Nejde internet nebo jde jen chvíli

[PavelH69]

Nejde připojení na internet a nebo se spojí,ale pochvilce zase nejde.Někdy pomůže když vypnu firewall PC Tools + .
Prosím o kontrolu logu z combofixu. Spyware doctor našel a snad i odstranil trojana adclicker.Potom jsem ještě udělal combofix.Je nyný počítač už čistý ? Děkuji.

ComboFix 10-02-20.04 - Pavel 21.02.2010 11:44:23.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.501 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pavel\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-854245398-861567501-725345543-1004
c:\windows\d.ini
c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Soubory vytvořené od 2010-01-21 do 2010-02-21 )))))))))))))))))))))))))))))))
.

2010-02-21 10:31 . 2010-02-21 10:30 390144 ----a-w- c:\windows\system32\CF1678.exe
2010-02-19 21:15 . 2010-02-19 20:08 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-19 20:09 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-18 14:35 . 2010-02-18 14:37 -------- d-----w- c:\program files\German Truck Simulator
2010-02-17 16:45 . 2010-02-17 16:45 -------- d-----w- c:\program files\Packet Tracer 5.2
2010-02-17 14:42 . 2010-02-17 14:44 -------- d-----w- c:\program files\Prison Tycoon 4
2010-02-13 18:21 . 2010-02-13 18:21 -------- d-----w- c:\program files\Common Files\Skype
2010-02-12 17:51 . 2010-02-12 17:51 -------- d-----w- c:\program files\Common Files\Canon
2010-02-11 19:49 . 2010-02-11 19:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-10 22:12 . 1998-09-30 11:24 242448 ----a-w- c:\windows\system32\scedll.dll
2010-02-10 22:12 . 1998-03-31 15:37 29968 ----a-w- c:\windows\system32\Rshx32_5.dll
2010-02-10 22:12 . 1998-10-09 13:17 384784 ----a-w- c:\windows\system32\wsecedit.dll
2010-02-10 22:12 . 1998-09-30 11:26 49936 ----a-w- c:\windows\system32\SeCEdit.exe
2010-02-08 16:50 . 2010-02-08 20:08 8192 ----a-w- c:\windows\system32\default_user_class.dat
2010-02-08 16:50 . 2010-02-08 16:50 -------- d-----w- c:\program files\UPHClean
2010-02-08 15:46 . 2010-02-08 15:50 -------- d-----w- c:\program files\ElcomSoft
2010-02-08 14:20 . 2010-02-08 14:20 -------- d-----w- c:\program files\LangSoft
2010-02-06 20:37 . 2010-02-06 20:37 -------- d-----w- c:\program files\Futuremark
2010-01-29 12:35 . 2010-01-29 12:35 -------- d-----w- c:\program files\sixteen tons entertainment
2010-01-23 21:03 . 2010-01-23 21:04 -------- d-----w- c:\windows\system32\F1CE Screensaver dir
2010-01-23 21:03 . 2010-01-23 21:03 532480 ----a-w- c:\windows\system32\F1CE Screensaver.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-20 12:36 . 2009-01-16 17:12 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-20 10:19 . 2009-02-02 18:58 -------- d-----w- c:\program files\Spyware Terminator
2010-02-19 20:23 . 2008-03-20 16:25 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-19 20:08 . 2009-11-04 22:06 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-19 20:07 . 2009-06-07 06:32 -------- d-----w- c:\program files\Lavasoft
2010-02-17 14:42 . 2007-06-29 13:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-13 18:21 . 2009-03-22 18:04 -------- d-----r- c:\program files\Skype
2010-02-12 11:59 . 2009-02-05 00:07 -------- d-----w- c:\program files\Google
2010-02-11 19:49 . 2007-08-09 20:43 -------- d-----w- c:\program files\Common Files\Java
2010-02-11 19:49 . 2007-08-09 20:43 -------- d-----w- c:\program files\Java
2010-02-11 19:36 . 2004-08-18 12:00 83832 ----a-w- c:\windows\system32\perfc005.dat
2010-02-11 19:36 . 2004-08-18 12:00 440590 ----a-w- c:\windows\system32\perfh005.dat
2010-02-11 18:53 . 2007-07-25 17:46 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-11 18:53 . 2007-07-25 17:46 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-11 18:42 . 2007-07-25 17:46 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-11 18:42 . 2008-04-02 14:59 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-11 18:39 . 2007-07-25 17:46 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-11 18:38 . 2007-07-25 17:46 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-11 18:38 . 2007-07-25 17:46 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-11 18:38 . 2008-04-02 14:59 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-11 18:38 . 2007-07-25 17:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-11 18:28 . 2007-07-25 17:46 -------- d-----w- c:\program files\Alwil Software
2010-02-09 05:57 . 2008-12-16 19:57 -------- d-----w- c:\program files\ICQ6.5
2010-02-08 20:22 . 2008-12-26 19:47 -------- d-----w- c:\program files\Magic.EncyclopediaCZ
2010-02-08 20:21 . 2007-07-29 17:40 -------- d-----w- c:\program files\TuneUp Utilities 2007
2010-01-21 08:09 . 2008-04-17 18:15 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 14:03 . 2010-01-18 14:02 -------- d-----w- c:\program files\QuickTime
