VIRY.CZ

ComboFix 12-12-23.01 - uzivatel 24.12.2012 15:03:52.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1534 [GMT 1:00]
Spuštěný z: c:\documents and settings\uzivatel\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\uzivatel\5769025146832167526
c:\documents and settings\uzivatel\WINDOWS
c:\windows\msmqinst.log
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-24 do 2012-12-24 )))))))))))))))))))))))))))))))
.
.
2012-12-24 10:54 . 2012-12-24 10:54 -------- d-----w- C:\_OTL
2012-12-24 09:40 . 2012-12-24 09:40 512 ----a-w- C:\PhysicalMBR.bin
2012-12-23 20:04 . 2012-12-23 20:04 -------- d-----w- C:\_OTM
2012-12-23 18:55 . 2012-12-23 20:02 -------- d-----w- c:\program files\trend micro
2012-12-23 18:55 . 2012-12-23 18:57 -------- d-----w- C:\rsit
2012-12-23 13:45 . 2012-12-23 13:45 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\Malwarebytes
2012-12-23 13:45 . 2012-12-23 13:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-12-23 10:05 . 2012-12-23 10:05 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\ICQ Search
2012-12-23 10:05 . 2012-12-23 10:05 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
2012-12-23 10:05 . 2012-12-23 10:05 -------- d-----w- c:\program files\Guard-ICQ
2012-12-23 10:04 . 2012-12-23 19:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ICQ
2012-12-22 18:59 . 2012-12-23 12:17 0 ---h--w- c:\documents and settings\uzivatel\Data aplikací\winsvcns.sys
2012-12-16 10:50 . 2012-12-16 10:50 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\TuneUp Software
2012-12-16 10:14 . 2012-12-16 10:14 -------- d-----w- c:\documents and settings\LocalService\Plocha
2012-12-16 10:02 . 2012-12-16 10:02 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\searchresultstb
2012-12-16 09:54 . 2012-11-02 14:57 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-12-16 09:54 . 2012-12-16 09:54 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\TuneUp Software
2012-12-16 09:53 . 2012-12-16 09:54 -------- d-----w- c:\program files\TuneUp Utilities 2013
2012-12-16 09:53 . 2012-12-16 09:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TuneUp Software
2012-12-16 09:53 . 2012-12-16 09:53 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-16 09:53 . 2012-12-16 09:53 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2012-12-16 09:51 . 2012-12-19 15:29 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\atube
2012-12-16 09:51 . 2012-12-16 09:52 -------- d-----w- c:\program files\atube
2012-12-16 09:51 . 2012-12-16 09:51 -------- d-----w- c:\program files\DsNET Corp
2012-12-16 08:53 . 2012-12-16 08:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SimilarSites
2012-12-16 08:53 . 2012-12-16 08:53 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Data aplikací\APN
2012-12-16 08:53 . 2012-12-24 10:55 -------- d-----w- c:\program files\SimilarSites
2012-12-16 08:53 . 2012-12-16 08:53 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\SimilarSites
2012-12-16 08:52 . 2012-12-16 08:52 -------- d-----w- c:\program files\PANDORA.TV
2012-12-16 08:51 . 2012-12-23 14:21 -------- d-----w- c:\program files\The KMPlayer
2012-12-16 08:07 . 2012-12-16 08:07 -------- d-----w- c:\program files\Easy GIF Animator
2012-12-07 17:41 . 2012-12-07 18:58 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2004-08-18 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 15:05 . 2012-11-06 19:02 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 15:05 . 2011-05-15 08:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:55 . 2004-08-18 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2004-08-18 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-30 22:51 . 2011-07-18 18:50 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2009-10-14 11:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2009-10-14 11:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2009-10-14 11:18 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2009-10-14 11:18 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2009-10-14 11:18 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2009-10-14 11:18 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2009-10-14 11:18 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-07-18 18:50 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2009-10-14 11:18 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-02 18:04 . 2004-08-18 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-12-08 16:05 . 2012-12-08 16:04 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\documents and settings\uzivatel\Local Settings\Data aplikací\Seznam.cz\postak.exe" [2010-03-01 451224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-19 339968]
.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-14 384512]
.
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-14 384512]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\uzivatel\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\atube\\dtUser.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11864:TCP"= 11864:TCP:BitComet 11864 TCP
"11864:UDP"= 11864:UDP:BitComet 11864 UDP
"14203:TCP"= 14203:TCP:BitComet 14203 TCP
"14203:UDP"= 14203:UDP:BitComet 14203 UDP
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18.7.2011 19:50 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.10.2009 12:18 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.10.2009 12:18 21256]
R2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe [16.2.2011 17:19 126904]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [16.12.2012 9:52 625304]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [11.12.2010 19:59 583640]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2.11.2012 15:57 1699168]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [19.9.2012 9:50 10088]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-24 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-12-07 22:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\lfa5ol5w.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2012-12-07 22:50; wrc@avast.com; c:\program files\Alwil Software\Avast5\WebRep\FF
FF - ExtSQL: !HIDDEN! 2010-12-27 18:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.BabylonToolbar_i.id - 08c0ee1300000000000000123f70c0f5
FF - user.js: extensions.BabylonToolbar_i.hardId - 08c0ee1300000000000000123f70c0f5
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15485
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:42
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112542
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-MpcStar - c:\documents and settings\uzivatel\Plocha\MpcStar\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-24 15:10
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.0.1.8\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-12-24 15:12:23
ComboFix-quarantined-files.txt 2012-12-24 14:12
.
Před spuštěním: Volných bajtů: 38 109 396 992
Po spuštění: Volných bajtů: 38 057 840 640
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D99F9B5233D0B2AFDEA43D497BAFE167

