449893010715B62F26F888EFAB428C0B1A9CD6B8241C7147D50592D0F00DE61F68359C63381CEC61FAF7CABD8E147B001C73B387CD8791719E107CC77717CBDE8AA5BAC2AF118E261B8C691E435EC1AA4AE36B59B93B207571C29A1A834987A479A1EE422867EAAE15A82ED6135E4A6F153D2DBB66E23F0BBFE9A7B863DA951F45129C56E07FF53E3CF343"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3172)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\oodag.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\System32\logon.scr
.
**************************************************************************
.
Celkový čas: 2010-08-06 10:59:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-06 08:59
ComboFix2.txt 2010-08-06 03:39
ComboFix3.txt 2010-08-05 22:04
ComboFix4.txt 2010-08-05 11:57
ComboFix5.txt 2010-08-06 08:41

Před spuštěním: Volných bajtů: 29 732 610 048
Po spuštění: Volných bajtů: 29 719 646 208

Current=3 Default=3 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - F1ED84E224C716C956D35169A3970F65

[motji]

Zkusíme to ještě jednou, a jinak zkusím radikální řez .
Mějte se mnou trpělivost, tato infekce se špatně léčí, pořád se to odněkud obnovuje .




Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

KillAll::

FCOPY::
c:\aec.sys | c:\windows\system32\drivers\aec.sys
c:\aec.sys | c:\windows\ServicePackFiles\i386\aec.sys
c:\aec.sys | c:\windows\ERDNT\cache\aec.sys
c:\aec.sys | c:\windows\system32\dllcache\aec.sys
c:\aec.sys | c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
c:\aec.sys | c:\windows\$NtServicePackUninstall$\aec.sys
c:\aec.sys | c:\windows\$NtUninstallKB900485$\aec.sys
c:\aec.sys | c:\windows\SoftwareDistribution\Download\S-1-5-18\2bc6990d5261226b377910d10bc586ad\backup\aec.sys

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aec]

Srpeek::
c:\windows\system32\drivers\aec.sys

FixCSet::

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:





Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.



-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[holvyy]

ComboFix 10-08-03.04 - Bohuslav 06.08.2010 16:37:01.9.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.171 [GMT 2:00]
Spuštěný z: c:\documents and settings\Bohuslav\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Bohuslav\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *disabled* {CB8DE467-2367-41d1-87BA-D0AE12284F9A}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-06 do 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-06 08:51 . 2010-08-06 14:42 -------- d-----w- c:\windows\LastGood.Tmp
2010-08-06 02:53 . 2010-08-06 08:16 -------- d-----w- C:\aec.sys
2010-08-05 22:36 . 2010-08-05 22:37 -------- d-----w- C:\Nová složka
2010-08-05 10:20 . 2010-08-06 14:43 585472 ----a-w- c:\windows\system32\drivers\aec.sys
2010-08-04 20:23 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 20:23 . 2010-08-04 20:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 20:23 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-03 13:29 . 2010-08-03 13:31 -------- d-----w- c:\program files\trend micro
2010-08-03 13:29 . 2010-08-03 13:33 -------- d-----w- C:\rsit
2010-08-03 01:50 . 2008-04-13 22:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-08-03 01:50 . 2008-04-13 22:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-08-03 01:50 . 2008-04-13 22:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-08-03 01:50 . 2008-04-13 22:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-08-03 01:50 . 2008-04-13 22:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-08-03 01:50 . 2008-04-13 22:11 8192 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-07-15 14:14 . 2010-07-15 14:14 -------- d-----w- c:\program files\Common Files\Skype
2010-07-13 16:21 . 2010-07-13 16:21 -------- d-----w- c:\program files\Common Files\PCSuite
2010-07-13 16:21 . 2010-07-13 16:21 -------- d-----w- c:\program files\Common Files\Nokia
2010-07-13 16:18 . 2010-07-13 16:18 -------- d-----w- c:\program files\DIFX
2010-07-13 16:18 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-07-13 16:18 . 2010-07-13 16:18 -------- d-----w- c:\program files\PC Connectivity Solution
2010-07-13 16:18 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-07-13 16:18 . 2010-02-26 12:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-07-13 16:18 . 2010-02-26 12:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-07-13 16:18 . 2010-02-26 12:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-07-13 16:18 . 2010-02-26 12:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-06 14:44 . 2006-10-17 15:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-05 10:21 . 2010-06-07 14:29 -------- d-----w- c:\program files\DScaler
2010-08-05 09:49 . 2010-06-07 13:21 -------- d-----w- c:\program files\Driver Genius
2010-08-04 14:54 . 2006-01-24 17:45 -------- d-----w- c:\program files\CCleaner
2010-08-02 17:45 . 2001-10-25 12:00 47410 ----a-w- c:\windows\system32\perfc005.dat
2010-08-02 17:45 . 2001-10-25 12:00 312606 ----a-w- c:\windows\system32\perfh005.dat
2010-07-27 10:33 . 2010-03-29 22:08 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-07-15 14:13 . 2005-09-15 19:28 -------- d-----w- c:\program files\Skype
2010-07-13 16:30 . 2010-07-13 16:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-13 16:30 . 2010-07-13 16:30 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-07-13 16:29 . 2010-07-13 16:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-07-13 16:29 . 2010-07-13 16:29 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-13 16:21 . 2008-02-12 00:01 -------- d-----w- c:\program files\Nokia
2010-07-13 03:03 . 2010-03-20 03:45 -------- d-----w- c:\program files\Burn4Free
2010-07-12 03:19 . 2010-07-12 03:19 113322 ----a-w- c:\program files\_JPOD, 6. dub 1931.sav
2010-07-07 15:35 . 2010-03-25 09:14 -------- d-----w- c:\program files\ICQ7.1
2010-07-01 14:05 . 2007-12-09 15:24 -------- d-----w- c:\program files\GRETECH
2010-06-28 20:57 . 2010-06-29 06:07 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-04-28 13:25 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-28 13:25 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-28 13:25 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-28 13:25 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-28 13:25 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-04-28 13:25 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-04-28 13:25 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-04-28 13:25 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 15:25 . 2004-04-01 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-23 14:48 . 2010-06-23 14:48 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-06-23 14:48 . 2010-06-23 14:48 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-06-23 14:48 . 2010-06-23 14:47 -------- d-----w- c:\program files\WinFast
2010-06-23 14:48 . 2010-06-23 14:48 -------- d-----w- c:\program files\Windows Sidebar
2010-06-23 14:41 . 2010-06-23 14:41 -------- d-----w- c:\program files\Leadtek Research Inc
2010-06-23 13:50 . 2010-06-23 13:50 -------- d-----w- c:\program files\win fst
2010-06-23 13:36 . 2010-06-07 13:58 -------- d-----w- c:\program files\ChrisTV PVR
2010-06-14 15:47 . 2010-06-13 20:29 -------- d-----w- c:\program files\LifeView MVP
2010-06-12 19:55 . 2010-03-01 17:20 -------- d-----w- c:\program files\Ashampoo
2010-06-08 10:08 . 2010-06-08 10:08 -------- d-----w- c:\program files\Common Files\NacreWare
2010-06-08 10:08 . 2010-06-08 10:08 -------- d-----w- c:\program files\AMC2000
2010-06-07 14:02 . 2010-05-05 10:16 4456 ----a-w- c:\windows\system32\d3d9caps.dat
2008-08-18 08:55 . 2008-08-18 08:55 148766 ----a-w- c:\program files\PC Tools Firewall Plus_40045_cz.exe
2008-08-18 08:37 . 2008-08-18 08:37 2405 ----a-w- c:\program files\Přečti si!.txt
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