2010-01-18 14:02 . 2008-09-22 21:47 -------- d-----w- c:\program files\Common Files\Apple
2010-01-18 14:02 . 2010-01-18 14:02 -------- d-----w- c:\program files\Apple Software Update
2010-01-17 13:56 . 2007-07-28 10:28 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 15:28 . 2009-12-31 15:27 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-28 15:43 . 2007-07-25 18:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-28 14:53 . 2009-12-28 14:53 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-28 14:03 . 2007-07-25 19:11 -------- d-----w- c:\program files\FinePixViewer
2009-12-26 17:37 . 2007-08-27 09:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-21 19:08 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2007-06-29 12:53 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-15 18:16 . 2008-08-14 06:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-18 12:00 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-18 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-18 12:00 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-18 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2008-05-14 10:48 . 2008-07-24 15:24 65536 ----a-w- c:\program files\rw_data.dll
2002-07-12 01:08 . 2008-07-31 08:15 65536 ----a-w- c:\program files\rw_data.bak
2008-08-25 13:40 . 2008-08-25 13:40 61 --sh--w- c:\windows\cnerolf.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 20:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-06-03 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-24 2652056]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2006-07-14 49152]
"Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-12-15 611712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\P ja\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\Pavel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2007-9-26 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ExifLauncher2.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ExifLauncher2.lnk
backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"PinnacleDriverCheck"=c:\windows\system32\PSDrvCheck.exe -CheckReg
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SkyTel"=SkyTel.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\PoivY.com\\PoivY\\PoivY.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [19.2.2010 21:09 64288]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.9.2007 6:07 717296]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.4.2008 15:59 162512]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [16.1.2009 18:12 159600]
R1 prodrv03;Star Force copy protection driver v3;c:\windows\system32\drivers\prodrv03.sys [13.9.2008 10:41 115968]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2.2.2009 19:59 142592]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.7.2008 6:51 277736]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.4.2008 15:59 19024]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [21.3.2009 10:01 16872]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 16:52 1229232]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [16.1.2009 18:12 87784]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [16.1.2009 18:12 95640]
S2 gupdate1c98725e28b5d76;Google Update Service (gupdate1c98725e28b5d76);c:\program files\Google\Update\GoogleUpdate.exe [5.2.2009 1:08 133104]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [17.8.2005 23:00 7168]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [16.7.2009 20:45 36608]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [4.8.2007 14:58 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [4.8.2007 14:58 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [4.8.2007 14:58 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [4.8.2007 14:58 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [4.8.2007 14:58 86368]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [22.3.2009 18:56 15271]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26.9.2009 4:28 4639136]
S3 SliceDisk5;SliceDisk5;\??\c:\program files\A-FF Find and Mount\slicedisk.sys --> c:\program files\A-FF Find and Mount\slicedisk.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [19.7.2009 16:31 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [20.3.2009 9:01 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [20.3.2009 9:01 121856]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 16:21 30720]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [16.7.2009 20:45 233472]
S4 XVNUZRX;XVNUZRX;c:\docume~1\Pavel\LOCALS~1\Temp\XVNUZRX.exe --> c:\docume~1\Pavel\LOCALS~1\Temp\XVNUZRX.exe [?]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - uphcleanhlp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-02-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-05-20 17:17]