Ten navod jsi ale moc necetla, vid? CF neni na plose, Avast je zapnuty

Presun ComboFix na plochu! Jinak to ted nebude fungovat.

Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni programu bude hlasena chyba, staci restartovat pc a bude to v poradku





Zkus najit tento soubor c:\documents and settings\uzivatel\Data aplikací\winsvcns.sys a otestuj ho na virustotal, pripadne jotti http://forum.viry.cz/viewtopic.php?f=29&t=5846

jo to četla,ale nevím,jak mám ten antivir vypnout.

No a proc ses nezeptala uz predtim?
Klikni pravym mysidlem na ikonku avastu na liste vedle hodin.
Pak dej mys na Ovladani stitu a zvol treba Pozastavit do restartu

jo,tady to je

ComboFix 12-12-23.01 - uzivatel 24.12.2012 16:19:45.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1494 [GMT 1:00]
Spuštěný z: c:\documents and settings\uzivatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\uzivatel\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-24 do 2012-12-24 )))))))))))))))))))))))))))))))
.
.
2012-12-24 10:54 . 2012-12-24 10:54 -------- d-----w- C:\_OTL
2012-12-24 09:40 . 2012-12-24 09:40 512 ----a-w- C:\PhysicalMBR.bin
2012-12-23 20:04 . 2012-12-23 20:04 -------- d-----w- C:\_OTM
2012-12-23 18:55 . 2012-12-23 20:02 -------- d-----w- c:\program files\trend micro
2012-12-23 18:55 . 2012-12-23 18:57 -------- d-----w- C:\rsit
2012-12-23 13:45 . 2012-12-23 13:45 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\Malwarebytes
2012-12-23 13:45 . 2012-12-23 13:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-12-23 10:05 . 2012-12-23 10:05 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\ICQ Search
2012-12-23 10:05 . 2012-12-23 10:05 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
2012-12-23 10:05 . 2012-12-23 10:05 -------- d-----w- c:\program files\Guard-ICQ
2012-12-23 10:04 . 2012-12-23 19:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ICQ
2012-12-22 18:59 . 2012-12-23 12:17 0 ---h--w- c:\documents and settings\uzivatel\Data aplikací\winsvcns.sys
2012-12-16 10:50 . 2012-12-16 10:50 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\TuneUp Software
2012-12-16 10:14 . 2012-12-16 10:14 -------- d-----w- c:\documents and settings\LocalService\Plocha
2012-12-16 10:02 . 2012-12-16 10:02 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\searchresultstb
2012-12-16 09:54 . 2012-11-02 14:57 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-12-16 09:54 . 2012-12-16 09:54 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\TuneUp Software
2012-12-16 09:53 . 2012-12-16 09:54 -------- d-----w- c:\program files\TuneUp Utilities 2013
2012-12-16 09:53 . 2012-12-16 09:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TuneUp Software
2012-12-16 09:53 . 2012-12-16 09:53 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-16 09:53 . 2012-12-16 09:53 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2012-12-16 09:51 . 2012-12-19 15:29 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\atube
2012-12-16 09:51 . 2012-12-16 09:52 -------- d-----w- c:\program files\atube
2012-12-16 09:51 . 2012-12-16 09:51 -------- d-----w- c:\program files\DsNET Corp
2012-12-16 08:53 . 2012-12-16 08:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SimilarSites
2012-12-16 08:53 . 2012-12-16 08:53 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Data aplikací\APN
2012-12-16 08:53 . 2012-12-24 10:55 -------- d-----w- c:\program files\SimilarSites
2012-12-16 08:53 . 2012-12-16 08:53 -------- d-----w- c:\documents and settings\uzivatel\Data aplikací\SimilarSites
2012-12-16 08:52 . 2012-12-16 08:52 -------- d-----w- c:\program files\PANDORA.TV
2012-12-16 08:51 . 2012-12-23 14:21 -------- d-----w- c:\program files\The KMPlayer
2012-12-16 08:07 . 2012-12-16 08:07 -------- d-----w- c:\program files\Easy GIF Animator