c:\aec.sys\aec.sys [x]
[7] 8BED39E3C35D6A489438B8141717A557 142592 \RP2\A0004593.sys

[-] !HASH: COULD NOT OPEN FILE !!!!! 142592 c:\windows\system32\dllcache\aec.sys
[7] 8BED39E3C35D6A489438B8141717A557 142592 \RP1\A0000228.sys

[-] !HASH: COULD NOT OPEN FILE !!!!! 585472 c:\windows\system32\drivers\aec.sys
[7] 8BED39E3C35D6A489438B8141717A557 142592 \RP1\A0000224.sys
[7] 8BED39E3C35D6A489438B8141717A557 142592 \RP1\A0003347.sys
.
------- Sigcheck -------

[-] 2010-08-06 14:43 . 83AF81FEA495E4EDFC31C890D4BFA4BC . 585472 . . [------] . . c:\windows\system32\drivers\aec.sys
[7] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[7] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys
[7] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[7] 2004-08-03 20:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
[7] 2002-08-28 21:16 . FF773FEDA15E8BD97FD54FE87A0ACDBE . 142208 . . [5.1.2601.1095 built by: xpsp1] . . c:\windows\SoftwareDistribution\Download\S-1-5-18\2bc6990d5261226b377910d10bc586ad\backup\aec.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-06-07 14:00 2515552 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2010-06-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-03-01 451224]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-03-25 2924544]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-31 185872]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2010-04-07 79360]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" silent loginmode=4
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SoundMan"=SOUNDMAN.EXE
"WinampAgent"=c:\program files\Winamp\winampa.exe
"DTVRemote"="c:\program files\LifeView MVP\RemoteControl.exe"
"ChrisTV Agent"="c:\program files\ChrisTV PVR\ChrisTV_Agent.exe" /SILENT

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Bohuslav\\Plocha\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.4.2010 15:25 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.4.2010 15:25 17744]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [23.6.2010 16:41 59776]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.3.2010 11:28 246520]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 10:59 1047880]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [23.6.2010 16:41 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [23.6.2010 16:41 9600]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.8.2007 22:37 685816]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
utvmhdnl
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80096&lng=cs
uInternet Settings,ProxyServer = 192.168.200.221:3128
IE: &ICQ Toolbar Search - c:\progra~1\ICQTOO~1\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://portal.mpsv.cz/sz/obcane/vmjedno
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-06 16:46
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\Bohuslav\LOCALS~1\Temp\ASFWHide"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="BEDF0E162D592E52B7BAEC663700D6CC162A0B998B7A3A05471626057DE6BF7A1F7FCC5C48F133D3934FD843F437292DC3433D6109AAB1FD52E1A112079E5E888C014FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D140700F9F580EE9F7A3F509BB07F5125FBB180A42937C0B26B9F8A1A02A1A309A0A413872200E3F2285D9B7BB1595FEEC2CCB7D8A957E9A7011FD7F8F360E03868AFA89B16944ECBA769F4A7718F997FDE75A9B815FB4C2178315904157763308C00590683492FBED5686E05E1E7CB913E7A035D3BC71E9FEF9372A8BB06E8577D64E629E15AEE3597D1420ABB5BA532D5A394743892F6768CF7AE6A7FE29464B018337CEABAD8EED113CAC4F99A3CC69DA7543E65E8D54EF6843BDEBE15EB642250458A9C8E1CFB708A08D45A0787048FB5DB90E3881AA2DCD26A301A59DA39CCB24773B9AF4C42608C9DEEE0B66575ABEBE55618E58BC16D72311DF5A0AE96355C09EA472B617C96E1545BD4F514F9F663D389AAA9D2515EE3AAF6FB0E98865E59FDB7904435B688C418F541C138C3F8212BBD062C7C48671E14A5997CB164522FBAB5A3EE0855B068F7AE74CD5BDABBA49498DB017AF2460BCFA18076F26220D4FB5251D47E0C8E6DA90A037E6A9850DDDD519F6821703B87E37AA4BDBA84D8332193B0541EE4236E82A0C270B3ACCA3276B60ADBABB48A66F8524046CB23912CAA8E1C7E53BEF6F57F1F5072ED9941FA74A91706B7887CEEDDDF4FB94C6C641042EE32186CCA130440C50A8430364F848F9F8647C4855FD8846B1471465FEE27B0F3D49C9E8D870E8AE613DFF5AC1690A522DBB0399D02D383D59382A8D1D2ACE67228B78063657AC3ECD26DA17CB8D3B74D600D5E92B981920F16ADC66B3550F5CF194B0C7745267853734DF6785E7769D4A0D6617EDF77121F296D552BC0B2150854ED234DC0615A2B65509D47339705FAEBBCD44BD040029F1E6DEEDF236D202A4C6887B976EFBB18DB7DA2E36646779A5622ACBA6C5A0ABD8A0E932F8C0A15DA37376166890993524D10761D2C885020389F435E9736F23EC6652391B38897CF8F0DBBD29FD900A5F3F4EC143BD6C58E2E80D41EBB3BA975F03AE6D4D25BEDD3135006CEE402BF735051BEC1509F307998C384B74543424EE90A8798A5E883C7449893010715B62F26F888EFAB428C0B1A9CD6B8241C7147D50592D0F00DE61F68359C63381CEC61FAF7CABD8E147B001C73B387CD8791719E107CC77717CBDE8AA5BAC2AF118E261B8C691E435EC1AA4AE36B59B93B207571C29A1A834987A479A1EE422867EAAE15A82ED6135E4A6F153D2DBB66E23F0BBFE9A7B863DA951F45129C56E07FF53E3CF343"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4064)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\oodag.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\System32\logon.scr
.
**************************************************************************
.
Celkový čas: 2010-08-06 16:53:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-06 14:53
ComboFix2.txt 2010-08-06 08:59
ComboFix3.txt 2010-08-06 03:39
ComboFix4.txt 2010-08-05 22:04
ComboFix5.txt 2010-08-06 14:35