2010-02-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 20:08]

2010-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-05 11:26]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 00:08]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 00:08]

2010-02-21 c:\windows\Tasks\User_Feed_Synchronization-{11AB1786-333A-4CEE-959F-E51DEF1CCE8A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: mojebanka.cz
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\0nx7u09z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 11:52
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x86D6B1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74fbf28
\Driver\ACPI -> ACPI.sys @ 0xf7246cb8
\Driver\atapi -> sfsync02.sys @ 0xf74c88b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf70f0bb0
PacketIndicateHandler -> NDIS.sys @ 0xf70fda21
SendHandler -> NDIS.sys @ 0xf70db87b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2732)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-02-21 12:02:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-21 11:02

Před spuštěním: Volných bajtů: 24 308 219 904
Po spuštění: Volných bajtů: 24 164 233 216

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /usepmtimer /NoExecute=OptIn

- - End Of File - - 26C793869C707931DBE1F0B5E2E69E30

[earl]

Zdravim,

Proc hned ComboFix...?

A kdyz uz,tak ten se ma spoustet z plochy,pro priste.

otestujte na VIRUSTOTALu

c:\windows\system32\Rshx32_5.dll

c:\windows\system32\F1CE Screensaver.scr

c:\program files\rw_data.dll

c:\windows\system32\drivers\tap0901_2gm.sys

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledek sem vlozte)

Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.

[PavelH69]

Soubor Rshx32_5.dll přijatý 2010.02.21 11:59:16 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/41 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 2.
Odhadovaný čas začátku mezi 49 a 70 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.21 -
AhnLab-V3 5.0.0.2 2010.02.20 -
AntiVir 8.2.1.170 2010.02.19 -
Antiy-AVL 2.0.3.7 2010.02.19 -
Authentium 5.2.0.5 2010.02.20 -
Avast 4.8.1351.0 2010.02.21 -
AVG 9.0.0.730 2010.02.21 -
BitDefender 7.2 2010.02.21 -
CAT-QuickHeal 10.00 2010.02.19 -
ClamAV 0.96.0.0-git 2010.02.21 -
Comodo 4011 2010.02.21 -
DrWeb 5.0.1.12222 2010.02.21 -
eSafe 7.0.17.0 2010.02.18 -
eTrust-Vet 35.2.7315 2010.02.20 -
F-Prot 4.5.1.85 2010.02.20 -
F-Secure 9.0.15370.0 2010.02.19 -
Fortinet 4.0.14.0 2010.02.20 -
GData 19 2010.02.21 -
Ikarus T3.1.1.80.0 2010.02.21 -
Jiangmin 13.0.900 2010.02.21 -
K7AntiVirus 7.10.979 2010.02.20 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5898 2010.02.20 -
McAfee+Artemis 5898 2010.02.20 -
McAfee-GW-Edition 6.8.5 2010.02.19 -
Microsoft 1.5406 2010.02.21 -
NOD32 4883 2010.02.20 -
Norman 6.04.08 2010.02.21 -
nProtect 2009.1.8.0 2010.02.21 -
Panda 10.0.2.2 2010.02.21 -
PCTools 7.0.3.5 2010.02.21 -
Prevx 3.0 2010.02.21 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.21 -
Sunbelt 5690 2010.02.20 -
Symantec 20091.2.0.41 2010.02.21 -
TheHacker 6.5.1.5.202 2010.02.21 -
TrendMicro 9.120.0.1004 2010.02.21 -
VBA32 3.12.12.2 2010.02.21 -
ViRobot 2010.2.19.2194 2010.02.19 -
VirusBuster 5.0.27.0 2010.02.20 -

[PavelH69]

