Nejdou spustit .exe Win32:Rootkit-gen

[radval]

Prosím o pomoc se šmejdem. Kaspersky najde problém v Local settings/Temp kde se ten soubor jmenuje někdy wrqy.dat, jindy ywcflg.dat. Opravit jej neumí, d karantény ho dát neumí - lze jej smazat jen ručně. Malwarebytes Antimalware jich najde více, po čištění ovšem už nejde ani sám spustit, nejde spustit ani Spy Eraser. Nejvíc mi vadí že nejde Acrobat reader, jen najedou hodiny a konec. Taky nešly v exploreru sub domény, tedy na hlavní web jsem se dostal ale dál už ne, nefungovalo např.stahování, tady pomohlo jen vypnout webový štít Avastu.
Posílám výpis z logu HJ a RSIT:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 13:12:09, on 30.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
D:\OFFICE 2003\OFFICE11\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\calc.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HJT\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.29.36.93:554
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S39C.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: setup_9.0.0.722_29.03.2010_09-02.lnk = C:\Documents and Settings\Administrator\Plocha\Virus Removal Tool1\setup_9.0.0.722_29.03.2010_09-02\startup.exe
O4 - Startup: _uninst_setup_9.0.0.722_04.12.2009_23-36.exe.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\_uninst_setup_9.0.0.722_04.12.2009_23-36.exe.bat
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: winmm.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

--
End of file - 5280 bytes

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-03-30 13:50:59
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (27%) free of 8 GB
Total RAM: 247 MB (9% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:51:16, on 30.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
D:\INSTALACE pod XP\mbam-setup-1.45.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-0TRQ1.tmp\mbam-setup-1.45.tmp
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\OFFICE 2003\OFFICE11\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\calc.exe
D:\INSTALACE pod XP\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S39C.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: setup_9.0.0.722_29.03.2010_09-02.lnk = C:\Documents and Settings\Administrator\Plocha\Virus Removal Tool1\setup_9.0.0.722_29.03.2010_09-02\startup.exe
O4 - Startup: _uninst_setup_9.0.0.722_04.12.2009_23-36.exe.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\_uninst_setup_9.0.0.722_04.12.2009_23-36.exe.bat
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: winmm.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

--
End of file - 4932 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job

======Registry dump======

info.txt logfile of random's system information tool 1.06 2010-03-30 13:51:29

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.2 CE-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-CEA000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Aktualizace systému Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení produktu Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Canon iP3500 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3500_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3500_series /L0x0005
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
Free Video Flip and Rotate version 1.5-->"C:\Program Files\DVDVideoSoft\Free Video Flip and Rotate\unins000.exe"
FTDI USB Serial Converter Drivers-->C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel(R) 82845G Graphics Driver Software-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NokiaFREE Unlock Codes Calculator-->"C:\Program Files\NokiaFREE Unlock Codes Calculator\uninst.exe"
Oprava Hotfix systému Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Palm Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED8BB1CA-535A-408D-85C9-ED1986D2B85E}\setup.exe"
PIXresizer 1.0.8-->"C:\Program Files\PIXresizer\unins000.exe"
Screenshot Captor 2.70.01-->"C:\Program Files\ScreenshotCaptor\unins000.exe"
Sentinel Protection Installer 7.1.0-->MsiExec.exe /I{6A7CD56A-A266-40E5-9286-B5DD6FD4BC5D}
SigmaTel AC97 Audio Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
Software tiskárny EPSON-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Uniblue RegistryBooster 2-->"C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Uniblue SpeedUpMyPC 3-->"C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
Uniblue SpyEraser-->"C:\Program Files\Uniblue\SpyEraser\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Unlock Codes Calculator (remove only)-->"C:\Program Files\Unlock Codes Calculator (by Crux)\uninst.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update Service Pro-->C:\Program Files\Sony Ericsson\Update Service Pro\uninst.exe
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: MBL
Event Code: 6005
Message: Služba Event Log byla spuštěna.

Record Number: 5
Source Name: EventLog
Time Written: 20100325082833.000000+060
Event Type: Informace
User:

Computer Name: MBL
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 4
Source Name: EventLog
Time Written: 20100325082833.000000+060
Event Type: Informace
User:

Computer Name: MBL
Event Code: 6006
Message: Služba Event Log byla zastavena.

