Prosím o kontrolu

Zpráva

smallhouse · #1 Příspěvek od **smallhouse** » 07 lis 2010 08:58

Dobrý den, prosil bych o kontrolu, nevím čím to je, ale sestry notebook není zrovna ve formě. Díky

Logfile of random's system information tool 1.08 (written by random/random)
Run by Eliska at 2010-11-07 08:47:14
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 23 GB (44%) free of 53 GB
Total RAM: 765 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:47:49, on 7.11.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Eliska\Downloads\RSIT.exe
C:\Program Files\trend micro\Eliska.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: eNetHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7570 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{0C83874B-3EA5-4EB1-934B-2F5DD07AE1C5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2007-01-02 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-16 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-21 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-16 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-01-02 151552]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-16 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-01 4186112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"Acer Tour"= []
"SetPanel"= []
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-12-08 614400]
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"eRecoveryService"= []
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-09-07 2838912]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"????r"= []
"Acer Tour Reminder"= []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"OEXPRESS"= []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-16 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
C:\Acer\AcerTour\Reminder.exe [2007-01-14 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-01-02 464168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\PROGRA~1\ICQ6\ICQ.exe silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE REBOOT []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton Internet Security\osCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
??????????????e []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="eNetHook.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-11-07 08:47:16 ----D---- C:\Program Files\trend micro
2010-11-07 08:47:14 ----D---- C:\rsit
2010-11-06 23:47:54 ----D---- C:\Program Files\CCleaner
2010-11-06 23:26:30 ----D---- C:\ProgramData\Adobe
2010-11-06 23:25:41 ----D---- C:\Program Files\Common Files\Adobe
2010-11-06 23:25:41 ----D---- C:\Program Files\Adobe
2010-11-06 22:35:40 ----D---- C:\Windows\system32\eu-ES
2010-11-06 22:35:40 ----D---- C:\Windows\system32\ca-ES
2010-11-06 22:35:38 ----D---- C:\Windows\system32\vi-VN
2010-10-27 12:55:28 ----A---- C:\Windows\system32\gameux.dll
2010-10-27 12:55:24 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-10-27 12:55:21 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-10-20 12:12:16 ----D---- C:\ProgramData\WindowsSearch
2010-10-13 10:40:56 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-13 10:40:56 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-13 10:40:56 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-13 10:40:55 ----A---- C:\Windows\system32\netevent.dll
2010-10-13 10:40:55 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-13 10:40:04 ----A---- C:\Windows\system32\mshtml.dll
2010-10-13 10:40:01 ----A---- C:\Windows\system32\ieframe.dll
2010-10-13 10:39:59 ----A---- C:\Windows\system32\urlmon.dll
2010-10-13 10:39:59 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-13 10:39:59 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-13 10:39:59 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-13 10:39:58 ----A---- C:\Windows\system32\wininet.dll
2010-10-13 10:39:58 ----A---- C:\Windows\system32\mstime.dll
2010-10-13 10:39:58 ----A---- C:\Windows\system32\iertutil.dll
2010-10-13 10:39:58 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-13 10:39:57 ----A---- C:\Windows\system32\occache.dll
2010-10-13 10:39:57 ----A---- C:\Windows\system32\ieUnatt.exe
2010-10-13 10:39:57 ----A---- C:\Windows\system32\ieui.dll
2010-10-13 10:39:57 ----A---- C:\Windows\system32\iepeers.dll
2010-10-13 10:39:56 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-13 10:39:56 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-13 10:39:56 ----A---- C:\Windows\system32\iesysprep.dll
2010-10-13 10:39:56 ----A---- C:\Windows\system32\iesetup.dll
2010-10-13 10:39:56 ----A---- C:\Windows\system32\iernonce.dll
2010-10-13 10:39:56 ----A---- C:\Windows\system32\ie4uinit.exe
2010-10-13 10:39:55 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-13 10:39:41 ----A---- C:\Windows\system32\wmp.dll
2010-10-13 10:39:38 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-13 10:39:12 ----A---- C:\Windows\system32\schannel.dll
2010-10-13 10:39:07 ----A---- C:\Windows\system32\ole32.dll
2010-10-13 10:39:02 ----A---- C:\Windows\system32\t2embed.dll
2010-10-13 10:38:59 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-13 10:38:59 ----A---- C:\Windows\system32\mfc40.dll
2010-10-13 10:38:55 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-13 10:38:52 ----A---- C:\Windows\system32\win32k.sys
2010-10-13 10:38:46 ----A---- C:\Windows\system32\comctl32.dll