2012-12-07 17:41 . 2012-12-07 18:58 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2004-08-18 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 15:05 . 2012-11-06 19:02 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 15:05 . 2011-05-15 08:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:55 . 2004-08-18 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2004-08-18 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-30 22:51 . 2011-07-18 18:50 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2009-10-14 11:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2009-10-14 11:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2009-10-14 11:18 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2009-10-14 11:18 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2009-10-14 11:18 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2009-10-14 11:18 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2009-10-14 11:18 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-07-18 18:50 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2009-10-14 11:18 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-02 18:04 . 2004-08-18 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-12-08 16:05 . 2012-12-08 16:04 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\documents and settings\uzivatel\Local Settings\Data aplikací\Seznam.cz\postak.exe" [2010-03-01 451224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-19 339968]
.
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-14 384512]
.
c:\documents and settings\uzivatel\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-5-14 384512]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Documents and Settings\\uzivatel\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\atube\\dtUser.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11864:TCP"= 11864:TCP:BitComet 11864 TCP
"11864:UDP"= 11864:UDP:BitComet 11864 UDP
"14203:TCP"= 14203:TCP:BitComet 14203 TCP
"14203:UDP"= 14203:UDP:BitComet 14203 UDP
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18.7.2011 19:50 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [14.10.2009 12:18 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.10.2009 12:18 21256]
R2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe [16.2.2011 17:19 126904]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [16.12.2012 9:52 625304]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [11.12.2010 19:59 583640]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2.11.2012 15:57 1699168]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [19.9.2012 9:50 10088]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-24 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-12-07 22:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\lfa5ol5w.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2012-12-07 22:50; wrc@avast.com; c:\program files\Alwil Software\Avast5\WebRep\FF
FF - ExtSQL: !HIDDEN! 2010-12-27 18:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-24 16:28
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.0.1.8\diMaster.dll\" /prefetch:1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1952)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\PANDORA.TV\PanService\PanProcess.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Celkový čas: 2012-12-24 16:33:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-24 15:33
ComboFix2.txt 2012-12-24 14:12
.
Před spuštěním: Volných bajtů: 37 820 264 448
Po spuštění: Volných bajtů: 37 915 938 816
.
- - End Of File - - 2556A19865E5E3769A173737F4C390B5

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

vyosek píše: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk(y)
Stahnete napriklad program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak si zmen hesla na skype, icq a dalsi podobne ptakoviny.

A napis, jak je na tom pc

mám to,zatim se mi tam nic neobjevuje,jakože to "podivejte se na mou fotku bla bla" tak snad už je to dobrý,kdyby něco,tak napišu,děkuju moc

Nemas zac Pocitac je ted cisty, takze by nic posilat nemel. Ale samozrejme muze ti to zase prijit od nekoho, kdo to ma zavirovane. V tom pripade na to nesmis kliknout, jinak si to zase zablesis

Tak pc nejakou dobu sleduj a pak dej vedet, jak to vypada. No a bud budem zase cistit, nebo to uzavrem. OK?
Zatim ahoj