Record Number: 3
Source Name: EventLog
Time Written: 20100324163021.000000+060
Event Type: Informace
User:

Computer Name: MBL
Event Code: 7036
Message: Stav služby avast! Web Scanner byl změněn na: Spuštěno

Record Number: 2
Source Name: Service Control Manager
Time Written: 20100324162612.000000+060
Event Type: Informace
User:

Computer Name: MBL
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě avast! Web Scanner úspěšně odeslán.

Record Number: 1
Source Name: Service Control Manager
Time Written: 20100324162612.000000+060
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: MBL
Event Code: 1000
Message: Chybující aplikace usp.exe, verze 0.0.0.0, chybující modul unknown, verze 0.0.0.0, adresa chyby 0x00000000.

Record Number: 5
Source Name: Application Error
Time Written: 20100325111417.000000+060
Event Type: Chyba
User:

Computer Name: MBL
Event Code: 1000
Message: Chybující aplikace usp.exe, verze 0.0.0.0, chybující modul unknown, verze 0.0.0.0, adresa chyby 0x00000000.

Record Number: 4
Source Name: Application Error
Time Written: 20100325111038.000000+060
Event Type: Chyba
User:

Computer Name: MBL
Event Code: 1000
Message: Chybující aplikace usp.exe, verze 0.0.0.0, chybující modul unknown, verze 0.0.0.0, adresa chyby 0x00000000.

Record Number: 3
Source Name: Application Error
Time Written: 20100325110953.000000+060
Event Type: Chyba
User:

Computer Name: MBL
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 2
Source Name: SecurityCenter
Time Written: 20100325082859.000000+060
Event Type: Informace
User:

Computer Name: MBL
Event Code: 4
Message:
Record Number: 1
Source Name: SentinelProtectionServer
Time Written: 20100325082853.000000+060
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0103
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

[Caroprd111]

Zdravím

Log z RSIT není celý, zkopíroval jste ho sem správně Stačí mi log.txt

[radval]

Zdravím

Log z RSIT není celý, zkopíroval jste ho sem správně Stačí mi log.txt

Asi jsem to zblbnul, už mi z toho kompu hrabe... doufám že je to on Na konci přidávám 2 protokoly z Anti Malware první se šmejdy druhý už nic nenašel.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-03-30 14:05:46
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (27%) free of 8 GB
Total RAM: 247 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:06:04, on 30.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
D:\OFFICE 2003\OFFICE11\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\calc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Outlook Express\msimn.exe
D:\INSTALACE pod XP\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S39C.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: setup_9.0.0.722_29.03.2010_09-02.lnk = C:\Documents and Settings\Administrator\Plocha\Virus Removal Tool1\setup_9.0.0.722_29.03.2010_09-02\startup.exe
O4 - Startup: _uninst_setup_9.0.0.722_04.12.2009_23-36.exe.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\_uninst_setup_9.0.0.722_04.12.2009_23-36.exe.bat
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: winmm.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

--
End of file - 4866 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - D:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 191096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2002-10-15 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2002-10-15 114688]
"EPSON Stylus DX4000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-02-21 131072]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-03-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
setup_9.0.0.722_29.03.2010_09-02.lnk - C:\Documents and Settings\Administrator\Plocha\Virus Removal Tool1\setup_9.0.0.722_29.03.2010_09-02\startup.exe
_uninst_setup_9.0.0.722_04.12.2009_23-36.exe.lnk - C:\Documents and Settings\Administrator\Local Settings\Temp\_uninst_setup_9.0.0.722_04.12.2009_23-36.exe.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="winmm.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2002-10-15 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\wincmd\WINCMD32.EXE"="D:\wincmd\WINCMD32.EXE:*:Enabled:Windows Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\SIM\sim.exe"="C:\Program Files\SIM\sim.exe:*:Enabled:sim"
"D:\Program Files\DC++\DCPlusPlus.exe"="D:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Casino\ParadiseCasino\casino.exe"="C:\Casino\ParadiseCasino\casino.exe:*:Enabled:casino"
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server"
"C:\Program Files\Sony Ericsson\Update Service Pro\USP.exe"="C:\Program Files\Sony Ericsson\Update Service Pro\USP.exe:*:Enabled:Update Service Pro"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2010-03-30 13:51:02 ----D---- C:\Program Files\trend micro
2010-03-30 13:50:59 ----D---- C:\rsit
2010-03-30 13:10:57 ----D---- C:\Program Files\HJT
2010-03-30 10:52:15 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2010-03-30 10:51:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-03-30 10:51:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-29 15:35:04 ----D---- C:\Program Files\Trell
2010-03-25 12:27:01 ----D---- C:\Program Files\Sony Ericsson
2010-03-24 15:24:23 ----D---- C:\Program Files\Common Files\SafeNet Sentinel
2010-03-24 15:24:22 ----D---- C:\Program Files\SafeNet Sentinel
2010-03-24 12:17:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-03-24 11:30:29 ----A---- C:\rollback.ini
2010-03-24 11:14:19 ----D---- C:\Program Files\Common Files\ParetoLogic
2010-03-24 10:58:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-03-11 17:29:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$