======List of files/folders modified in the last 1 months======

2010-11-07 08:47:27 ----D---- C:\Windows\Prefetch
2010-11-07 08:47:20 ----D---- C:\Windows\Temp
2010-11-07 08:47:16 ----RD---- C:\Program Files
2010-11-07 00:14:41 ----D---- C:\Windows\System32
2010-11-07 00:14:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-07 00:14:40 ----D---- C:\Windows\inf
2010-11-07 00:00:20 ----D---- C:\Windows\Minidump
2010-11-07 00:00:20 ----D---- C:\Windows\Debug
2010-11-07 00:00:20 ----D---- C:\Windows
2010-11-06 23:59:36 ----D---- C:\Windows\rescache
2010-11-06 23:47:31 ----D---- C:\Program Files\Google
2010-11-06 23:46:08 ----SHD---- C:\Windows\Installer
2010-11-06 23:45:24 ----D---- C:\Windows\Tasks
2010-11-06 23:45:24 ----D---- C:\Windows\system32\Tasks
2010-11-06 23:36:17 ----HD---- C:\ProgramData
2010-11-06 23:28:12 ----D---- C:\Windows\winsxs
2010-11-06 23:25:41 ----D---- C:\Program Files\Common Files
2010-11-06 23:25:08 ----SHD---- C:\System Volume Information
2010-11-06 23:19:08 ----D---- C:\Users\Eliska\AppData\Roaming\Mozilla
2010-11-06 23:18:46 ----D---- C:\Program Files\Mozilla Firefox
2010-11-06 23:08:49 ----D---- C:\Windows\Microsoft.NET
2010-11-06 23:08:21 ----RSD---- C:\Windows\assembly
2010-11-06 22:55:23 ----D---- C:\Windows\system32\catroot
2010-11-06 22:55:06 ----SHD---- C:\Boot
2010-11-06 22:37:18 ----D---- C:\Program Files\Windows Mail
2010-11-06 22:37:18 ----D---- C:\Program Files\Windows Calendar
2010-11-06 22:37:18 ----D---- C:\Program Files\Movie Maker
2010-11-06 22:37:17 ----D---- C:\Program Files\Windows Sidebar
2010-11-06 22:37:17 ----D---- C:\Program Files\Internet Explorer
2010-11-06 22:37:16 ----D---- C:\Program Files\Windows Media Player
2010-11-06 22:37:16 ----D---- C:\Program Files\Windows Journal
2010-11-06 22:37:16 ----D---- C:\Program Files\Windows Collaboration
2010-11-06 22:37:15 ----D---- C:\Program Files\Windows Photo Gallery
2010-11-06 22:37:15 ----D---- C:\Program Files\Common Files\System
2010-11-06 22:37:10 ----D---- C:\Program Files\Windows Defender
2010-11-06 22:37:09 ----D---- C:\Windows\servicing
2010-11-06 22:37:09 ----D---- C:\Windows\ehome
2010-11-06 22:36:55 ----D---- C:\Windows\system32\XPSViewer
2010-11-06 22:36:55 ----D---- C:\Windows\system32\sk-SK
2010-11-06 22:36:55 ----D---- C:\Windows\system32\lv-LV
2010-11-06 22:36:55 ----D---- C:\Windows\system32\ko-KR
2010-11-06 22:36:55 ----D---- C:\Windows\system32\hr-HR
2010-11-06 22:36:55 ----D---- C:\Windows\system32\et-EE
2010-11-06 22:36:55 ----D---- C:\Windows\system32\da-DK
2010-11-06 22:36:55 ----D---- C:\Windows\IME
2010-11-06 22:36:54 ----D---- C:\Windows\system32\en-US
2010-11-06 22:36:54 ----D---- C:\Windows\system32\de-DE
2010-11-06 22:36:53 ----D---- C:\Windows\system32\oobe
2010-11-06 22:36:53 ----D---- C:\Windows\system32\migration
2010-11-06 22:36:53 ----D---- C:\Windows\system32\it-IT
2010-11-06 22:36:53 ----D---- C:\Windows\system32\el-GR
2010-11-06 22:36:48 ----D---- C:\Windows\system32\sv-SE
2010-11-06 22:36:48 ----D---- C:\Windows\system32\setup
2010-11-06 22:36:48 ----D---- C:\Windows\system32\ru-RU
2010-11-06 22:36:48 ----D---- C:\Windows\system32\he-IL
2010-11-06 22:36:48 ----D---- C:\Windows\system32\fr-FR
2010-11-06 22:36:48 ----D---- C:\Windows\system32\AdvancedInstallers
2010-11-06 22:36:47 ----D---- C:\Windows\system32\fi-FI
2010-11-06 22:36:47 ----D---- C:\Windows\system32\cs
2010-11-06 22:36:46 ----D---- C:\Windows\system32\cs-CZ
2010-11-06 22:36:42 ----D---- C:\Windows\system32\SLUI
2010-11-06 22:36:42 ----D---- C:\Windows\system32\pt-PT
2010-11-06 22:36:42 ----D---- C:\Windows\system32\hu-HU
2010-11-06 22:36:40 ----D---- C:\Windows\system32\zh-CN
2010-11-06 22:36:40 ----D---- C:\Windows\system32\sr-Latn-CS