Soubor F1CE_Screensaver.scr přijatý 2010.02.21 12:06:01 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 1/41 (2.44%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 42 a 60 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.21 -
AhnLab-V3 5.0.0.2 2010.02.20 -
AntiVir 8.2.1.170 2010.02.19 -
Antiy-AVL 2.0.3.7 2010.02.19 -
Authentium 5.2.0.5 2010.02.20 -
Avast 4.8.1351.0 2010.02.21 -
AVG 9.0.0.730 2010.02.21 -
BitDefender 7.2 2010.02.21 -
CAT-QuickHeal 10.00 2010.02.19 -
ClamAV 0.96.0.0-git 2010.02.21 -
Comodo 4011 2010.02.21 -
DrWeb 5.0.1.12222 2010.02.21 -
eSafe 7.0.17.0 2010.02.18 -
eTrust-Vet 35.2.7315 2010.02.20 -
F-Prot 4.5.1.85 2010.02.20 -
F-Secure 9.0.15370.0 2010.02.19 -
Fortinet 4.0.14.0 2010.02.20 -
GData 19 2010.02.21 -
Ikarus T3.1.1.80.0 2010.02.21 -
Jiangmin 13.0.900 2010.02.21 -
K7AntiVirus 7.10.979 2010.02.20 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5898 2010.02.20 -
McAfee+Artemis 5898 2010.02.20 -
McAfee-GW-Edition 6.8.5 2010.02.19 -
Microsoft 1.5406 2010.02.21 -
NOD32 4883 2010.02.20 -
Norman 6.04.08 2010.02.21 -
nProtect 2009.1.8.0 2010.02.21 -
Panda 10.0.2.2 2010.02.21 -
PCTools 7.0.3.5 2010.02.21 -
Prevx 3.0 2010.02.21 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.21 -
Sunbelt 5690 2010.02.20 -
Symantec 20091.2.0.41 2010.02.21 Suspicious.Insight
TheHacker 6.5.1.5.202 2010.02.21 -
TrendMicro 9.120.0.1004 2010.02.21 -
VBA32 3.12.12.2 2010.02.21 -
ViRobot 2010.2.19.2194 2010.02.19 -
VirusBuster 5.0.27.0 2010.02.20 -

[PavelH69]