======List of files/folders modified in the last 1 months======

2010-03-30 14:04:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-30 13:51:15 ----D---- C:\WINDOWS\Prefetch
2010-03-30 13:51:02 ----RD---- C:\Program Files
2010-03-30 13:46:20 ----D---- C:\WINDOWS\Temp
2010-03-30 13:34:44 ----D---- C:\WINDOWS\system32\drivers
2010-03-30 13:31:36 ----D---- C:\WINDOWS
2010-03-30 13:29:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-30 13:11:06 ----SHD---- C:\WINDOWS\Installer
2010-03-30 13:11:05 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-03-30 10:47:08 ----SHD---- C:\System Volume Information
2010-03-30 10:47:08 ----D---- C:\WINDOWS\system32\Restore
2010-03-30 09:36:06 ----HD---- C:\WINDOWS\inf
2010-03-30 09:32:06 ----D---- C:\Documents and Settings\Administrator\Data aplikací\sim
2010-03-30 09:05:13 ----D---- C:\Program Files\FlashFXP
2010-03-29 08:30:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-26 10:36:24 ----D---- C:\WINDOWS\Registration
2010-03-25 12:53:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-25 09:31:02 ----D---- C:\Program Files\Mozilla Firefox
2010-03-24 17:24:51 ----D---- C:\WINDOWS\system32\config
2010-03-24 15:48:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-24 15:48:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-24 15:24:23 ----D---- C:\Program Files\Common Files
2010-03-24 12:31:45 ----SD---- C:\WINDOWS\Tasks
2010-03-24 12:17:14 ----D---- C:\WINDOWS\WinSxS
2010-03-11 17:29:13 ----D---- C:\Program Files\Movie Maker
2010-03-11 17:28:30 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-11 17:26:39 ----D---- C:\WINDOWS\Debug
2010-03-09 13:24:05 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-08 11:29:18 ----D---- C:\Program Files\ScreenshotCaptor
2010-03-02 07:30:12 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-10-16 91678]
R1 69560261;69560261; C:\WINDOWS\system32\DRIVERS\69560261.sys [2009-09-25 128016]
R1 69879831;69879831; C:\WINDOWS\system32\DRIVERS\69879831.sys [2009-09-25 128016]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 setup_9.0.0.722_29.03.2010_09-02drv;setup_9.0.0.722_29.03.2010_09-02drv; C:\WINDOWS\system32\DRIVERS\6987983.sys [2009-10-09 315408]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2005-03-02 90168]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-10-16 71514]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-02-25 139776]
R3 FTDIBUS;STUMOBIL USB Unibox Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2004-02-04 24177]
R3 FTSER2K;STUMOBIL USB Unibox Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2004-02-04 57372]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2002-10-16 79323]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2010-03-24 27632]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2002-08-12 179664]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSMARTPrj;USB Smart device driver; C:\WINDOWS\System32\Drivers\UsbSmart.sys [2005-09-15 7680]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-06-19 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-06-19 25512]
S3 ntportio;ntportio; \??\D:\ODBLOK SE\SEMC_Tool_v87\ntportio.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 utm5nda4;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\utm5nda4.sys []
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2005-03-02 193592]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

1 protokol Antimalware (vše jsem pak smazal)

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3932

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

30.3.2010 12:32:14
mbam-log-2010-03-30 (12-32-14).txt

Typ skenu: Rychlý sken
Skenované objekty: 98676
Uplynulý čas: 11 minuta(y), 43 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 9
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 2
Infikované soubory: 5