2010-11-06 22:36:40 ----D---- C:\Windows\system32\manifeststore
2010-11-06 22:36:40 ----D---- C:\Windows\system32\es-ES
2010-11-06 22:36:39 ----D---- C:\Windows\system32\zh-TW
2010-11-06 22:36:39 ----D---- C:\Windows\system32\uk-UA
2010-11-06 22:36:39 ----D---- C:\Windows\system32\sl-SI
2010-11-06 22:36:39 ----D---- C:\Windows\system32\pl-PL
2010-11-06 22:36:39 ----D---- C:\Windows\system32\ja-JP
2010-11-06 22:36:39 ----D---- C:\Windows\system32\bg-BG
2010-11-06 22:36:38 ----D---- C:\Windows\system32\ro-RO
2010-11-06 22:36:37 ----D---- C:\Windows\system32\th-TH
2010-11-06 22:36:37 ----D---- C:\Windows\system32\drivers\cs-CZ
2010-11-06 22:36:37 ----D---- C:\Windows\system32\drivers
2010-11-06 22:36:36 ----D---- C:\Windows\system32\wbem
2010-11-06 22:36:36 ----D---- C:\Windows\system32\tr-TR
2010-11-06 22:36:35 ----D---- C:\Windows\system32\nb-NO
2010-11-06 22:36:34 ----D---- C:\Windows\system32\pt-BR
2010-11-06 22:36:34 ----D---- C:\Windows\system32\nl-NL
2010-11-06 22:36:34 ----D---- C:\Windows\system32\migwiz
2010-11-06 22:36:34 ----D---- C:\Windows\system32\lt-LT
2010-11-06 22:36:34 ----D---- C:\Windows\system32\ar-SA
2010-11-06 22:35:52 ----RSD---- C:\Windows\Fonts
2010-11-06 22:35:52 ----D---- C:\Windows\AppPatch
2010-11-06 22:35:38 ----D---- C:\Windows\system32\Boot
2010-11-06 22:32:54 ----D---- C:\Windows\system32\drivers\UMDF
2010-11-06 22:16:51 ----A---- C:\Windows\fonts\GlobalUserInterface.CompositeFont
2010-11-06 21:37:51 ----D---- C:\Program Files\Yahoo!
2010-11-03 14:20:53 ----D---- C:\Users\Eliska\AppData\Roaming\ICQ
2010-10-29 22:21:43 ----D---- C:\Windows\system32\catroot2
2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-13 16:39:45 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2007-01-02 20264]
R0 PSDNServ;PSDNSERVER; C:\Windows\system32\drivers\PSDNServ.sys [2007-01-02 16680]
R0 psdvdisk;psdvdisk; C:\Windows\system32\drivers\psdvdisk.sys [2007-01-02 60712]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-19 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-10-23 532992]
R3 Cam5607;Acer OrbiCam; C:\Windows\System32\Drivers\BisonC07.sys [2006-12-27 792368]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 EMSCR;EMSCR; C:\Windows\system32\DRIVERS\EMS7SK.sys [2006-10-25 62208]
R3 ESDCR;ESDCR; C:\Windows\system32\DRIVERS\ESD7SK.sys [2006-10-25 42240]
R3 ESMCR;ESMCR; C:\Windows\system32\DRIVERS\ESM7SK.sys [2006-10-25 76928]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-12-01 1655464]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-01-12 6144]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-08 2313216]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-06 51200]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-10 506368]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 irsir;Microsoft Serial Infrared Driver; C:\Windows\system32\DRIVERS\irsir.sys [2006-11-02 20992]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 SMSCIRDA;SMSC Infrared Device Driver; C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S3 WSVD;WSVD; \??\C:\Windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-01-08 557056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-01-02 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-12-22 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-12-28 126976]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2006-12-28 49152]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-01-02 24576]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-01-02 135168]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-06 136176]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-16 137200]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