Před spuštěním: Volných bajtů: 29 690 523 648
Po spuštění: Volných bajtů: 29 678 739 456

- - End Of File - - BD24D9965A892D61FAA4ACA87CB7E0AC

[holvyy]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4390

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

6.8.2010 18:00:32
mbam-log-2010-08-06 (18-00-32).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 186660
Uplynulý čas: 51 minuta(y), 52 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\Bohuslav\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.

[motji]

Pokud číslo 2

V mbamu to mazat nemusíte, dala jsem to do skriptu combofixu.

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

KIllAll::

Scopy::
\RP1\A0000228.sys | c:\windows\system32\drivers\aec.sys
\RP1\A0000228.sys | c:\windows\system32\dllcache\aec.sys
\RP1\A0000228.sys | c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
\RP1\A0000228.sys | c:\windows\$NtServicePackUninstall$\aec.sys

Netsvc::
utvmhdnl

Driver::
utvmhdnl

Collect::
C:\Documents and Settings\Bohuslav\Data aplikací\avdrn.dat 

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[holvyy]

ComboFix 10-08-06.01 - Bohuslav 06.08.2010 21:20:51.10.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.334 [GMT 2:00]
Spuštěný z: c:\documents and settings\Bohuslav\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Bohuslav\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *disabled* {CB8DE467-2367-41d1-87BA-D0AE12284F9A}

file zipped: c:\documents and settings\Bohuslav\Data aplikací\avdrn.dat
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bohuslav\Data aplikací\avdrn.dat

.
--------------- SCopy ---------------

\RP1\A0000228.sys --> c:\windows\system32\drivers\aec.sys
\RP1\A0000228.sys --> c:\windows\system32\dllcache\aec.sys
\RP1\A0000228.sys --> c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
\RP1\A0000228.sys --> c:\windows\$NtServicePackUninstall$\aec.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UTVMHDNL


((((((((((((((((((((((((( Soubory vytvořené od 2010-07-06 do 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-06 02:53 . 2010-08-06 08:16 -------- d-----w- C:\aec.sys
2010-08-05 22:36 . 2010-08-05 22:37 -------- d-----w- C:\Nová složka
2010-08-05 10:20 . 2008-04-13 20:09 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-08-04 20:23 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 20:23 . 2010-08-04 20:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 20:23 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-03 13:29 . 2010-08-03 13:31 -------- d-----w- c:\program files\trend micro
2010-08-03 13:29 . 2010-08-03 13:33 -------- d-----w- C:\rsit
2010-08-03 01:50 . 2008-04-13 22:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-08-03 01:50 . 2008-04-13 22:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-08-03 01:50 . 2008-04-13 22:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-08-03 01:50 . 2008-04-13 22:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-08-03 01:50 . 2008-04-13 22:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-08-03 01:50 . 2008-04-13 22:11 8192 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-07-15 14:14 . 2010-07-15 14:14 -------- d-----w- c:\program files\Common Files\Skype
2010-07-13 16:21 . 2010-07-13 16:21 -------- d-----w- c:\program files\Common Files\PCSuite
2010-07-13 16:21 . 2010-07-13 16:21 -------- d-----w- c:\program files\Common Files\Nokia
2010-07-13 16:18 . 2010-07-13 16:18 -------- d-----w- c:\program files\DIFX
2010-07-13 16:18 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-07-13 16:18 . 2010-07-13 16:18 -------- d-----w- c:\program files\PC Connectivity Solution
2010-07-13 16:18 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-07-13 16:18 . 2010-02-26 12:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-07-13 16:18 . 2010-02-26 12:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-07-13 16:18 . 2010-02-26 12:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-07-13 16:18 . 2010-02-26 12:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-06 14:44 . 2006-10-17 15:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-05 10:21 . 2010-06-07 14:29 -------- d-----w- c:\program files\DScaler
2010-08-05 09:49 . 2010-06-07 13:21 -------- d-----w- c:\program files\Driver Genius
2010-08-04 14:54 . 2006-01-24 17:45 -------- d-----w- c:\program files\CCleaner
2010-08-02 17:45 . 2001-10-25 12:00 47410 ----a-w- c:\windows\system32\perfc005.dat
2010-08-02 17:45 . 2001-10-25 12:00 312606 ----a-w- c:\windows\system32\perfh005.dat
2010-07-27 10:33 . 2010-03-29 22:08 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-07-15 14:13 . 2005-09-15 19:28 -------- d-----w- c:\program files\Skype
2010-07-13 16:30 . 2010-07-13 16:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-13 16:30 . 2010-07-13 16:30 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-07-13 16:29 . 2010-07-13 16:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-07-13 16:29 . 2010-07-13 16:29 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-13 16:21 . 2008-02-12 00:01 -------- d-----w- c:\program files\Nokia
2010-07-13 03:03 . 2010-03-20 03:45 -------- d-----w- c:\program files\Burn4Free
2010-07-12 03:19 . 2010-07-12 03:19 113322 ----a-w- c:\program files\_JPOD, 6. dub 1931.sav
2010-07-07 15:35 . 2010-03-25 09:14 -------- d-----w- c:\program files\ICQ7.1
2010-07-01 14:05 . 2007-12-09 15:24 -------- d-----w- c:\program files\GRETECH
2010-06-28 20:57 . 2010-06-29 06:07 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-04-28 13:25 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-28 13:25 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-28 13:25 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-28 13:25 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-28 13:25 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-04-28 13:25 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-04-28 13:25 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-04-28 13:25 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-24 15:25 . 2004-04-01 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-23 14:48 . 2010-06-23 14:48 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-06-23 14:48 . 2010-06-23 14:48 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-06-23 14:48 . 2010-06-23 14:47 -------- d-----w- c:\program files\WinFast
2010-06-23 14:48 . 2010-06-23 14:48 -------- d-----w- c:\program files\Windows Sidebar
2010-06-23 14:41 . 2010-06-23 14:41 -------- d-----w- c:\program files\Leadtek Research Inc
2010-06-23 13:50 . 2010-06-23 13:50 -------- d-----w- c:\program files\win fst
2010-06-23 13:36 . 2010-06-07 13:58 -------- d-----w- c:\program files\ChrisTV PVR
2010-06-14 15:47 . 2010-06-13 20:29 -------- d-----w- c:\program files\LifeView MVP
2010-06-12 19:55 . 2010-03-01 17:20 -------- d-----w- c:\program files\Ashampoo
2010-06-08 10:08 . 2010-06-08 10:08 -------- d-----w- c:\program files\Common Files\NacreWare
2010-06-08 10:08 . 2010-06-08 10:08 -------- d-----w- c:\program files\AMC2000
2010-06-07 14:02 . 2010-05-05 10:16 4456 ----a-w- c:\windows\system32\d3d9caps.dat
2008-08-18 08:55 . 2008-08-18 08:55 148766 ----a-w- c:\program files\PC Tools Firewall Plus_40045_cz.exe
2008-08-18 08:37 . 2008-08-18 08:37 2405 ----a-w- c:\program files\Přečti si!.txt
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2010-03-01 451224]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-03-25 2924544]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-31 185872]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2010-04-07 79360]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" silent loginmode=4
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SoundMan"=SOUNDMAN.EXE
"WinampAgent"=c:\program files\Winamp\winampa.exe
"DTVRemote"="c:\program files\LifeView MVP\RemoteControl.exe"
"ChrisTV Agent"="c:\program files\ChrisTV PVR\ChrisTV_Agent.exe" /SILENT