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{831cbac2-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{86a44ef9-78fc-4e18-a564-b18f806f7f56} (Trojan.MultiDefender) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\activationmanager.activationmanager (Trojan.MultiDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\activationmanager.activationmanager.1 (Trojan.MultiDefender) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ActivationManager (Trojan.MultiDefender) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Program Files\ActivationManager (Trojan.MultiDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\SpyEraser (Rogue.SpyEraser) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Program Files\ActivationManager\Uninstall.exe (Trojan.MultiDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\SpyEraser\SpyEraser Help.lnk (Rogue.SpyEraser) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\SpyEraser\SpyEraser.lnk (Rogue.SpyEraser) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\SpyEraser\Uninstall SpyEraser.lnk (Rogue.SpyEraser) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Plocha\SpyEraser.lnk (Rogue.SpyEraser) -> Quarantined and deleted successfully.


2 protokol:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3932

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

30.3.2010 14:09:12
mbam-log-2010-03-30 (14-09-12).txt

Typ skenu: Rychlý sken
Skenované objekty: 99368
Uplynulý čas: 9 minuta(y), 50 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[Caroprd111]

Doporučuji odinstalovat:
D:\Program Files\DC++\DCPlusPlus.exe

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.


Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

[radval]

Doporučuji odinstalovat:
D:\Program Files\DC++\DCPlusPlus.exe

DC už tak 3 roky nepoužívám a ani v kompu nenacházím tuto složku, podivné....

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

Takže : nainstalovala se konzole zotavení, Win killnul aplikaci PEV.exe (netuším co je zač) Kombofix smazal soubor...system32/ieuinit.inf.

Výpis z logu :
ComboFix 10-03-29.04 - Administrator 30.03.2010 14:25:01.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.247.5 [GMT 2:00]
Spuštěný z: d:\instalace pod xp\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-28 do 2010-03-30 )))))))))))))))))))))))))))))))
.

2010-03-30 11:51 . 2010-03-30 12:05 -------- d-----w- c:\program files\trend micro
2010-03-30 11:50 . 2010-03-30 11:51 -------- d-----w- C:\rsit
2010-03-30 11:34 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 11:34 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-30 11:10 . 2010-03-30 11:10 -------- d-----w- c:\program files\HJT
2010-03-30 08:51 . 2010-03-30 11:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-30 07:34 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\69879832.sys
2010-03-30 07:34 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\69879831.sys
2010-03-30 07:34 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\6987983.sys
2010-03-29 13:35 . 2010-03-30 12:17 -------- d-----w- c:\program files\Trell
2010-03-25 10:27 . 2010-03-25 10:51 -------- d-----w- c:\program files\Sony Ericsson
2010-03-24 13:44 . 2010-03-24 13:43 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-03-24 13:24 . 2010-03-24 13:24 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2010-03-24 13:24 . 2010-03-24 13:24 -------- d-----w- c:\program files\SafeNet Sentinel
2010-03-24 12:22 . 2010-03-24 12:22 7168 ----a-w- c:\windows\system32\drivers\utm5nda4.sys
2010-03-24 12:15 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\69560262.sys
2010-03-24 12:15 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\69560261.sys
2010-03-24 12:15 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\6956026.sys
2010-03-24 09:14 . 2010-03-24 09:37 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-03-11 07:27 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-30 07:05 . 2008-04-03 08:46 -------- d-----w- c:\program files\FlashFXP
2010-03-29 06:30 . 2004-08-18 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 06:30 . 2004-08-18 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2010-03-09 11:24 . 2008-03-17 08:33 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2008-03-17 08:33 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2008-04-29 06:21 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2008-03-17 08:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2008-03-17 08:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2008-03-17 08:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2008-04-29 06:21 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2008-03-17 08:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-08 09:29 . 2009-07-29 10:33 -------- d-----w- c:\program files\ScreenshotCaptor
2010-02-24 12:49 . 2008-03-17 08:33 -------- d-----w- c:\program files\Alwil Software
2010-02-24 09:47 . 2008-10-08 08:19 -------- d-----w- c:\program files\NokiaFREE Unlock Codes Calculator
2010-02-11 18:53 . 2008-03-17 08:33 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-01 09:17 . 2010-02-01 09:15 -------- d-----w- c:\program files\Winamp
2009-12-31 16:50 . 2004-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-10-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-10-15 114688]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
setup_9.0.0.722_29.03.2010_09-02.lnk - c:\documents and settings\Administrator\Plocha\Virus Removal Tool1\setup_9.0.0.722_29.03.2010_09-02\startup.exe [2010-3-30 72208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\wincmd\\WINCMD32.EXE"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SIM\\sim.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service Pro\\USP.exe"=