Soubor rw_data.dll přijatý 2010.02.21 12:12:58 (UTC)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.21 -
AhnLab-V3 5.0.0.2 2010.02.20 -
AntiVir 8.2.1.170 2010.02.19 -
Antiy-AVL 2.0.3.7 2010.02.19 -
Authentium 5.2.0.5 2010.02.20 -
Avast 4.8.1351.0 2010.02.21 -
AVG 9.0.0.730 2010.02.21 -
BitDefender 7.2 2010.02.21 -
CAT-QuickHeal 10.00 2010.02.19 -
ClamAV 0.96.0.0-git 2010.02.21 -
Comodo 4011 2010.02.21 -
DrWeb 5.0.1.12222 2010.02.21 -
eSafe 7.0.17.0 2010.02.18 -
eTrust-Vet 35.2.7315 2010.02.20 -
F-Prot 4.5.1.85 2010.02.20 -
F-Secure 9.0.15370.0 2010.02.19 -
Fortinet 4.0.14.0 2010.02.20 -
GData 19 2010.02.21 -
Ikarus T3.1.1.80.0 2010.02.21 -
Jiangmin 13.0.900 2010.02.21 -
K7AntiVirus 7.10.979 2010.02.20 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5898 2010.02.20 -
McAfee+Artemis 5898 2010.02.20 -
McAfee-GW-Edition 6.8.5 2010.02.19 -
Microsoft 1.5406 2010.02.21 -
NOD32 4883 2010.02.20 -
Norman 6.04.08 2010.02.21 -
nProtect 2009.1.8.0 2010.02.21 -
Panda 10.0.2.2 2010.02.21 -
PCTools 7.0.3.5 2010.02.21 -
Prevx 3.0 2010.02.21 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.21 -
Sunbelt 5690 2010.02.20 -
Symantec 20091.2.0.41 2010.02.21 -
TheHacker 6.5.1.5.202 2010.02.21 -
TrendMicro 9.120.0.1004 2010.02.21 -
VBA32 3.12.12.2 2010.02.21 -
ViRobot 2010.2.19.2194 2010.02.19 -
VirusBuster 5.0.27.0 2010.02.20 -
Rozšiřující informace
File size: 65536 bytes
MD5...: 0d098297880bc68d4bbac793e3ecc7d9
SHA1..: 175f7d360680dbac0c1a5a0680c8c881e77c3597
SHA256: 30783f20cdd5175dc106970492b39f6509d9b5a176d0f0fa171f0e7534eb1b5d
ssdeep: 768:R/KZMLZ7AWvvGh58sKv34rVo+zc4Y3kYlJWtvGe07bWQQcuoq1/pu+:8cZsY<br>+8ZwrVo+nYDlgt+ebo84<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x65cd<br>timedatestamp.....: 0x3d2e1e08 (Fri Jul 12 00:08:40 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x989b 0xa000 6.51 ef10a6e8bcea135999f38345f9236cfb<br>.rdata 0xb000 0xc5d 0x1000 4.54 31559e91132de25afcb89b78ea0623ea<br>.data 0xc000 0x7208 0x3000 1.94 d84092a183844c4f5c94f51d14c4d54d<br>.reloc 0x14000 0xa12 0x1000 4.33 96214b06628dbf2f3b258dd112a63bd3<br><br>( 2 imports ) <br>> KERNEL32.dll: LeaveCriticalSection, EnterCriticalSection, ReadFile, CreateFileA, GetLastError, SetFilePointer, CloseHandle, MoveFileA, SetFileAttributesA, GetFileAttributesA, DeleteFileA, CopyFileA, WriteFile, GetFileTime, InitializeCriticalSection, DeleteCriticalSection, GetStringTypeW, GetStringTypeA, LCMapStringW, RtlUnwind, GetCommandLineA, GetVersion, HeapFree, HeapReAlloc, HeapAlloc, ExitProcess, TerminateProcess, GetCurrentProcess, HeapSize, GetModuleHandleA, GetModuleFileNameA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, DisableThreadLibraryCalls, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetCPInfo, GetACP, GetOEMCP, GetProcAddress, LoadLibraryA, MultiByteToWideChar, LCMapStringA<br>> USER32.dll: MessageBoxA, wsprintfA<br><br>( 12 exports ) <br>_dtaBin2Text@8, _dtaClose@4, _dtaCreate@4, _dtaDelete@4, _dtaDumpMemoryLeaks@4, _dtaGetTime@12, _dtaOpen@8, _dtaOpenWrite@8, _dtaRead@12, _dtaSeek@12, _dtaSetDtaFirstForce@0, _dtaWrite@12<br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.21 -
AhnLab-V3 5.0.0.2 2010.02.20 -
AntiVir 8.2.1.170 2010.02.19 -
Antiy-AVL 2.0.3.7 2010.02.19 -
Authentium 5.2.0.5 2010.02.20 -
Avast 4.8.1351.0 2010.02.21 -
AVG 9.0.0.730 2010.02.21 -
BitDefender 7.2 2010.02.21 -
CAT-QuickHeal 10.00 2010.02.19 -
ClamAV 0.96.0.0-git 2010.02.21 -
Comodo 4011 2010.02.21 -
DrWeb 5.0.1.12222 2010.02.21 -
eSafe 7.0.17.0 2010.02.18 -
eTrust-Vet 35.2.7315 2010.02.20 -
F-Prot 4.5.1.85 2010.02.20 -
F-Secure 9.0.15370.0 2010.02.19 -
Fortinet 4.0.14.0 2010.02.20 -
GData 19 2010.02.21 -
Ikarus T3.1.1.80.0 2010.02.21 -
Jiangmin 13.0.900 2010.02.21 -
K7AntiVirus 7.10.979 2010.02.20 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5898 2010.02.20 -
McAfee+Artemis 5898 2010.02.20 -
McAfee-GW-Edition 6.8.5 2010.02.19 -
Microsoft 1.5406 2010.02.21 -
NOD32 4883 2010.02.20 -
Norman 6.04.08 2010.02.21 -
nProtect 2009.1.8.0 2010.02.21 -
Panda 10.0.2.2 2010.02.21 -
PCTools 7.0.3.5 2010.02.21 -
Prevx 3.0 2010.02.21 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.21 -
Sunbelt 5690 2010.02.20 -
Symantec 20091.2.0.41 2010.02.21 -
TheHacker 6.5.1.5.202 2010.02.21 -
TrendMicro 9.120.0.1004 2010.02.21 -
VBA32 3.12.12.2 2010.02.21 -
ViRobot 2010.2.19.2194 2010.02.19 -
VirusBuster 5.0.27.0 2010.02.20 -