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Bohuslav\\Plocha\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.4.2010 15:25 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.4.2010 15:25 17744]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [23.6.2010 16:41 59776]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.3.2010 11:28 246520]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 10:59 1047880]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [23.6.2010 16:41 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [23.6.2010 16:41 9600]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.8.2007 22:37 685816]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80096&lng=cs
uInternet Settings,ProxyServer = 192.168.200.221:3128
IE: &ICQ Toolbar Search - c:\progra~1\ICQTOO~1\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://portal.mpsv.cz/sz/obcane/vmjedno
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Bohuslav\Data aplikací\Mozilla\Firefox\Profiles\qnbnrney.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-06 21:32
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\Bohuslav\LOCALS~1\Temp\ASFWHide"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="BEDF0E162D592E52B7BAEC663700D6CC162A0B998B7A3A05471626057DE6BF7A1F7FCC5C48F133D3934FD843F437292DC3433D6109AAB1FD52E1A112079E5E888C014FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D140700F9F580EE9F7A3F509BB07F5125FBB180A42937C0B26B9F8A1A02A1A309A0A413872200E3F2285D9B7BB1595FEEC2CCB7D8A957E9A7011FD7F8F360E03868AFA89B16944ECBA769F4A7718F997FDE75A9B815FB4C2178315904157763308C00590683492FBED5686E05E1E7CB913E7A035D3BC71E9FEF9372A8BB06E8577D64E629E15AEE3597D1420ABB5BA532D5A394743892F6768CF7AE6A7FE29464B018337CEABAD8EED113CAC4F99A3CC69DA7543E65E8D54EF6843BDEBE15EB642250458A9C8E1CFB708A08D45A0787048FB5DB90E3881AA2DCD26A301A59DA39CCB24773B9AF4C42608C9DEEE0B66575ABEBE55618E58BC16D72311DF5A0AE96355C09EA472B617C96E1545BD4F514F9F663D389AAA9D2515EE3AAF6FB0E98865E59FDB7904435B688C418F541C138C3F8212BBD062C7C48671E14A5997CB164522FBAB5A3EE0855B068F7AE74CD5BDABBA49498DB017AF2460BCFA18076F26220D4FB5251D47E0C8E6DA90A037E6A9850DDDD519F6821703B87E37AA4BDBA84D8332193B0541EE4236E82A0C270B3ACCA3276B60ADBABB48A66F8524046CB23912CAA8E1C7E53BEF6F57F1F5072ED9941FA74A91706B7887CEEDDDF4FB94C6C641042EE32186CCA130440C50A8430364F848F9F8647C4855FD8846B1471465FEE27B0F3D49C9E8D870E8AE613DFF5AC1690A522DBB0399D02D383D59382A8D1D2ACE67228B78063657AC3ECD26DA17CB8D3B74D600D5E92B981920F16ADC66B3550F5CF194B0C7745267853734DF6785E7769D4A0D6617EDF77121F296D552BC0B2150854ED234DC0615A2B65509D47339705FAEBBCD44BD040029F1E6DEEDF236D202A4C6887B976EFBB18DB7DA2E36646779A5622ACBA6C5A0ABD8A0E932F8C0A15DA37376166890993524D10761D2C885020389F435E9736F23EC6652391B38897CF8F0DBBD29FD900A5F3F4EC143BD6C58E2E80D41EBB3BA975F03AE6D4D25BEDD3135006CEE402BF735051BEC1509F307998C384B74543424EE90A8798A5E883C7449893010715B62F26F888EFAB428C0B1A9CD6B8241C7147D50592D0F00DE61F68359C63381CEC61FAF7CABD8E147B001C73B387CD8791719E107CC77717CBDE8AA5BAC2AF118E261B8C691E435EC1AA4AE36B59B93B207571C29A1A834987A479A1EE422867EAAE15A82ED6135E4A6F153D2DBB66E23F0BBFE9A7B863DA951F45129C56E07FF53E3CF343"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2932)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\oodag.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\System32\logon.scr
.
**************************************************************************
.
Celkový čas: 2010-08-06 21:40:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-06 19:40
ComboFix2.txt 2010-08-06 14:53
ComboFix3.txt 2010-08-06 08:59
ComboFix4.txt 2010-08-06 03:39
ComboFix5.txt 2010-08-06 19:17

Před spuštěním: Volných bajtů: 29 653 958 656
Po spuštění: Volných bajtů: 29 638 295 552

- - End Of File - - 62B73BCD7CDACE640A79781EF843F28C

[motji]

Potvora zabita
pro můj klid na duši otestujte na www.virustotal.com
c:\windows\system32\drivers\aec.sys

Jak to vypadá s počítačem?