R0 69560262;69560262 Boot Guard Driver;c:\windows\system32\drivers\69560262.sys [24.3.2010 14:15 37392]
R0 69879832;69879832 Boot Guard Driver;c:\windows\system32\drivers\69879832.sys [30.3.2010 9:34 37392]
R1 69560261;69560261;c:\windows\system32\drivers\69560261.sys [24.3.2010 14:15 128016]
R1 69879831;69879831;c:\windows\system32\drivers\69879831.sys [30.3.2010 9:34 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.4.2008 8:21 162640]
R1 setup_9.0.0.722_29.03.2010_09-02drv;setup_9.0.0.722_29.03.2010_09-02drv;c:\windows\system32\drivers\6987983.sys [30.3.2010 9:34 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.4.2008 8:21 19024]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [24.3.2010 15:44 27632]
R3 USBSMARTPrj;USB Smart device driver;c:\windows\system32\drivers\UsbSmart.sys [4.3.2008 13:23 7680]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [28.7.2008 9:06 13224]
S3 ntportio;ntportio;\??\d:\odblok se\SEMC_Tool_v87\ntportio.sys --> d:\odblok se\SEMC_Tool_v87\ntportio.sys [?]
S3 utm5nda4;AVZ Kernel Driver;c:\windows\system32\drivers\utm5nda4.sys [24.3.2010 14:22 7168]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - MBAMSwissArmy
.
Obsah adresáře 'Naplánované úlohy'

2010-03-25 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-04 08:13]

2008-04-04 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-04 08:13]

2008-04-04 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-04-04 07:14]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - d:\office~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\p3ev96gm.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-WgaLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-30 14:34
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1390067357-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{875105F7-D43A-B778-20AC-2E4B11DA425A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"kapicphedikdehifdeehaj"=hex:62,61,62,6f,00,02

[HKEY_USERS\S-1-5-21-1292428093-1390067357-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BCDFD1CF-9480-BE67-1AE2-A3F3EE3C892D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"kafhkjeccgjpehmgigeooa"=hex:62,61,6c,65,00,00
.
Celkový čas: 2010-03-30 14:38:23
ComboFix-quarantined-files.txt 2010-03-30 12:38

Před spuštěním: 2 158 518 272
Po spuštění: 2 221 228 032

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows 2000" /fastdetect

- - End Of File - - 40F89DDFE3A78C9AFCE5F4E4B7B507AC

[Caroprd111]

Jak to vypadá s PC

[radval]

Jak to vypadá s PC

Zatím nezlobí.... Acrobat otevřít jde (ale to šel i předtím ale jen po akci s Kasperským ale jen do restartu) tak doufám že to pomohlo....

Zatím vřelé díky za pomoc ......snad se už neozvu

[Caroprd111]

Otestujte to a potom se ozvěte.

[radval]

Otestujte to a potom se ozvěte.

Problém je vyřešen ( díky Vám)

Moc děkuji a jsem s pozdravem

Radek Valošek

[Caroprd111]

Poprosím o nový log z RSIT.

[radval]

Poprosím o nový log z RSIT.

Tak 2 dny byl pokoj, dnes už Adobe nejde spustit a AntiMalware taky ne.

Přikládám log z Combofixu + RSIT log:

ComboFix 10-03-29.04 - Administrator 01.04.2010 13:59:07.2.1 - x86
Spuštěný z: d:\instalace pod xp\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\system32\Drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\atapi.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-01 do 2010-04-01 )))))))))))))))))))))))))))))))
.