Rozšiřující informace
File size: 65536 bytes
MD5...: 0d098297880bc68d4bbac793e3ecc7d9
SHA1..: 175f7d360680dbac0c1a5a0680c8c881e77c3597
SHA256: 30783f20cdd5175dc106970492b39f6509d9b5a176d0f0fa171f0e7534eb1b5d
ssdeep: 768:R/KZMLZ7AWvvGh58sKv34rVo+zc4Y3kYlJWtvGe07bWQQcuoq1/pu+:8cZsY<br>+8ZwrVo+nYDlgt+ebo84<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x65cd<br>timedatestamp.....: 0x3d2e1e08 (Fri Jul 12 00:08:40 2002)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x989b 0xa000 6.51 ef10a6e8bcea135999f38345f9236cfb<br>.rdata 0xb000 0xc5d 0x1000 4.54 31559e91132de25afcb89b78ea0623ea<br>.data 0xc000 0x7208 0x3000 1.94 d84092a183844c4f5c94f51d14c4d54d<br>.reloc 0x14000 0xa12 0x1000 4.33 96214b06628dbf2f3b258dd112a63bd3<br><br>( 2 imports ) <br>> KERNEL32.dll: LeaveCriticalSection, EnterCriticalSection, ReadFile, CreateFileA, GetLastError, SetFilePointer, CloseHandle, MoveFileA, SetFileAttributesA, GetFileAttributesA, DeleteFileA, CopyFileA, WriteFile, GetFileTime, InitializeCriticalSection, DeleteCriticalSection, GetStringTypeW, GetStringTypeA, LCMapStringW, RtlUnwind, GetCommandLineA, GetVersion, HeapFree, HeapReAlloc, HeapAlloc, ExitProcess, TerminateProcess, GetCurrentProcess, HeapSize, GetModuleHandleA, GetModuleFileNameA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, DisableThreadLibraryCalls, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetCPInfo, GetACP, GetOEMCP, GetProcAddress, LoadLibraryA, MultiByteToWideChar, LCMapStringA<br>> USER32.dll: MessageBoxA, wsprintfA<br><br>( 12 exports ) <br>_dtaBin2Text@8, _dtaClose@4, _dtaCreate@4, _dtaDelete@4, _dtaDumpMemoryLeaks@4, _dtaGetTime@12, _dtaOpen@8, _dtaOpenWrite@8, _dtaRead@12, _dtaSeek@12, _dtaSetDtaFirstForce@0, _dtaWrite@12<br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

[PavelH69]