#2 Příspěvek od **Roli** » 07 lis 2010 18:22

Zdravím, tohle fixni v HJT :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cs.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

HJT najdeš zde :

C:\Program Files\trend micro\Eliska.exe

Fix znamená že spustíš HJT Obrázek

jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.

Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

Služba Google Update

Google Updater Service

Cyberlink RichVideo Service

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.

Pak použij Mbam z mého podpisu a dej mi sem z něj log dříve než něco smažeš.

smallhouse · #3 Příspěvek od **smallhouse** » 07 lis 2010 20:51

díky, bohužel ségra notebook na 14 dnů odvezla pryč, takže dřív vědět nedám.

Píšeš použij Mbam ještě než něco smažu, o mazání se tu nic nepíšeš, takže log zkopíruju okamžitě poté, co učiním tebou napsané kroky. Chápu-li to špatně, oprav mě prosím.
Zatím díky

#4 Příspěvek od **Roli** » 07 lis 2010 22:34

smallhouse píše:Píšeš použij Mbam ještě než něco smažu, o mazání se tu nic nepíšeš, takže log zkopíruju okamžitě poté, co učiním tebou napsané kroky. Chápu-li to špatně, oprav mě prosím

Myslel jsem to tak že normálně spustíš Mbam a dříve než s ním něco smažeš, pokud tedy najde infekci mi sem z něj dáš log,

protože se může stát že se splete a ty si odmázneš něco co bys nechtěl.

smallhouse píše:díky, bohužel ségra notebook na 14 dnů odvezla pryč, takže dřív vědět nedám

Nevadí, až na ten notes budeš mít čas tak pokračujem, budu tady.

smallhouse · #5 Příspěvek od **smallhouse** » 25 lis 2010 21:09

Tak mám zpátky notebook.

Provedl jsem, cos mi řekl a všechno v pohodě až na tuhle položku: O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" tu jsem tam nenašel.

