VIRY.CZ

ComboFix 10-02-12.01 - electroworld 14.02.2010 12:46:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.1015.272 [GMT 1:00]
Spuštěný z: c:\users\electroworld\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100213-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1368 [VPS 100213-1] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2098520901-2607698888-1855745526-500
c:\$recycle.bin\S-1-5-21-2139252429-1018222934-1169608220-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.

2010-02-14 11:57 . 2010-02-14 11:58 -------- d-----w- c:\users\electroworld\AppData\Local\temp
2010-02-14 11:57 . 2010-02-14 11:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-04 14:41 . 2010-02-04 14:41 22016 ----a-w- c:\windows\system32\prospeed_bmp2jpg.dll
2010-02-04 14:40 . 2010-02-04 14:43 -------- d-----w- c:\program files\erobottle46
2010-02-04 14:40 . 2010-02-04 14:41 -------- d-----w- c:\windows\uninstall\EroBottle
2010-02-04 14:40 . 2010-02-04 14:40 -------- d-----w- c:\windows\uninstall
2010-02-01 10:40 . 2010-02-01 10:40 -------- d-----w- c:\program files\PROFIT
2010-01-30 08:51 . 2010-01-30 08:51 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbCE1C.tmp.exe
2010-01-29 18:02 . 2010-01-29 18:02 -------- d-----w- c:\users\electroworld\AppData\Roaming\Anix Software
2010-01-29 18:00 . 2010-01-29 18:00 -------- d-----w- c:\program files\Common Files\Anix Shared
2010-01-29 18:00 . 2010-01-29 18:00 -------- d-----w- c:\program files\Slide Show Pilot

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 15:50 . 2009-12-20 07:36 -------- d-----w- c:\users\electroworld\AppData\Roaming\Skype
2010-02-12 15:03 . 2009-11-09 15:00 -------- d-----w- c:\users\electroworld\AppData\Roaming\skypePM
2010-02-12 08:58 . 2007-03-05 20:05 81404 ----a-w- c:\windows\system32\perfc005.dat
2010-02-12 08:58 . 2007-03-05 20:05 473598 ----a-w- c:\windows\system32\perfh005.dat
2010-01-31 10:42 . 2010-01-05 10:15 -------- d-----w- c:\users\electroworld\AppData\Roaming\SolidDocuments
2010-01-30 08:49 . 2008-03-23 08:22 2832 ----a-w- c:\users\electroworld\AppData\Roaming\wklnhst.dat
2010-01-14 10:12 . 2009-10-02 16:35 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 02:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-10 12:33 . 2010-01-10 12:33 -------- d-----w- c:\program files\IKEA HomePlanner
2010-01-10 12:23 . 2009-05-02 09:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 10:14 . 2010-01-05 10:14 2686232 ----a-w- c:\programdata\SolidDocuments\Installer\Solid Converter PDF\electroworld\SolidSFX_Data\components\vcredist_x86.exe
2010-01-05 10:13 . 2010-01-05 10:13 -------- d-----w- c:\program files\SolidDocuments
2010-01-05 10:13 . 2010-01-05 10:13 -------- d-----w- c:\programdata\SolidDocuments
2010-01-05 10:00 . 2007-03-01 14:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 11:23 . 2009-12-26 11:23 -------- d-----w- c:\users\electroworld\AppData\Roaming\HDRsoft
2009-12-26 11:15 . 2009-12-26 11:15 -------- d-----w- c:\program files\PhotomatixPro3
2009-12-20 07:34 . 2009-12-20 07:34 -------- d-----r- c:\program files\Skype
2009-12-20 07:34 . 2009-12-20 07:34 -------- d-----w- c:\program files\Common Files\Skype
2009-12-20 07:34 . 2009-11-09 14:41 -------- d-----w- c:\programdata\Skype
2009-12-18 12:52 . 2010-01-22 07:54 832512 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 12:48 . 2010-01-22 07:54 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-12-18 12:48 . 2010-01-22 07:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 12:48 . 2010-01-22 07:54 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2009-12-18 12:46 . 2010-01-22 07:54 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-18 10:18 . 2010-01-22 07:54 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-18 08:45 . 2010-01-22 07:54 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-12-18 05:03 . 2009-12-18 05:03 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-17 14:00 . 2009-12-17 14:00 -------- d-----w- c:\program files\DreamLight Photo Editor
2009-12-17 13:17 . 2009-12-17 12:48 -------- d-----w- c:\program files\GreenScreenWizardPro
2009-11-24 23:54 . 2008-03-28 17:39 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2008-05-24 09:41 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-05-24 09:41 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-03-28 17:39 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2008-03-28 17:39 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-03-28 17:39 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-03-28 17:39 97480 ----a-w- c:\windows\system32\AvastSS.scr
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznám
R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [1.3.2007 15:55 38400]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [1.3.2007 15:55 31360]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [24.5.2008 10:41 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [24.5.2008 10:41 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [28.3.2008 18:39 53328]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI83AA.tmp [5.1.2010 11:14 189760]
S2 gupdate1c9d0c84dd3c2d0;Google Update Service (gupdate1c9d0c84dd3c2d0);c:\program files\Google\Update\GoogleUpdate.exe [9.5.2009 18:05 133104]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\System32\drivers\Axtmvflt.sys [7.10.2009 19:46 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\System32\drivers\Axtmvmdm.sys [7.10.2009 19:46 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\System32\drivers\Axtmvprt.sys [7.10.2009 19:46 38784]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [19.4.2009 20:28 55264]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [8.12.2008 16:01 533344]
S3 vmcam325av;Vimicro USB2.0 PC Camera(VC0323);c:\windows\System32\drivers\vmcam323av.sys [7.9.2008 17:23 232448]
S3 vvftav323;vvftav323;c:\windows\System32\drivers\vvftav323.sys [7.9.2008 17:23 475136]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 17:04]