2010-03-30 11:51 . 2010-03-30 12:05 -------- d-----w- c:\program files\trend micro
2010-03-30 11:50 . 2010-03-30 11:51 -------- d-----w- C:\rsit
2010-03-30 11:34 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 11:34 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-30 11:10 . 2010-03-30 11:10 -------- d-----w- c:\program files\HJT
2010-03-30 08:51 . 2010-03-30 11:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 13:35 . 2010-03-31 09:41 -------- d-----w- c:\program files\Trell
2010-03-25 10:27 . 2010-03-25 10:51 -------- d-----w- c:\program files\Sony Ericsson
2010-03-24 13:44 . 2010-03-24 13:43 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-03-24 13:24 . 2010-03-24 13:24 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2010-03-24 13:24 . 2010-03-24 13:24 -------- d-----w- c:\program files\SafeNet Sentinel
2010-03-24 12:22 . 2010-03-24 12:22 7168 ----a-w- c:\windows\system32\drivers\utm5nda4.sys
2010-03-24 12:15 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\69560262.sys
2010-03-24 12:15 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\69560261.sys
2010-03-24 12:15 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\6956026.sys
2010-03-24 09:14 . 2010-03-24 09:37 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-03-11 07:27 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 04:43 . 2010-03-10 04:43 1025024 -c----w- c:\windows\system32\dllcache\browseui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 11:40 . 2008-04-03 08:46 -------- d-----w- c:\program files\FlashFXP
2010-03-29 06:30 . 2004-08-18 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 06:30 . 2004-08-18 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2010-03-09 11:24 . 2008-03-17 08:33 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2008-03-17 08:33 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2008-04-29 06:21 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2008-03-17 08:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2008-03-17 08:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2008-03-17 08:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2008-04-29 06:21 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2008-03-17 08:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-08 09:29 . 2009-07-29 10:33 -------- d-----w- c:\program files\ScreenshotCaptor
2010-02-26 05:43 . 2004-08-18 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-18 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 12:49 . 2008-03-17 08:33 -------- d-----w- c:\program files\Alwil Software
2010-02-24 09:47 . 2008-10-08 08:19 -------- d-----w- c:\program files\NokiaFREE Unlock Codes Calculator
2010-02-11 18:53 . 2008-03-17 08:33 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-01 09:17 . 2010-02-01 09:15 -------- d-----w- c:\program files\Winamp
.

((((((((((((((((((((((((((((( SnapShot@2010-03-30_12.34.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-20 08:12 . 2010-02-26 05:43 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-20 08:12 . 2009-12-22 05:09 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2008-04-21 06:45 . 2010-02-26 05:43 668160 c:\windows\system32\dllcache\wininet.dll
- 2008-04-21 06:45 . 2009-12-22 05:09 668160 c:\windows\system32\dllcache\wininet.dll
- 2008-06-26 08:14 . 2009-12-22 05:09 627200 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-26 08:14 . 2010-02-26 05:43 627200 c:\windows\system32\dllcache\urlmon.dll
+ 2010-02-26 05:43 . 2010-02-26 05:43 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2008-06-26 08:14 . 2010-03-10 04:43 1510400 c:\windows\system32\dllcache\shdocvw.dll
- 2008-06-26 08:14 . 2009-12-22 05:09 1510400 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-04-21 06:45 . 2010-02-26 05:43 3094016 c:\windows\system32\dllcache\mshtml.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-10-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-10-15 114688]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\wincmd\\WINCMD32.EXE"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SIM\\sim.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service Pro\\USP.exe"=

R0 69560262;69560262 Boot Guard Driver;c:\windows\system32\drivers\69560262.sys [24.3.2010 14:15 37392]
R1 69560261;69560261;c:\windows\system32\drivers\69560261.sys [24.3.2010 14:15 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.4.2008 8:21 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.4.2008 8:21 19024]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [24.3.2010 15:44 27632]
R3 USBSMARTPrj;USB Smart device driver;c:\windows\system32\drivers\UsbSmart.sys [4.3.2008 13:23 7680]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [28.7.2008 9:06 13224]
S3 ntportio;ntportio;\??\d:\odblok se\SEMC_Tool_v87\ntportio.sys --> d:\odblok se\SEMC_Tool_v87\ntportio.sys [?]
S3 utm5nda4;AVZ Kernel Driver;c:\windows\system32\drivers\utm5nda4.sys [24.3.2010 14:22 7168]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-25 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-04 08:13]

2008-04-04 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-04 08:13]

2008-04-04 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-04-04 07:14]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - d:\office~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\p3ev96gm.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: d:\program files\Adobe\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-01 14:11
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1292428093-1390067357-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{875105F7-D43A-B778-20AC-2E4B11DA425A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"kapicphedikdehifdeehaj"=hex:62,61,62,6f,00,02