Co se týče services.msc, tak až na Cyberlink to bylo všechno zastavené, takže jsem u těch Googlů dal jen zakázat.

Naneštěstí jsem prohodil pořadí kroků (nejdřív services, pak Mbam, pak teprve HJT), log z Mbam v tu chvíli vypadal takhle:

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 5189

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

25.11.2010 20:28:23
mbam-log-2010-11-25 (20-28-23).txt

Typ skenu: Rychlý sken
Skenované objekty: 139260
Uplynulý čas: 10 minuta(y), 37 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> No action taken.

Poté, co jsem si chybu uvědomil jsem udělal novou kontrolu Mbam (tedy až po HJT) a ten už pak nic nezjistil.

#6 Příspěvek od **Roli** » 26 lis 2010 19:58

Ono je to zatím celekm jedno v jakém pořadí jsi příslušné kroky povedl.

To co Mbam našel nech smazat pokud jsi to již neudělal.

Nyní použijeme větší kalibr tak že pozorně čti, protože tenhle softík chyby netoleruje.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

smallhouse · #7 Příspěvek od **smallhouse** » 26 lis 2010 22:57

ComboFix 10-11-25.06 - Eliska 26.11.2010 22:11:58.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.765.160 [GMT 1:00]
Spuštěný z: c:\users\Eliska\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6.5\ICQLRun.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Možné infikované stránky -----

hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-26 do 2010-11-26 )))))))))))))))))))))))))))))))
.

2010-11-26 21:44 . 2010-11-26 21:45 -------- d-----w- c:\users\Eliska\AppData\Local\temp
2010-11-26 21:44 . 2010-11-26 21:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-26 11:37 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00E2B453-500D-4920-AE59-81E4D6D2B25D}\mpengine.dll
2010-11-25 19:15 . 2010-11-25 19:15 -------- d-----w- c:\users\Eliska\AppData\Roaming\Malwarebytes
2010-11-25 19:14 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-25 19:14 . 2010-11-25 19:14 -------- d-----w- c:\programdata\Malwarebytes
2010-11-25 19:14 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-25 19:14 . 2010-11-25 19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-24 11:23 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-10 12:11 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-08 18:02 . 2010-11-08 18:02 -------- d-----w- c:\program files\Windows Portable Devices
2010-11-08 15:16 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-11-08 15:16 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-11-08 15:16 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-11-08 15:14 . 2009-09-25 01:49 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2010-11-08 15:14 . 2009-09-25 01:27 793088 ----a-w- c:\windows\system32\FntCache.dll
2010-11-08 15:14 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2010-11-08 15:14 . 2009-09-25 01:31 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2010-11-08 15:14 . 2009-09-25 01:31 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-11-08 15:14 . 2009-09-25 01:30 481792 ----a-w- c:\windows\system32\dxgi.dll
2010-11-08 15:14 . 2009-09-25 01:30 190464 ----a-w- c:\windows\system32\d3d10core.dll
2010-11-08 15:14 . 2009-09-25 01:27 1064448 ----a-w- c:\windows\system32\DWrite.dll
2010-11-08 15:14 . 2009-09-25 01:31 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2010-11-08 15:14 . 2009-09-25 01:31 1030144 ----a-w- c:\windows\system32\d3d10.dll
2010-11-08 15:13 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-11-08 15:13 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-11-08 15:13 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-11-08 15:13 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-11-08 15:12 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-11-08 15:12 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-11-08 15:12 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-11-08 15:12 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-11-08 15:12 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-11-08 15:12 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-11-08 15:12 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-11-08 15:12 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-11-08 15:12 . 2009-10-01 01:01 227840 ----a-w- c:\windows\system32\drivers\UMDF\WpdFs.dll
2010-11-08 15:09 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-11-08 15:09 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-11-08 15:09 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-11-07 14:13 . 2010-11-07 14:17 -------- d-----w- c:\program files\RadarSync
2010-11-07 14:08 . 2010-11-07 14:08 -------- d-----w- c:\programdata\Uniblue
2010-11-07 14:08 . 2010-11-07 14:08 -------- d-----w- c:\users\Eliska\AppData\Roaming\Uniblue
2010-11-07 13:30 . 2010-11-24 19:46 -------- d-----w- c:\users\Eliska\AppData\Roaming\skypePM
2010-11-07 13:27 . 2010-11-07 13:27 -------- d-----w- c:\program files\Common Files\Skype
2010-11-07 13:27 . 2010-11-07 13:28 -------- d-----r- c:\program files\Skype
2010-11-07 13:27 . 2010-11-24 21:34 -------- d-----w- c:\users\Eliska\AppData\Roaming\Skype
2010-11-07 13:27 . 2010-11-07 13:27 -------- d-----w- c:\programdata\Skype
2010-11-07 10:48 . 2010-11-07 10:49 -------- d-----w- c:\users\Eliska\AppData\Local\MCE Deluxe Suite
2010-11-07 10:48 . 2010-11-07 10:48 -------- d-----w- c:\users\Eliska\AppData\Roaming\CyberLink
2010-11-07 10:48 . 2010-11-07 10:48 -------- d-----w- c:\users\Eliska\AppData\Local\PowerCinema
2010-11-07 10:13 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-11-07 10:13 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2010-11-07 10:13 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2010-11-07 07:47 . 2010-11-25 19:45 -------- d-----w- c:\program files\trend micro
2010-11-07 07:47 . 2010-11-07 07:47 -------- d-----w- C:\rsit
2010-11-06 22:47 . 2010-11-06 22:48 -------- d-----w- c:\program files\CCleaner
2010-11-06 22:25 . 2010-11-06 22:26 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-06 22:18 . 2010-10-27 06:12 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2010-11-06 22:18 . 2010-10-27 06:12 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2010-11-06 22:18 . 2010-10-27 06:12 89048 ----a-w- c:\program files\Mozilla Firefox\nssutil3.dll
2010-11-06 22:18 . 2010-10-27 06:12 492504 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2010-11-06 22:18 . 2010-10-27 06:12 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-11-06 22:18 . 2010-10-27 06:12 11744216 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2010-11-06 22:18 . 2010-10-27 04:49 98304 ----a-w- c:\program files\Mozilla Firefox\nssdbm3.dll
2010-11-06 22:18 . 2010-10-27 06:12 719832 ----a-w- c:\program files\Mozilla Firefox\mozcrt19.dll
2010-11-06 22:18 . 2010-10-27 06:12 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-11-06 22:18 . 2010-10-27 06:12 107480 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2010-11-06 22:15 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-06 21:35 . 2010-11-06 21:36 -------- d-----w- c:\windows\system32\ca-ES
2010-11-06 21:35 . 2010-11-06 21:36 -------- d-----w- c:\windows\system32\eu-ES
2010-11-06 21:35 . 2010-11-06 21:36 -------- d-----w- c:\windows\system32\vi-VN