Soubor tap0901_2gm.sys přijatý 2010.02.21 12:16:51 (UTC)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.21 -
AhnLab-V3 5.0.0.2 2010.02.20 -
AntiVir 8.2.1.170 2010.02.19 -
Antiy-AVL 2.0.3.7 2010.02.19 -
Authentium 5.2.0.5 2010.02.20 -
Avast 4.8.1351.0 2010.02.21 -
AVG 9.0.0.730 2010.02.21 -
BitDefender 7.2 2010.02.21 -
CAT-QuickHeal 10.00 2010.02.19 -
ClamAV 0.96.0.0-git 2010.02.21 -
Comodo 4011 2010.02.21 -
DrWeb 5.0.1.12222 2010.02.21 -
eSafe 7.0.17.0 2010.02.18 -
eTrust-Vet 35.2.7315 2010.02.20 -
F-Prot 4.5.1.85 2010.02.20 -
F-Secure 9.0.15370.0 2010.02.19 -
Fortinet 4.0.14.0 2010.02.20 -
GData 19 2010.02.21 -
Ikarus T3.1.1.80.0 2010.02.21 -
Jiangmin 13.0.900 2010.02.21 -
K7AntiVirus 7.10.979 2010.02.20 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5898 2010.02.20 -
McAfee+Artemis 5898 2010.02.20 -
McAfee-GW-Edition 6.8.5 2010.02.19 -
Microsoft 1.5406 2010.02.21 -
NOD32 4883 2010.02.20 -
Norman 6.04.08 2010.02.21 -
nProtect 2009.1.8.0 2010.02.21 -
Panda 10.0.2.2 2010.02.21 -
PCTools 7.0.3.5 2010.02.21 -
Prevx 3.0 2010.02.21 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.21 -
Sunbelt 5690 2010.02.20 -
Symantec 20091.2.0.41 2010.02.21 -
TheHacker 6.5.1.5.202 2010.02.21 -
TrendMicro 9.120.0.1004 2010.02.21 -
VBA32 3.12.12.2 2010.02.21 -
ViRobot 2010.2.19.2194 2010.02.19 -
VirusBuster 5.0.27.0 2010.02.20 -
Rozšiřující informace
File size: 30720 bytes
MD5...: 9d9feffa791cedebeec2725590e6024f
SHA1..: 558750e88e96b2b34512fff523aacff3f2f4b747
SHA256: 33652bc93bb81e247e114c5d7d17f02772278ed04b33d59736e6cd5994764b66
ssdeep: 384:kW+tEmjEEXF63shdipybjVGNijkQlcKLJh1acaikWQgFRbbx:knX4EXk3s3e<br>wVoWkycKPU4PR3x<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x9152<br>timedatestamp.....: 0x467a9796 (Thu Jun 21 15:21:58 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x57e4 0x5800 6.60 7f8d04a3b1b84d7d27b6677cdd2284d7<br>.rdata 0x7000 0x7f4 0x800 3.11 84f90b8353b781d980a821731411b79b<br>.data 0x8000 0x8e4 0x200 0.70 e66f4dec7a7df8ec322d2dae1079b4e0<br>INIT 0x9000 0x630 0x800 4.85 5a7edc5b742a65b650128a7b697b6a2e<br>.rsrc 0xa000 0x3f0 0x400 3.36 a06edd2af99100bb6ceff4703634479d<br>.reloc 0xb000 0x4b2 0x600 4.77 280fb8c39302a7cd8d3273ad423d8c4c<br><br>( 3 imports ) <br>> ntoskrnl.exe: KeBugCheckEx, KeTickCount, RtlUnicodeStringToAnsiString, KeInitializeSpinLock, MmMapLockedPagesSpecifyCache, MmMapLockedPages, RtlAnsiStringToUnicodeString, RtlCreateSecurityDescriptor, ZwOpenFile, ZwSetSecurityObject, ZwClose, IoReleaseCancelSpinLock, IofCompleteRequest, RtlFreeUnicodeString, RtlFreeAnsiString, _except_handler3, RtlUnicodeToMultiByteN<br>> HAL.dll: KfReleaseSpinLock, KeGetCurrentIrql, KfAcquireSpinLock<br>> NDIS.SYS: NdisMRegisterUnloadHandler, NdisMSetAttributesEx, NdisMRegisterAdapterShutdownHandler, NdisOpenConfiguration, NdisReadConfiguration, NdisCloseConfiguration, NdisTerminateWrapper, NdisMSetPeriodicTimer, NdisMCancelTimer, NdisMRegisterDevice, NdisMDeregisterDevice, NdisMDeregisterAdapterShutdownHandler, NdisMSleep, NdisMRegisterMiniport, NdisInitializeWrapper, NdisMInitializeTimer, NdisAllocateMemoryWithTag, NdisFreeMemory<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)<br>DOS Executable Generic (49.8%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:<br>publisher....: The OpenVPN Project<br>copyright....: OpenVPN Solutions LLC and Damion K. Wilson<br>product......: TAP-Win32 Virtual Network Driver<br>description..: TAP-Win32 Virtual Network Driver<br>original name: tap0901_2gm.sys<br>internal name: tap0901_2gm.sys<br>file version.: 2.1_rc4 9/3 built by: WinDDK<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
packers (Kaspersky): PE_Patch

[earl]

Soubor - c:\windows\system32\F1CE Screensaver.scr - mate v pc umyslne?