[HKEY_USERS\S-1-5-21-1292428093-1390067357-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BCDFD1CF-9480-BE67-1AE2-A3F3EE3C892D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"kafhkjeccgjpehmgigeooa"=hex:62,61,6c,65,00,00
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-04-01 14:16:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-01 12:16
ComboFix2.txt 2010-03-30 12:38

Před spuštěním: 2 134 528 000
Po spuštění: 2 119 901 184

- - End Of File - - FBA3BB79E8CE8841085442C02150943B

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-04-01 14:50:59
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (24%) free of 8 GB
Total RAM: 247 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:29, on 1.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
D:\OFFICE 2003\OFFICE11\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Administrator\Plocha\Virus Removal Tool\setup_9.0.0.722_29.03.2010_09-02\setup_9.0.0.722_29.03.2010_09-02.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\INSTALACE pod XP\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: setup_9.0.0.722_29.03.2010_09-02.lnk = C:\Documents and Settings\Administrator\Plocha\Virus Removal Tool\setup_9.0.0.722_29.03.2010_09-02\startup.exe
O4 - Startup: _uninst_setup_9.0.0.722_04.12.2009_23-36.exe.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\_uninst_setup_9.0.0.722_04.12.2009_23-36.exe.bat
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

--
End of file - 4521 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - D:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 191096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2002-10-15 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2002-10-15 114688]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2769336]

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
setup_9.0.0.722_29.03.2010_09-02.lnk - C:\Documents and Settings\Administrator\Plocha\Virus Removal Tool\setup_9.0.0.722_29.03.2010_09-02\startup.exe
_uninst_setup_9.0.0.722_04.12.2009_23-36.exe.lnk - C:\Documents and Settings\Administrator\Local Settings\Temp\_uninst_setup_9.0.0.722_04.12.2009_23-36.exe.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2002-10-15 315392]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\wincmd\WINCMD32.EXE"="D:\wincmd\WINCMD32.EXE:*:Enabled:Windows Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\SIM\sim.exe"="C:\Program Files\SIM\sim.exe:*:Enabled:sim"
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server"
"C:\Program Files\Sony Ericsson\Update Service Pro\USP.exe"="C:\Program Files\Sony Ericsson\Update Service Pro\USP.exe:*:Enabled:Update Service Pro"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-04-01 14:35:54 ----D---- C:\WINDOWS\LastGood
2010-04-01 14:27:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-04-01 14:16:45 ----A---- C:\ComboFix.txt
2010-03-31 16:28:51 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-03-31 13:02:59 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-03-30 14:23:41 ----A---- C:\Boot.bak
2010-03-30 14:23:35 ----RASHD---- C:\cmdcons
2010-03-30 14:22:01 ----A---- C:\WINDOWS\PEV.exe
2010-03-30 14:22:01 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-30 14:22:01 ----A---- C:\WINDOWS\MBR.exe
2010-03-30 14:22:00 ----A---- C:\WINDOWS\zip.exe
2010-03-30 14:22:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-30 14:22:00 ----A---- C:\WINDOWS\SWSC.exe
2010-03-30 14:22:00 ----A---- C:\WINDOWS\SWREG.exe
2010-03-30 14:22:00 ----A---- C:\WINDOWS\sed.exe
2010-03-30 14:22:00 ----A---- C:\WINDOWS\grep.exe
2010-03-30 14:21:46 ----D---- C:\WINDOWS\ERDNT
2010-03-30 14:21:27 ----D---- C:\Qoobox
2010-03-30 13:51:02 ----D---- C:\Program Files\trend micro
2010-03-30 13:50:59 ----D---- C:\rsit
2010-03-30 13:10:57 ----D---- C:\Program Files\HJT
2010-03-30 10:52:15 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2010-03-30 10:51:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-03-30 10:51:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-29 15:35:04 ----D---- C:\Program Files\Trell
2010-03-25 12:27:01 ----D---- C:\Program Files\Sony Ericsson
2010-03-24 15:24:23 ----D---- C:\Program Files\Common Files\SafeNet Sentinel
2010-03-24 15:24:22 ----D---- C:\Program Files\SafeNet Sentinel
2010-03-24 12:17:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-03-24 11:30:29 ----A---- C:\rollback.ini
2010-03-24 11:14:19 ----D---- C:\Program Files\Common Files\ParetoLogic
2010-03-11 17:29:18 ----A---- C:\WINDOWS\imsins.BAK
2010-03-11 17:29:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$