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-03 10:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-13 13:56 . 2010-10-13 09:39 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01 . 2010-10-13 09:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-13 09:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-13 09:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-13 09:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-13 09:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-13 09:40 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-13 09:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-13 09:39 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-07 16:11 . 2010-06-05 21:54 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 15:52 . 2010-06-05 21:56 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 15:52 . 2010-06-05 21:56 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 15:47 . 2010-06-05 21:56 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 15:47 . 2010-06-05 21:56 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 15:47 . 2010-06-05 21:57 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-06 16:20 . 2010-10-13 09:40 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-13 09:40 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-13 09:40 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-13 09:40 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-13 09:40 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-13 09:38 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-13 09:38 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-13 09:38 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-13 09:38 2038272 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
??????????????e [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-01-14 10:38 151552 ----a-w- c:\acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-01-02 17:58 464168 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-16 04:35 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 136176]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 22:44]

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 22:44]

2010-11-26 c:\windows\Tasks\User_Feed_Synchronization-{0C83874B-3EA5-4EB1-934B-2F5DD07AE1C5}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Eliska\AppData\Roaming\Mozilla\Firefox\Profiles\z3ppoflg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Acer Tour Reminder - (no file)
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-DriverScanner - c:\program files\Uniblue\DriverScanner\launcher.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-SetPanel - (no file)
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-ICQ - c:\progra~1\ICQ6\ICQ.exe
MSConfigStartUp-IS CfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe
ActiveSetup-ccc-core-static - msiexec

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-26 22:45
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="3293F2DD97FDBEC040062BCAB37313F810F195D8226C3B2C59BF3B22E364C901088E10D260EDA8701E935AF27594DD645D85E2CCC455AEDD51A07D60E8A289B294AFDA64E4FEC2D67DAB2DD8EFA122B582EE9FA80DACBAA0856D945EF5F09F44DD85C264CECC5834B8609159B487B4894EDF537111D0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E6675D575E7D6A3B98089DB7CE019D40AA5C2DCA4FD1EEDBD45180B95E4F2F53C678F10FC1CBCB2EF4D1EFE5060858B9DB2E246A16F4E51D7AB249F1EC2234402252C0A81A40B93827D3804909A97650D06654E7A8851797A9CC61CE5BF3EC05928E8AE735CE30A92EC01BB48CF41372975CBF5CDAACA9FEEB26D6C3EF0E1C7EA4A30DB8EE032C25BA9FC5AE20D889AC2647DB8512D8F3E99D47AD65867DB56C3A0C762BB9ABE03456FE7EDFEB02E86FC8E414C5C7BA0551703FDCF00D16E4728AC5ECF217DBB4C3D86CB6952767F4911F75C5238B471B94E79E4FC409ED84169DD5066821EB4223F2FAD1BFA0BF264B9E3D43477E382BF55D7B63E28FDDA84552BFCF8683F4D70827442B743887A6BA8C05528058895E1CFD6F6C73CC85964DD8914AEEFDD678894BE18EEA627E57E0861A2CBF61FD9190C99731BF7FC54663B9D6686366B5D9250CF4BC812B2ACAA37BCC7F9B7999D3421596EDB8FCC5669D4CA392CC23F7E6BAE521EB38AD5148CB3071EECE93A5EB048A1251702AEE58F7BF8E243832C8BE0EAC0DC3351D80CB08BA611035B32FCF8CA5B1FC1C04EFB1D01532EE53A29733C808E561C0BC8785E788796CD2F487ADF43726891918BA3CECA22D35F39918CA7671595647E67BD7615898034B864466BCE39E01E58A85747392A2AF114EBFBF08B89C285A87335A4F3EA4C36BA93E0DC425D2632413CA8C6FE0B789C58DCA02D17F674F2E224CD96EA206989EB692E9D5C7F9239B7CC76A50E019E4D3B838B28B3DF3391C4AA5D4DDBFAA577815237C186BD3A637A67F276AB7F3551EC2CBA9533C82C6A02A657EA62701D0AD4393719B8621C98504371173DF7B60AC338BEFA79C57CB5DFEF0BFAF3B7FC598D54D30D1DFA7DB3A1C7A288727E6842BA843C4ECCE3A929699F53346B49D6DB6727ECF1216B11F2B0A952326AD6F31E9D1039AEC9C7558B6DFE4A79D1FD870AAD1189D95198BCB53FD9D6AB3EA55CA5CF21B18D39E5A4DC7C971214A5AB06DB943CE1AF92D078A533AE49D7529D9271BE42618B0C33C967DE593D84519ABF54E291C78456CFA7CEA96080C1903C415E1147DA779CFF0CDAAD488386C645111F5793CA35AC241B484FD653CAB6EDFD38F01C08B86D8D600C9CCCEDF01982E38E33E32B484F0B53828709DE723AE7A17293ED1B812494B2D76"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\windows\system32\eNetHook.dll