[PavelH69]

Soubor - c:\windows\system32\F1CE Screensaver.scr - mate v pc umyslne?

Ano je stažen umýslně, ale není již využíván a není potřeba. Mám porvést odinstalaci či případně jiné odstranění souborů?

[earl]

Stahnete si OTMoveIt3 , spustte (pokud mate vistu spuste run as administrator) a
do leveho policka se zlutym hornim okrajem Paste Instructions for Items to be Moved zkopirujte toto:

Kód: Vybrat vše

:processes
:files
c:\windows\system32\F1CE Screensaver.scr
c:\docume~1\Pavel\LOCALS~1\Temp\XVNUZRX.exe
:services
:reg
:commands
[emptytemp]
[resethosts]
[reboot]

Kliknete na MoveIt, v okne se zelenym hornim okrajem Results se objevi vysledek,obsah okna zkopirujte sem. Kdyby OTMoveIt vyzadoval restart - povolit. Nasledujici log najdete v C:\_OTMoveIt\MovedFiles\xxxxx.log (x je zastupny znak) ktery otevrete v poznamkovem bloku.

Pak popiste chovani pc.

[PavelH69]

All processes killed
========== PROCESSES ==========
========== FILES ==========
c:\windows\system32\F1CE Screensaver.scr moved successfully.
File/Folder c:\docume~1\Pavel\LOCALS~1\Temp\XVNUZRX.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Hanka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 1889855 bytes
->FireFox cache emptied: 55935618 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: oem
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->FireFox cache emptied: 2628534 bytes

User: Pavel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33036 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 97664091 bytes

User: Pája
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59514413 bytes
->Google Chrome cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 16224706 bytes
%systemroot%\System32 .tmp files removed: 7638984 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 16038064 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 246,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.9.0 log created on 02212010_142944

Files moved on Reboot...
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\0nx7u09z.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\0nx7u09z.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\0nx7u09z.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\0nx7u09z.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\0nx7u09z.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\0nx7u09z.default\XUL.mfl moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_46c.dat not found!

Registry entries deleted on Reboot...

[earl]

Jak to vypada s internetem ted?

[PavelH69]

Jak to vypada s internetem ted?

No vypadáto, že vše zatím funguje tak jak má.
A zapomněl jsem - děkuji !!

[earl]

Start - spustit - napiste ComboFix /Uninstall - a klepnout na OK
-----------------------------------------------------------------------------------------------------------------

Pouzijte T-Cleaner na vycisteni pc po utilitach pouzitych pri odvirovani.Postupujte dle instrukci na obrazovce.Pri detekci antivirem se jedna o falesny poplach.
-----------------------------------------------------------------------------------------------------------------

Vycistete pc Ccleanerem.

Vzdy nejprve Analyzovat a pak Spustit Cleaner.2x po sobe.

Windows-odskrtnout historii a historii automatickeho vyplnovani formularu - prisel byste o historii navstivenych stranek a o ulozena hesla ve formularich

(je to sice z pohledu zabezpeceni spatne,ale aspon pak uzivatel nenadava,kam ze mu to zmizelo )

Aplikace-u prohlizecu internetu odskrtnout Historii internetu.

Registry-nechat vse zaskrtle,Hledej problemy,Opravit vybrane problemy

(nechat ho udelat zalohu-ta je ulozena v Dokumentech-DULEZITE).

Taktez 2x-3x po sobe.

A nemate samozrejme zac.

[PavelH69]

Ten Combofix uninstall píše že nemůže najít. ostatní jsem udělal.Ještě se zeptám zda má smysl mít PC Tools Firewall+ když mám router/modem zyxel a v něm už je firewall. A pak které programy na antispyware považujete za vhodné - mám ad-aware,spyware terminator a spybot. Děkujia hezký večer.

[earl]

T-Cleaner odstranil ComboFix,takze to nemusite resit.

Mate router s firewallem - to je dobre.

Pokud chcete mit pc vice zabezpecene,ponechte i softwarovy firewall.

Ad-Adware i Terminator ponechte - Spybot odinstalujte,ma zastaraly engine.

Tot vse.