[holvyy]

Virtus total


Srpski | Македонски | العربية | Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Polski | Español | English
Virus Total
Virustotal je služba, která analyzuje podezřelé soubory na přítomnost virů, červů, trojanů a dalšího malware, pomocí detekčního jádra mnoha antivirů. Více informací...

* Analýza
* Hledání součtů
* Statistiky
* Email/Uploader
* O VT

Soubor aec.sys přijatý 2010.08.06 19:52:19 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/42 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 6.
Odhadovaný čas začátku mezi 90 a 128 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2010.08.07.00 2010.08.06 -
AntiVir 8.2.4.34 2010.08.06 -
Antiy-AVL 2.0.3.7 2010.08.06 -
Authentium 5.2.0.5 2010.08.06 -
Avast 4.8.1351.0 2010.08.06 -
Avast5 5.0.332.0 2010.08.06 -
AVG 9.0.0.851 2010.08.06 -
BitDefender 7.2 2010.08.06 -
CAT-QuickHeal 11.00 2010.08.06 -
ClamAV 0.96.0.3-git 2010.08.06 -
Comodo 5669 2010.08.06 -
DrWeb 5.0.2.03300 2010.08.06 -
Emsisoft 5.0.0.36 2010.08.06 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7771 2010.08.06 -
F-Prot 4.6.1.107 2010.08.06 -
F-Secure 9.0.15370.0 2010.08.06 -
Fortinet 4.1.143.0 2010.08.06 -
GData 21 2010.08.06 -
Ikarus T3.1.1.84.0 2010.08.06 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.06 -
McAfee 5.400.0.1158 2010.08.06 -
McAfee-GW-Edition 2010.1 2010.08.06 -
Microsoft 1.6004 2010.08.06 -
NOD32 5348 2010.08.06 -
Norman 6.05.11 2010.08.06 -
nProtect 2010-08-06.01 2010.08.06 -
Panda 10.0.2.7 2010.08.06 -
PCTools 7.0.3.5 2010.08.06 -
Prevx 3.0 2010.08.06 -
Rising 22.59.04.04 2010.08.06 -
Sophos 4.56.0 2010.08.06 -
Sunbelt 6696 2010.08.06 -
SUPERAntiSpyware 4.40.0.1006 2010.08.06 -
Symantec 20101.1.1.7 2010.08.06 -
TheHacker 6.5.2.1.334 2010.08.06 -
TrendMicro 9.120.0.1004 2010.08.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.7.29.3961 2010.08.06 -
VirusBuster 5.0.27.0 2010.08.06 -
Rozšiřující informace
File size: 142592 bytes
MD5...: 8bed39e3c35d6a489438b8141717a557
SHA1..: 7ccd9dda4ed4c776cd1a1be021a13dbc4b277c7e
SHA256: 1b5796e56b0927360ce0759641b1151828bc0a9e45620d2b2d880491f5ce33d0
ssdeep: 3072:/G09oYX0fLiARBfZ2GaQbYS8OMIKG00D6eOBRRhrGfkQqlIPWHCsyVCvk9A
qVu:f9NXuRbVYE7kyvWq
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2186a
timedatestamp.....: 0x4655ed3c (Thu May 24 19:53:32 2007)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x1722 0x1780 6.49 7ee2463242024daeb5b6de516c7611a0
.rdata 0x1b00 0x528 0x580 5.08 701033574d4b84815b4ff5f120aff4b3
.data 0x2080 0xe764 0xe780 7.38 aca6584a0ee27c68547161a37df3efa3
PAGE 0x10800 0xcf97 0xd000 6.59 a4171616989422194826fc54be5b35d9
PAGEDATA 0x1d800 0x3420 0x3480 7.38 ec72840a24316eaffafa2cefec3af7b4
PAGECONS 0x20c80 0xa7c 0xa80 3.30 6b9bf618e75b6b264e1c0584edaa73da
INIT 0x21700 0x860 0x880 5.48 166cdb92814dd6c47840958718d5fb0b
.rsrc 0x21f80 0x3c8 0x400 3.24 336ada92a9f25fc195aa599d4fbf9b4b
.reloc 0x22380 0x970 0x980 5.99 57151fe394329fb822093dffd6eed515

( 3 imports )
> ntoskrnl.exe: _wcslwr, wcslen, IoGetDeviceInterfaces, swprintf, PsTerminateSystemThread, KeWaitForSingleObject, wcsstr, KeSetTimer, ZwClose, ObReferenceObjectByHandle, PsCreateSystemThread, KeInitializeTimerEx, KeBugCheckEx, ObfReferenceObject, ObfDereferenceObject, _aulldiv, _allmul, InterlockedExchange, KeGetCurrentThread, KeSetTimerEx, DbgPrint, KeDelayExecutionThread, KeTickCount, KeQueryTimeIncrement, InterlockedCompareExchange, InterlockedIncrement, RtlCheckRegistryKey, RtlCreateRegistryKey, RtlWriteRegistryValue, RtlQueryRegistryValues, RtlFreeUnicodeString, ExFreePoolWithTag, KeSaveFloatingPointState, KeRestoreFloatingPointState, ExAllocatePoolWithTag, KeSetPriorityThread, ExFreePool, RtlRaiseException
> HAL.dll: KeQueryPerformanceCounter
> ks.sys: KsPinGetAvailableByteCount, KsPinRegisterIrpCompletionCallback, KsFilterAttemptProcessing, KsFilterAcquireProcessingMutex, KsFilterReleaseProcessingMutex, KsPinGetConnectedPinDeviceObject, KsPinGetConnectedPinFileObject, KsGetObjectFromFileObject, KsPinGetParentFilter, KsGetPinFromIrp, _KsEdit, KsStreamPointerClone, KsProcessPinUpdate, KsPinGetConnectedPinInterface, KsStreamPointerGetIrp, KsStreamPointerDelete, KsReleaseControl, KsAcquireControl, KsInitializeDriver, KsFilterGetFirstChildPin, KsGetFilterFromIrp

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
packers (Kaspersky): PE_Patch
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Microsoft Acoustic Echo Canceller
original name: aec.sys
internal name: aec.sys
file version.: 5.1.2601.3142
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

VAROVÁNÍ VAROVÁNÍ: VirusTotal je služba poskytovaná zdarma společnosti Hispasec Sistemas. Kvalita výsledků není nijak zaručena. Výsledky jsou závislé na tvůrci daného produktu. Vysledky testů nemusí být 100% správné. Tyto výsledky nemusí znamenat, že daný soubor je infikován, nebo čistý!