- - - - - - - > 'lsass.exe'(644)
c:\windows\system32\eNetHook.dll
.
Celkový čas: 2010-11-26 22:52:38
ComboFix-quarantined-files.txt 2010-11-26 21:52

Před spuštěním: Volných bajtů: 20 478 988 288
Po spuštění: Volných bajtů: 20 496 248 832

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - F59F4EF1014EF55FDBA5F6E8CE7AC386

#8 Příspěvek od **Roli** » 27 lis 2010 16:45

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

Folder::
c:\program files\ICQToolbar
c:\program files\Common Files\Symantec Shared
c:\program files\Norton Internet Security

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

FireFox::
FF - ProfilePath - c:\users\Eliska\AppData\Roaming\Mozilla\Firefox\Profiles\z3ppoflg.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

smallhouse · #9 Příspěvek od **smallhouse** » 27 lis 2010 19:03

ComboFix 10-11-26.07 - Eliska 27.11.2010 17:00:03.2.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.765.200 [GMT 1:00]
Spuštěný z: c:\users\Eliska\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Eliska\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.html
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_CLTNetCnService

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-27 do 2010-11-27 )))))))))))))))))))))))))))))))
.

2010-11-27 17:41 . 2010-11-27 17:48 -------- d-----w- c:\users\Eliska\AppData\Local\temp
2010-11-26 11:37 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00E2B453-500D-4920-AE59-81E4D6D2B25D}\mpengine.dll
2010-11-25 19:15 . 2010-11-25 19:15 -------- d-----w- c:\users\Eliska\AppData\Roaming\Malwarebytes
2010-11-25 19:14 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-25 19:14 . 2010-11-25 19:14 -------- d-----w- c:\programdata\Malwarebytes
2010-11-25 19:14 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-25 19:14 . 2010-11-25 19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-24 11:23 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-10 12:11 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-08 18:02 . 2010-11-08 18:02 -------- d-----w- c:\program files\Windows Portable Devices
2010-11-08 15:16 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-11-08 15:16 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-11-08 15:16 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-11-08 15:14 . 2009-09-25 01:49 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2010-11-08 15:14 . 2009-09-25 01:27 793088 ----a-w- c:\windows\system32\FntCache.dll
2010-11-08 15:14 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2010-11-08 15:14 . 2009-09-25 01:31 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2010-11-08 15:14 . 2009-09-25 01:31 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-11-08 15:14 . 2009-09-25 01:30 481792 ----a-w- c:\windows\system32\dxgi.dll
2010-11-08 15:14 . 2009-09-25 01:30 190464 ----a-w- c:\windows\system32\d3d10core.dll
2010-11-08 15:14 . 2009-09-25 01:27 1064448 ----a-w- c:\windows\system32\DWrite.dll
2010-11-08 15:14 . 2009-09-25 01:31 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2010-11-08 15:14 . 2009-09-25 01:31 1030144 ----a-w- c:\windows\system32\d3d10.dll
2010-11-08 15:13 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-11-08 15:13 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-11-08 15:13 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-11-08 15:13 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-11-08 15:12 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-11-08 15:12 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-11-08 15:12 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-11-08 15:12 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-11-08 15:12 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-11-08 15:12 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-11-08 15:12 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-11-08 15:12 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-11-08 15:12 . 2009-10-01 01:01 227840 ----a-w- c:\windows\system32\drivers\UMDF\WpdFs.dll
2010-11-08 15:09 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-11-08 15:09 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-11-08 15:09 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-11-07 14:13 . 2010-11-07 14:17 -------- d-----w- c:\program files\RadarSync
2010-11-07 14:08 . 2010-11-07 14:08 -------- d-----w- c:\programdata\Uniblue
2010-11-07 14:08 . 2010-11-07 14:08 -------- d-----w- c:\users\Eliska\AppData\Roaming\Uniblue
2010-11-07 13:30 . 2010-11-26 22:09 -------- d-----w- c:\users\Eliska\AppData\Roaming\skypePM
2010-11-07 13:27 . 2010-11-07 13:27 -------- d-----w- c:\program files\Common Files\Skype
2010-11-07 13:27 . 2010-11-07 13:28 -------- d-----r- c:\program files\Skype
2010-11-07 13:27 . 2010-11-26 22:10 -------- d-----w- c:\users\Eliska\AppData\Roaming\Skype
2010-11-07 13:27 . 2010-11-07 13:27 -------- d-----w- c:\programdata\Skype
2010-11-07 10:48 . 2010-11-07 10:49 -------- d-----w- c:\users\Eliska\AppData\Local\MCE Deluxe Suite
2010-11-07 10:48 . 2010-11-07 10:48 -------- d-----w- c:\users\Eliska\AppData\Roaming\CyberLink
2010-11-07 10:48 . 2010-11-07 10:48 -------- d-----w- c:\users\Eliska\AppData\Local\PowerCinema
2010-11-07 10:13 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-11-07 10:13 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2010-11-07 10:13 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2010-11-07 07:47 . 2010-11-25 19:45 -------- d-----w- c:\program files\trend micro
2010-11-07 07:47 . 2010-11-07 07:47 -------- d-----w- C:\rsit
2010-11-06 22:47 . 2010-11-06 22:48 -------- d-----w- c:\program files\CCleaner
2010-11-06 22:25 . 2010-11-06 22:26 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-06 22:18 . 2010-10-27 06:12 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2010-11-06 22:18 . 2010-10-27 06:12 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2010-11-06 22:18 . 2010-10-27 06:12 89048 ----a-w- c:\program files\Mozilla Firefox\nssutil3.dll
2010-11-06 22:18 . 2010-10-27 06:12 492504 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll
2010-11-06 22:18 . 2010-10-27 06:12 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-11-06 22:18 . 2010-10-27 06:12 11744216 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2010-11-06 22:18 . 2010-10-27 04:49 98304 ----a-w- c:\program files\Mozilla Firefox\nssdbm3.dll
2010-11-06 22:18 . 2010-10-27 06:12 719832 ----a-w- c:\program files\Mozilla Firefox\mozcrt19.dll
2010-11-06 22:18 . 2010-10-27 06:12 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2010-11-06 22:18 . 2010-10-27 06:12 107480 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2010-11-06 22:15 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-06 21:35 . 2010-11-06 21:36 -------- d-----w- c:\windows\system32\ca-ES
2010-11-06 21:35 . 2010-11-06 21:36 -------- d-----w- c:\windows\system32\eu-ES
2010-11-06 21:35 . 2010-11-06 21:36 -------- d-----w- c:\windows\system32\vi-VN

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-03 10:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-13 13:56 . 2010-10-13 09:39 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01 . 2010-10-13 09:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-13 09:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-13 09:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-13 09:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-13 09:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-13 09:40 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-13 09:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-13 09:39 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-07 16:11 . 2010-06-05 21:54 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 15:52 . 2010-06-05 21:56 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 15:52 . 2010-06-05 21:56 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 15:47 . 2010-06-05 21:56 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 15:47 . 2010-06-05 21:56 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 15:47 . 2010-06-05 21:57 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-06 16:20 . 2010-10-13 09:40 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-13 09:40 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-13 09:40 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-13 09:40 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-13 09:40 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-13 09:38 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-13 09:38 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-13 09:38 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-13 09:38 2038272 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-16 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
??????????????e [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
2007-01-14 10:38 151552 ----a-w- c:\acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-01-02 17:58 464168 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-16 04:35 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 136176]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 22:44]

2010-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-06 22:44]