2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 17:04]

2010-02-13 c:\windows\Tasks\User_Feed_Synchronization-{5061B87D-5249-4148-8A79-E5C2592BDFDC}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &Přelož do češtiny - c:\program files\Seznam\Listicka\Toolbar.dll/5034
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Hlede&j v ČR - c:\program files\Seznam\Listicka\Toolbar.dll/5033
IE: Hledej v &encyklopedii - c:\program files\Seznam\Listicka\Toolbar.dll/5108
IE: Hledej ve &světě - c:\program files\Seznam\Listicka\Toolbar.dll/5035
IE: Hledej ve &zboží - c:\program files\Seznam\Listicka\Toolbar.dll/5107
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 12:58
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI83AA.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-02-14 13:04:38
ComboFix-quarantined-files.txt 2010-02-14 12:04

Před spuštěním: Volných bajtů: 20 306 595 840
Po spuštění: Volných bajtů: 22 759 804 928

- - End Of File - - A9A6AD8288811E42417BC4FEF3AD15D9ka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-25 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"Seznam Postak"="c:\users\electroworld\AppData\Local\Seznam.cz\postak.exe" [2009-11-02 448664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-03-25 1006264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-28 148888]
"EasySpeller"="c:\program files\EasyOffice\EasySpeller.exe" [2004-08-19 73728]

c:\users\electroworld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-8-19 21504]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-21 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

Pokračujeme.

1) Skript do ComboFix-u

Otevřete si Poznámkový blok [Start → Spustit → notepad → Enter].

Do něj vkopírujte následující text:

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\users\electroworld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk 

Extra::

Reboot::

Uložte tento soubor na Plochu pod jménem CFScript (koncovka .txt).
Přetáhněte tento soubor nad ComboFix a pusťte ho.
I tento soubor, i ComboFix musí být na Ploše!
ComboFix se spustí a vykoná příkazy ze skriptu.
Počítač bude pravděpodobně restartován.
Po restartu na Vás vyskočí okno s logem, který mi vkopírujete sem ve formě textu.

2) Nový RSIT log

ComboFix 10-02-12.01 - electroworld 14.02.2010 17:10:13.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.420.1029.18.1015.420 [GMT 1:00]
Spuštěný z: c:\users\electroworld\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\electroworld\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100213-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1368 [VPS 100213-1] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk"
"c:\users\electroworld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
c:\users\electroworld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.