======List of files/folders modified in the last 1 months======

2010-04-01 14:46:07 ----D---- C:\WINDOWS\Temp
2010-04-01 14:36:22 ----D---- C:\WINDOWS\system32\drivers
2010-04-01 14:36:21 ----HD---- C:\WINDOWS\inf
2010-04-01 14:35:54 ----D---- C:\WINDOWS
2010-04-01 14:35:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-01 14:30:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-01 14:28:20 ----SHD---- C:\WINDOWS\Installer
2010-04-01 14:11:36 ----A---- C:\WINDOWS\system.ini
2010-04-01 14:04:53 ----D---- C:\WINDOWS\system32
2010-04-01 14:04:53 ----D---- C:\WINDOWS\AppPatch
2010-04-01 14:04:48 ----D---- C:\Program Files\Common Files
2010-04-01 12:59:41 ----D---- C:\Program Files\Mozilla Firefox
2010-04-01 12:40:17 ----D---- C:\Documents and Settings\Administrator\Data aplikací\sim
2010-03-31 16:29:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-31 13:40:56 ----D---- C:\Program Files\FlashFXP
2010-03-31 08:31:12 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-30 14:37:16 ----SD---- C:\WINDOWS\Tasks
2010-03-30 14:23:42 ----RASH---- C:\boot.ini
2010-03-30 14:22:00 ----SHD---- C:\System Volume Information
2010-03-30 14:22:00 ----D---- C:\WINDOWS\system32\Restore
2010-03-30 14:21:46 ----D---- C:\WINDOWS\Prefetch
2010-03-30 13:51:02 ----RD---- C:\Program Files
2010-03-30 13:11:05 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-03-29 08:30:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-26 10:36:24 ----D---- C:\WINDOWS\Registration
2010-03-25 12:53:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-24 17:24:51 ----D---- C:\WINDOWS\system32\config
2010-03-24 15:48:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-24 12:17:14 ----D---- C:\WINDOWS\WinSxS
2010-03-11 17:29:13 ----D---- C:\Program Files\Movie Maker
2010-03-11 17:26:39 ----D---- C:\WINDOWS\Debug
2010-03-10 06:43:10 ----A---- C:\WINDOWS\system32\shdocvw.dll
2010-03-10 06:43:04 ----A---- C:\WINDOWS\system32\browseui.dll
2010-03-09 13:24:05 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-03-08 11:29:18 ----D---- C:\Program Files\ScreenshotCaptor
2010-03-02 07:30:12 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-10-16 91678]
R1 69560261;69560261; C:\WINDOWS\system32\DRIVERS\69560261.sys [2009-09-25 128016]
R1 91531021;91531021; C:\WINDOWS\system32\DRIVERS\91531021.sys [2009-09-25 128016]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 setup_9.0.0.722_29.03.2010_09-02drv;setup_9.0.0.722_29.03.2010_09-02drv; C:\WINDOWS\system32\DRIVERS\9153102.sys [2009-10-09 315408]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2005-03-02 90168]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-10-16 71514]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-02-25 139776]
R3 FTDIBUS;STUMOBIL USB Unibox Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2004-02-04 24177]
R3 FTSER2K;STUMOBIL USB Unibox Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2004-02-04 57372]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2002-10-16 79323]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2010-03-24 27632]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2002-08-12 179664]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSMARTPrj;USB Smart device driver; C:\WINDOWS\System32\Drivers\UsbSmart.sys [2005-09-15 7680]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-06-19 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-06-19 25512]
S3 ntportio;ntportio; \??\D:\ODBLOK SE\SEMC_Tool_v87\ntportio.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 utm5nda4;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\utm5nda4.sys []
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2005-03-02 193592]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-03-09 40384]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Caroprd111]

Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

[radval]

[quote="Caroprd111"] Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Nemám žádný emulátor mechnik....

Ten SPTB inst nejde spustit, XP napíšou, že to není platná aplikace typu Win 32

[radval]

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Tady je :

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 1 !




Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878[/quote]

[radval]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-01 15:18:44
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdypow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF0C214FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF0C21322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF0C2145C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----