2010-11-27 c:\windows\Tasks\User_Feed_Synchronization-{0C83874B-3EA5-4EB1-934B-2F5DD07AE1C5}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Eliska\AppData\Roaming\Mozilla\Firefox\Profiles\z3ppoflg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Eliska\AppData\Roaming\Mozilla\Firefox\Profiles\z3ppoflg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-27 18:47
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="3293F2DD97FDBEC040062BCAB37313F810F195D8226C3B2C59BF3B22E364C901088E10D260EDA8701E935AF27594DD645D85E2CCC455AEDD51A07D60E8A289B294AFDA64E4FEC2D67DAB2DD8EFA122B582EE9FA80DACBAA0856D945EF5F09F44DD85C264CECC5834B8609159B487B4894EDF537111D0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E6675D575E7D6A3B98089DB7CE019D40AA5C2DCA4FD1EEDBD45180B95E4F2F53C678F10FC1CBCB2EF4D1EFE5060858B9DB2E246A16F4E51D7AB249F1EC2234402252C0A81A40B93827D3804909A97650D06654E7A8851797A9CC61CE5BF3EC05928E8AE735CE30A92EC01BB48CF41372975CBF5CDAACA9FEEB26D6C3EF0E1C7EA4A30DB8EE032C25BA9FC5AE20D889AC2647DB8512D8F3E99D47AD65867DB56C3A0C762BB9ABE03456FE7EDFEB02E86FC8E414C5C7BA0551703FDCF00D16E4728AC5ECF217DBB4C3D86CB6952767F4911F75C5238B471B94E79E4FC409ED84169DD5066821EB4223F2FAD1BFA0BF264B9E3D43477E382BF55D7B63E28FDDA84552BFCF8683F4D70827442B743887A6BA8C05528058895E1CFD6F6C73CC85964DD8914AEEFDD678894BE18EEA627E57E0861A2CBF61FD9190C99731BF7FC54663B9D6686366B5D9250CF4BC812B2ACAA37BCC7F9B7999D3421596EDB8FCC5669D4CA392CC23F7E6BAE521EB38AD5148CB3071EECE93A5EB048A1251702AEE58F7BF8E243832C8BE0EAC0DC3351D80CB08BA611035B32FCF8CA5B1FC1C04EFB1D01532EE53A29733C808E561C0BC8785E788796CD2F487ADF43726891918BA3CECA22D35F39918CA7671595647E67BD7615898034B864466BCE39E01E58A85747392A2AF114EBFBF08B89C285A87335A4F3EA4C36BA93E0DC425D2632413CA8C6FE0B789C58DCA02D17F674F2E224CD96EA206989EB692E9D5C7F9239B7CC76A50E019E4D3B838B28B3DF3391C4AA5D4DDBFAA577815237C186BD3A637A67F276AB7F3551EC2CBA9533C82C6A02A657EA62701D0AD4393719B8621C98504371173DF7B60AC338BEFA79C57CB5DFEF0BFAF3B7FC598D54D30D1DFA7DB3A1C7A288727E6842BA843C4ECCE3A929699F53346B49D6DB6727ECF1216B11F2B0A952326AD6F31E9D1039AEC9C7558B6DFE4A79D1FD870AAD1189D95198BCB53FD9D6AB3EA55CA5CF21B18D39E5A4DC7C971214A5AB06DB943CE1AF92D078A533AE49D7529D9271BE42618B0C33C967DE593D84519ABF54E291C78456CFA7CEA96080C1903C415E1147DA779CFF0CDAAD488386C645111F5793CA35AC241B484FD653CAB6EDFD38F01C08B86D8D600C9CCCEDF01982E38E33E32B484F0B53828709DE723AE7A17293ED1B812494B2D76"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Celkový čas: 2010-11-27 18:57:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-27 17:57
ComboFix2.txt 2010-11-26 21:52

Před spuštěním: Volných bajtů: 19 634 769 920
Po spuštění: Volných bajtů: 19 336 601 600

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 1705BB4056B91D0DD6884CF7C69B0CB3

#10 Příspěvek od **Roli** » 27 lis 2010 20:07

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

Čištění registru je třeba několikrát zopakovat !

Pak dej vědět jaký je stav PC.

smallhouse · #11 Příspěvek od **smallhouse** » 27 lis 2010 20:50

Rychlost počítače je určitě lepší než na začátku, nicméně zejména spuštění systému a první minuta po naběhnutí plochy je dost bídná.
Často se CPU vyhoupne až na 100% a takhle to trvý přibližně minutu. V ten moment jsem vysledoval zvýšenou aktivitu zejména taskmgr.exe a svchost.exe (snad jsem to napsal správně). Jinak aplikace se spouští rychle a fungují bez problému.

Po nějakých dalších minutách mi CPU bez jakékoli mého přičinění opět vylétlo na 100%, tentokrát to byla záležitost avastu (25%) a zejména Trustinstaller.exe (snad to píšu správně).... svchost.exe dosahuje neustále rozmezí 5 až místy 70...

po cca 10 min užívání počítače je CPU v normálu...

#12 Příspěvek od **Roli** » 27 lis 2010 21:27

Použij tedy ještě Cure It z mého podpisu a dej vědět zda něco našel a opět stav PC.

Jinak je to Vista a na takhle málo RAM no je to na hraně s rychlostí nehledě na to že po Startu se spouští počínaje

kontrolou aktualizací systému a antiviru kde co.

smallhouse · #13 Příspěvek od **smallhouse** » 28 lis 2010 09:58

Tak provedeno, našlo to jedno svinstvo, jinak čistý.

Počítač je na tom pořád stejně, po pár minutách od zapnutí to pak běží normálně. Asi to fakt bude RAMkama.
Nebo myslíš, že by se vyplatila přeinstalace systému, nebo je to zbytečný?

#14 Příspěvek od **Roli** » 28 lis 2010 21:59

smallhouse píše:Tak provedeno, našlo to jedno svinstvo, jinak čistý.

Počítač je na tom pořád stejně, po pár minutách od zapnutí to pak běží normálně. Asi to fakt bude RAMkama.
Nebo myslíš, že by se vyplatila přeinstalace systému, nebo je to zbytečný?

No ono mít zase čístý nově nainstalovaný OS není nikdy k zahození, ale pokud PC jede jinak normálně asi bych to zatím neřešil.

Možná by však nebylo na škodu defragmentovat disk buď integrovaným windows nástrojem,

nebo jinou aplikací, například Defragglerem

smallhouse · #15 Příspěvek od **smallhouse** » 01 pro 2010 18:05

Ok, každopádně díky

VIRY.CZ

Prosím o kontrolu

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu