VIRY.CZ

ComboFix 12-11-27.01 - beruška 01.12.2012 15:32:56.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.1788.584 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6df57e37eac0.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\User_Feed_Synchronization-{B8EE2E3A-3A0B-4445-9FDB-938628A49438}.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NAUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-01 do 2012-12-01 )))))))))))))))))))))))))))))))
.
.
2012-12-01 14:48 . 2012-12-01 14:52 -------- d-----w- c:\users\beruška\AppData\Local\temp
2012-11-26 19:39 . 2012-11-26 19:39 -------- d-----w- c:\program files\trend micro
2012-11-26 19:39 . 2012-11-26 19:39 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-23 15:45 . 2012-04-07 10:34 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-23 15:45 . 2012-01-29 13:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-12 05:56 . 2012-10-28 17:59 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA6D0B39-A82E-4F54-97F1-B91AB10806DC}\mpengine.dll
2012-09-13 13:28 . 2012-10-15 16:18 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-09 2393376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-02-18 506424]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-08-08 319000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-16 61440]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-03 287288]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-30 483428]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\users\beruška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IMVU.lnk - c:\users\beruška\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-09 14:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 15:45]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6df57e37eac0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 15:31]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 15:31]
.
2011-03-25 c:\windows\Tasks\User_Feed_Synchronization-{B8EE2E3A-3A0B-4445-9FDB-938628A49438}.job
- c:\windows\system32\msfeedssync.exe [2012-09-27 08:30]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\beruška\AppData\Roaming\Mozilla\Firefox\Profiles\fkn81v48.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-01 15:51
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\PDF Complete\pdfsvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-12-01 16:00:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-01 14:59
ComboFix2.txt 2012-11-27 20:03
.
Před spuštěním: Volných bajtů: 192 077 590 528
Po spuštění: Volných bajtů: 191 688 581 120
.
- - End Of File - - 958F550F57E48EA2EF582EC935CCD173

Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:files
c:\windows\Tasks\*.job
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

ComboFix 12-11-27.01 - beruška 01.12.2012 15:32:56.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.1788.584 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6df57e37eac0.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\User_Feed_Synchronization-{B8EE2E3A-3A0B-4445-9FDB-938628A49438}.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NAUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-01 do 2012-12-01 )))))))))))))))))))))))))))))))
.
.
2012-12-01 14:48 . 2012-12-01 14:52 -------- d-----w- c:\users\beruška\AppData\Local\temp
2012-11-26 19:39 . 2012-11-26 19:39 -------- d-----w- c:\program files\trend micro
2012-11-26 19:39 . 2012-11-26 19:39 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-23 15:45 . 2012-04-07 10:34 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-23 15:45 . 2012-01-29 13:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-12 05:56 . 2012-10-28 17:59 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA6D0B39-A82E-4F54-97F1-B91AB10806DC}\mpengine.dll
2012-09-13 13:28 . 2012-10-15 16:18 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-09 2393376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-02-18 506424]
"HPCam_Menu"="c:\program files\Hewlett-Packard\HP Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-08-08 319000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-16 61440]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-03 287288]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-30 483428]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\users\beruška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IMVU.lnk - c:\users\beruška\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-09 14:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 15:45]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6df57e37eac0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 15:31]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 15:31]
.
2011-03-25 c:\windows\Tasks\User_Feed_Synchronization-{B8EE2E3A-3A0B-4445-9FDB-938628A49438}.job
- c:\windows\system32\msfeedssync.exe [2012-09-27 08:30]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\beruška\AppData\Roaming\Mozilla\Firefox\Profiles\fkn81v48.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-01 15:51
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2159adbc\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\PDF Complete\pdfsvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-12-01 16:00:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-01 14:59
ComboFix2.txt 2012-11-27 20:03
.
Před spuštěním: Volných bajtů: 192 077 590 528
Po spuštění: Volných bajtů: 191 688 581 120
.
- - End Of File - - 958F550F57E48EA2EF582EC935CCD173

omyl preklikl jsem se

Fajn, pockam si na OTM

All processes killed
========== FILES ==========
c:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6df57e37eac0.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
c:\windows\Tasks\User_Feed_Synchronization-{B8EE2E3A-3A0B-4445-9FDB-938628A49438}.job moved successfully.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: beruška
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 737613269 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 87477879 bytes
->Google Chrome cache emptied: 6632070 bytes
->Opera cache emptied: 9641142 bytes
->Flash cache emptied: 85710 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52250 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 164272 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 803,00 mb

[EMPTYFLASH]

User: All Users

User: beruška
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: beruška
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0,00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 12022012_200749

Files moved on Reboot...

Registry entries deleted on Reboot...

Fajn, jak se chova PC

vypada to dobre jenom se mi zda zasekany. mas nejakou radu na dobry antivirus volne dostupny? muzes se mi jeste kouknout preventivne na druhe pc?

Druhe PC jsem nam oddelil at se nam neplete, tema je zde http://forum.viry.cz/viewtopic.php?f=30&t=126249

Z free antiviru doporucuji Avast Free

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

policie mi zablokovala pocitac pomoc!

Re: policie mi zablokovala pocitac pomoc!

Re: policie mi zablokovala pocitac pomoc!

Re: policie mi zablokovala pocitac pomoc!

Re: policie mi zablokovala pocitac pomoc!

Re: policie mi zablokovala pocitac pomoc!

Re: policie mi zablokovala pocitac pomoc!

Re: policie mi zablokovala pocitac pomoc!

Re: policie mi zablokovala pocitac pomoc!

Re: policie mi zablokovala pocitac pomoc!