Scan another file
VirusTotal © Hispasec Sistemas - Blog - Kontakt: info@virustotal.com - Terms of Service & Privacy Policy
Počítač taktéž vypadá v normálu.

[motji]

Poprosím Vás o nový log ze Rsitu.

Stáhněte SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe
-program spusťte a postupujte podle instrukcí. Log vložte zde

[holvyy]

m tam Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
CCleaner
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader 6.0 CE
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

[motji]

A ještě poprosím o ten log ze Rsitu

[holvyy]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Bohuslav at 2010-08-06 22:22:43
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (37%) free of 76 GB
Total RAM: 767 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:23:24, on 6.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Documents and Settings\Bohuslav\Plocha\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Bohuslav\Plocha\RSIT.exe
C:\Program Files\trend micro\Bohuslav.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80096&lng=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... =11&lng=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80096
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.200.221:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRA~1\ICQTOO~1\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pilsfree.czf
O17 - HKLM\Software\..\Telephony: DomainName = pilsfree.czf
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8587 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\TRANSLAT\WEBIE.DLL [2004-11-17 360448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-21 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll [2010-03-01 1107608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\TRANSLAT\WEBIE.DLL [2004-11-17 360448]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-31 185872]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2010-04-07 79360]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-03-01 451224]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2010-03-25 2924544]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\WinFast\WFDTV\DVBTAP.exe"="C:\Program Files\WinFast\WFDTV\DVBTAP.exe:*:Enabled:WinFast DTV Application"
"C:\Program Files\WinFast\WFDTV\LiveUpdate\LiveUpdate.exe"="C:\Program Files\WinFast\WFDTV\LiveUpdate\LiveUpdate.exe:*:Enabled:WF LiveUpdate Application"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Documents and Settings\Bohuslav\Plocha\Skype.exe"="C:\Documents and Settings\Bohuslav\Plocha\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-08-06 21:41:00 ----A---- C:\ComboFix.txt
2010-08-06 16:43:00 ----D---- C:\WINDOWS\temp
2010-08-06 04:53:20 ----D---- C:\aec.sys
2010-08-06 00:36:31 ----D---- C:\Nová složka
2010-08-05 23:11:43 ----SHD---- C:\WINDOWS\CSC
2010-08-05 23:11:31 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-05 12:20:57 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2010-08-04 22:23:24 ----D---- C:\Documents and Settings\Bohuslav\Data aplikací\Malwarebytes
2010-08-04 22:23:16 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-04 22:23:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-08-04 22:23:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-04 22:23:14 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-04 00:00:47 ----A---- C:\Boot.bak
2010-08-04 00:00:40 ----RASHD---- C:\cmdcons
2010-08-03 23:54:19 ----A---- C:\WINDOWS\MBR.exe
2010-08-03 23:54:18 ----A---- C:\WINDOWS\zip.exe
2010-08-03 23:54:18 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-03 23:54:18 ----A---- C:\WINDOWS\SWSC.exe
2010-08-03 23:54:18 ----A---- C:\WINDOWS\SWREG.exe
2010-08-03 23:54:18 ----A---- C:\WINDOWS\sed.exe
2010-08-03 23:54:18 ----A---- C:\WINDOWS\PEV.exe
2010-08-03 23:54:18 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-03 23:54:18 ----A---- C:\WINDOWS\grep.exe
2010-08-03 23:52:41 ----D---- C:\WINDOWS\ERDNT
2010-08-03 23:38:26 ----D---- C:\Qoobox
2010-08-03 15:29:10 ----D---- C:\Program Files\trend micro
2010-08-03 15:29:03 ----D---- C:\rsit
2010-08-03 03:50:28 ----A---- C:\WINDOWS\system32\drivers\lbrtfdc.sys
2010-08-03 03:50:18 ----A---- C:\WINDOWS\system32\drivers\i2omgmt.sys
2010-08-03 03:50:10 ----A---- C:\WINDOWS\system32\drivers\Changer.sys
2010-07-15 16:14:16 ----D---- C:\Program Files\Common Files\Skype
2010-07-13 18:30:14 ----HDC---- C:\WINDOWS\$NtUninstallWudf01009$
2010-07-13 18:29:16 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2010-07-13 18:21:17 ----D---- C:\Program Files\Common Files\PCSuite
2010-07-13 18:21:03 ----D---- C:\Program Files\Common Files\Nokia
2010-07-13 18:18:59 ----D---- C:\Program Files\DIFX
2010-07-13 18:18:57 ----A---- C:\WINDOWS\system32\drivers\pccsmcfd.sys
2010-07-13 18:18:41 ----D---- C:\Program Files\PC Connectivity Solution
2010-07-13 18:18:27 ----A---- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2010-07-13 18:18:24 ----A---- C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010-07-13 18:18:23 ----A---- C:\WINDOWS\system32\wdfcoinstaller01009.dll
2010-07-13 18:18:23 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2010-07-13 18:18:23 ----A---- C:\WINDOWS\system32\drivers\ccdcmb.sys

======List of files/folders modified in the last 1 months======

2010-08-06 21:45:18 ----D---- C:\Documents and Settings\Bohuslav\Data aplikací\Skype
2010-08-06 21:41:28 ----D---- C:\WINDOWS
2010-08-06 21:41:28 ----A---- C:\WINDOWS\TRNCOM.INI
2010-08-06 21:41:05 ----D---- C:\WINDOWS\system32\drivers
2010-08-06 21:37:10 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-06 21:31:11 ----A---- C:\WINDOWS\system.ini
2010-08-06 21:30:44 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-06 21:29:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-06 21:29:05 ----D---- C:\WINDOWS\system32\config
2010-08-06 21:25:02 ----D---- C:\WINDOWS\system32
2010-08-06 21:25:02 ----D---- C:\WINDOWS\AppPatch
2010-08-06 21:24:55 ----D---- C:\Program Files\Common Files
2010-08-06 21:20:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-06 21:20:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-08-06 21:17:35 ----D---- C:\WINDOWS\Prefetch
2010-08-06 18:39:50 ----RD---- C:\Program Files
2010-08-06 16:44:07 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-08-06 16:23:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-08-05 12:24:11 ----D---- C:\Documents and Settings\Bohuslav\Data aplikací\Vso
2010-08-05 12:21:46 ----D---- C:\Program Files\DScaler
2010-08-05 11:49:23 ----D---- C:\Program Files\Driver Genius
2010-08-04 20:48:33 ----SHD---- C:\System Volume Information
2010-08-04 20:48:33 ----D---- C:\WINDOWS\system32\Restore
2010-08-04 16:54:55 ----D---- C:\Program Files\CCleaner
2010-08-04 00:00:47 ----RASH---- C:\boot.ini
2010-08-02 19:45:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-01 22:32:51 ----D---- C:\WinFast WorkArea
2010-07-28 13:31:19 ----SHD---- C:\WINDOWS\Installer
2010-07-28 13:31:17 ----SD---- C:\WINDOWS\Tasks
2010-07-27 22:10:00 ----SD---- C:\Documents and Settings\Bohuslav\Data aplikací\Microsoft
2010-07-27 13:11:16 ----A---- C:\WINDOWS\cdplayer.ini
2010-07-27 12:33:19 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-07-25 08:13:24 ----D---- C:\Program Files\Mozilla Firefox
2010-07-19 18:32:22 ----D---- C:\Documents and Settings\Bohuslav\Data aplikací\ICQ
2010-07-15 16:13:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-07-15 16:13:26 ----D---- C:\Program Files\Skype
2010-07-13 18:30:44 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-07-13 18:30:29 ----HD---- C:\WINDOWS\inf
2010-07-13 18:30:07 ----D---- C:\Documents and Settings\Bohuslav\Data aplikací\Nokia
2010-07-13 18:29:58 ----D---- C:\WINDOWS\system32\drivers\UMDF
2010-07-13 18:29:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2010-07-13 18:21:49 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-13 18:21:06 ----D---- C:\Program Files\Nokia
2010-07-13 18:18:57 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-13 18:16:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-07-13 05:03:15 ----D---- C:\Program Files\Burn4Free
2010-07-07 17:35:20 ----D---- C:\Program Files\ICQ7.1

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [2006-08-25 36528]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-04-14 225664]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R2 BT848;WinFast TV2000 XP WDM Video Capture; C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 59776]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 9600]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-21 462940]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 EL90X;3Com EtherLink XL 90X Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xnd5.sys [2001-10-24 153631]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-03-01 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 ASFWHide;ASFWHide; \??\C:\DOCUME~1\Bohuslav\LOCALS~1\Temp\ASFWHide []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\DScaler\DSDrv4.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hcwPVRP2;Hauppauge WinTV-PVR PCI II (Encoder-16); C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys [2005-09-15 824512]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mbr;mbr; \??\C:\DOCUME~1\Bohuslav\LOCALS~1\Temp\mbr.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-10-25 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20050610.011\symidsco.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\System32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
S3 WmHidLo;Logitech WingMan USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2004-04-14 14432]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-08-27 685816]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 99936]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-21 153376]
S2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2004-05-17 184320]
S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-03-30 435016]

-----------------EOF-----------------

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
C:\Program Files\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
C:\aec.sys
C:\Nová složka

File::
c:\program files\PC Tools Firewall Plus_40045_cz.exe

SecCenter::
FW: Kerio Personal Firewall *disabled* {CB8DE467-2367-41d1-87BA-D0AE12284F9A}

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[holvyy]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Bohuslav at 2010-08-06 22:22:43
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 28 GB (37%) free of 76 GB
Total RAM: 767 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:23:24, on 6.8.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Documents and Settings\Bohuslav\Plocha\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Bohuslav\Plocha\RSIT.exe
C:\Program Files\trend micro\Bohuslav.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80096&lng=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... =11&lng=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80096
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.200.221:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRA~1\ICQTOO~1\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pilsfree.czf
O17 - HKLM\Software\..\Telephony: DomainName = pilsfree.czf
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8587 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\TRANSLAT\WEBIE.DLL [2004-11-17 360448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-21 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll [2010-03-01 1107608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\TRANSLAT\WEBIE.DLL [2004-11-17 360448]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-31 185872]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2010-04-07 79360]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2010-03-01 451224]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2010-03-25 2924544]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\WinFast\WFDTV\DVBTAP.exe"="C:\Program Files\WinFast\WFDTV\DVBTAP.exe:*:Enabled:WinFast DTV Application"
"C:\Program Files\WinFast\WFDTV\LiveUpdate\LiveUpdate.exe"="C:\Program Files\WinFast\WFDTV\LiveUpdate\LiveUpdate.exe:*:Enabled:WF LiveUpdate Application"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Documents and Settings\Bohuslav\Plocha\Skype.exe"="C:\Documents and Settings\Bohuslav\Plocha\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-08-06 21:41:00 ----A---- C:\ComboFix.txt
2010-08-06 16:43:00 ----D---- C:\WINDOWS\temp
2010-08-06 04:53:20 ----D---- C:\aec.sys
2010-08-06 00:36:31 ----D---- C:\Nová složka
2010-08-05 23:11:43 ----SHD---- C:\WINDOWS\CSC
2010-08-05 23:11:31 ----A---- C:\WINDOWS\ntbtlog.txt
2010-08-05 12:20:57 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2010-08-04 22:23:24 ----D---- C:\Documents and Settings\Bohuslav\Data aplikací\Malwarebytes
2010-08-04 22:23:16 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-04 22:23:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-08-04 22:23:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-04 22:23:14 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-04 00:00:47 ----A---- C:\Boot.bak
2010-08-04 00:00:40 ----RASHD---- C:\cmdcons
2010-08-03 23:54:19 ----A---- C:\WINDOWS\MBR.exe
2010-08-03 23:54:18 ----A---- C:\WINDOWS\zip.exe
2010-08-03 23:54:18 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-03 23:54:18 ----A---- C:\WINDOWS\SWSC.exe
2010-08-03 23:54:18 ----A---- C:\WINDOWS\SWREG.exe
2010-08-03 23:54:18 ----A---- C:\WINDOWS\sed.exe
2010-08-03 23:54:18 ----A---- C:\WINDOWS\PEV.exe
2010-08-03 23:54:18 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-03 23:54:18 ----A---- C:\WINDOWS\grep.exe
2010-08-03 23:52:41 ----D---- C:\WINDOWS\ERDNT
2010-08-03 23:38:26 ----D---- C:\Qoobox
2010-08-03 15:29:10 ----D---- C:\Program Files\trend micro
2010-08-03 15:29:03 ----D---- C:\rsit
2010-08-03 03:50:28 ----A---- C:\WINDOWS\system32\drivers\lbrtfdc.sys
2010-08-03 03:50:18 ----A---- C:\WINDOWS\system32\drivers\i2omgmt.sys
2010-08-03 03:50:10 ----A---- C:\WINDOWS\system32\drivers\Changer.sys
2010-07-15 16:14:16 ----D---- C:\Program Files\Common Files\Skype
2010-07-13 18:30:14 ----HDC---- C:\WINDOWS\$NtUninstallWudf01009$
2010-07-13 18:29:16 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2010-07-13 18:21:17 ----D---- C:\Program Files\Common Files\PCSuite
2010-07-13 18:21:03 ----D---- C:\Program Files\Common Files\Nokia
2010-07-13 18:18:59 ----D---- C:\Program Files\DIFX
2010-07-13 18:18:57 ----A---- C:\WINDOWS\system32\drivers\pccsmcfd.sys
2010-07-13 18:18:41 ----D---- C:\Program Files\PC Connectivity Solution
2010-07-13 18:18:27 ----A---- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2010-07-13 18:18:24 ----A---- C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010-07-13 18:18:23 ----A---- C:\WINDOWS\system32\wdfcoinstaller01009.dll
2010-07-13 18:18:23 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2010-07-13 18:18:23 ----A---- C:\WINDOWS\system32\drivers\ccdcmb.sys

======List of files/folders modified in the last 1 months======

2010-08-06 21:45:18 ----D---- C:\Documents and Settings\Bohuslav\Data aplikací\Skype
2010-08-06 21:41:28 ----D---- C:\WINDOWS
2010-08-06 21:41:28 ----A---- C:\WINDOWS\TRNCOM.INI
2010-08-06 21:41:05 ----D---- C:\WINDOWS\system32\drivers
2010-08-06 21:37:10 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-06 21:31:11 ----A---- C:\WINDOWS\system.ini
2010-08-06 21:30:44 ----D---- C:\WINDOWS\system32\drivers\etc
2010-08-06 21:29:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-06 21:29:05 ----D---- C:\WINDOWS\system32\config
2010-08-06 21:25:02 ----D---- C:\WINDOWS\system32
2010-08-06 21:25:02 ----D---- C:\WINDOWS\AppPatch
2010-08-06 21:24:55 ----D---- C:\Program Files\Common Files
2010-08-06 21:20:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-06 21:20:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-08-06 21:17:35 ----D---- C:\WINDOWS\Prefetch
2010-08-06 18:39:50 ----RD---- C:\Program Files
2010-08-06 16:44:07 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-08-06 16:23:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-08-05 12:24:11 ----D---- C:\Documents and Settings\Bohuslav\Data aplikací\Vso
2010-08-05 12:21:46 ----D---- C:\Program Files\DScaler
2010-08-05 11:49:23 ----D---- C:\Program Files\Driver Genius
2010-08-04 20:48:33 ----SHD---- C:\System Volume Information
2010-08-04 20:48:33 ----D---- C:\WINDOWS\system32\Restore
2010-08-04 16:54:55 ----D---- C:\Program Files\CCleaner
2010-08-04 00:00:47 ----RASH---- C:\boot.ini
2010-08-02 19:45:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-01 22:32:51 ----D---- C:\WinFast WorkArea
2010-07-28 13:31:19 ----SHD---- C:\WINDOWS\Installer
2010-07-28 13:31:17 ----SD---- C:\WINDOWS\Tasks
2010-07-27 22:10:00 ----SD---- C:\Documents and Settings\Bohuslav\Data aplikací\Microsoft
2010-07-27 13:11:16 ----A---- C:\WINDOWS\cdplayer.ini
2010-07-27 12:33:19 ----D---- C:\Program Files\TuneUp Utilities 2010
2010-07-25 08:13:24 ----D---- C:\Program Files\Mozilla Firefox
2010-07-19 18:32:22 ----D---- C:\Documents and Settings\Bohuslav\Data aplikací\ICQ
2010-07-15 16:13:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-07-15 16:13:26 ----D---- C:\Program Files\Skype
2010-07-13 18:30:44 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-07-13 18:30:29 ----HD---- C:\WINDOWS\inf
2010-07-13 18:30:07 ----D---- C:\Documents and Settings\Bohuslav\Data aplikací\Nokia
2010-07-13 18:29:58 ----D---- C:\WINDOWS\system32\drivers\UMDF
2010-07-13 18:29:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2010-07-13 18:21:49 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-07-13 18:21:06 ----D---- C:\Program Files\Nokia
2010-07-13 18:18:57 ----D---- C:\WINDOWS\system32\CatRoot
2010-07-13 18:16:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-07-13 05:03:15 ----D---- C:\Program Files\Burn4Free
2010-07-07 17:35:20 ----D---- C:\Program Files\ICQ7.1

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [2006-08-25 36528]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-04-14 225664]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]
R2 BT848;WinFast TV2000 XP WDM Video Capture; C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 59776]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner; C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar; C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 9600]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-21 462940]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 EL90X;3Com EtherLink XL 90X Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xnd5.sys [2001-10-24 153631]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-03-01 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 ASFWHide;ASFWHide; \??\C:\DOCUME~1\Bohuslav\LOCALS~1\Temp\ASFWHide []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\DScaler\DSDrv4.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hcwPVRP2;Hauppauge WinTV-PVR PCI II (Encoder-16); C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys [2005-09-15 824512]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mbr;mbr; \??\C:\DOCUME~1\Bohuslav\LOCALS~1\Temp\mbr.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-10-25 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20050610.011\symidsco.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\System32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
S3 WmHidLo;Logitech WingMan USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2004-04-14 14432]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-08-27 685816]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 99936]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-21 153376]
S2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2004-05-17 184320]
S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-03-30 435016]

-----------------EOF-----------------