2010-02-14 16:20 . 2010-02-14 16:22 -------- d-----w- c:\users\electroworld\AppData\Local\temp
2010-02-14 16:20 . 2010-02-14 16:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-14 16:20 . 2010-02-14 16:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-04 14:41 . 2010-02-04 14:41 22016 ----a-w- c:\windows\system32\prospeed_bmp2jpg.dll
2010-02-04 14:40 . 2010-02-04 14:43 -------- d-----w- c:\program files\erobottle46
2010-02-04 14:40 . 2010-02-04 14:41 -------- d-----w- c:\windows\uninstall\EroBottle
2010-02-04 14:40 . 2010-02-04 14:40 -------- d-----w- c:\windows\uninstall
2010-02-01 10:40 . 2010-02-01 10:40 -------- d-----w- c:\program files\PROFIT
2010-01-29 18:02 . 2010-01-29 18:02 -------- d-----w- c:\users\electroworld\AppData\Roaming\Anix Software
2010-01-29 18:00 . 2010-01-29 18:00 -------- d-----w- c:\program files\Common Files\Anix Shared
2010-01-29 18:00 . 2010-01-29 18:00 -------- d-----w- c:\program files\Slide Show Pilot

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 15:50 . 2009-12-20 07:36 -------- d-----w- c:\users\electroworld\AppData\Roaming\Skype
2010-02-12 15:03 . 2009-11-09 15:00 -------- d-----w- c:\users\electroworld\AppData\Roaming\skypePM
2010-02-12 08:58 . 2007-03-05 20:05 81404 ----a-w- c:\windows\system32\perfc005.dat
2010-02-12 08:58 . 2007-03-05 20:05 473598 ----a-w- c:\windows\system32\perfh005.dat
2010-01-31 10:42 . 2010-01-05 10:15 -------- d-----w- c:\users\electroworld\AppData\Roaming\SolidDocuments
2010-01-30 08:51 . 2010-01-30 08:51 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbCE1C.tmp.exe
2010-01-30 08:49 . 2008-03-23 08:22 2832 ----a-w- c:\users\electroworld\AppData\Roaming\wklnhst.dat
2010-01-14 10:12 . 2009-10-02 16:35 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-14 02:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-10 12:33 . 2010-01-10 12:33 -------- d-----w- c:\program files\IKEA HomePlanner
2010-01-10 12:23 . 2009-05-02 09:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-05 10:14 . 2010-01-05 10:14 2686232 ----a-w- c:\programdata\SolidDocuments\Installer\Solid Converter PDF\electroworld\SolidSFX_Data\components\vcredist_x86.exe
2010-01-05 10:13 . 2010-01-05 10:13 -------- d-----w- c:\program files\SolidDocuments
2010-01-05 10:13 . 2010-01-05 10:13 -------- d-----w- c:\programdata\SolidDocuments
2010-01-05 10:00 . 2007-03-01 14:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-26 11:23 . 2009-12-26 11:23 -------- d-----w- c:\users\electroworld\AppData\Roaming\HDRsoft
2009-12-26 11:15 . 2009-12-26 11:15 -------- d-----w- c:\program files\PhotomatixPro3
2009-12-20 07:34 . 2009-12-20 07:34 -------- d-----r- c:\program files\Skype
2009-12-20 07:34 . 2009-12-20 07:34 -------- d-----w- c:\program files\Common Files\Skype
2009-12-20 07:34 . 2009-11-09 14:41 -------- d-----w- c:\programdata\Skype
2009-12-18 12:52 . 2010-01-22 07:54 832512 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 12:48 . 2010-01-22 07:54 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-12-18 12:48 . 2010-01-22 07:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 12:46 . 2010-01-22 07:54 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-18 10:18 . 2010-01-22 07:54 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-18 08:45 . 2010-01-22 07:54 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-12-18 05:03 . 2009-12-18 05:03 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-17 14:00 . 2009-12-17 14:00 -------- d-----w- c:\program files\DreamLight Photo Editor
2009-12-17 13:17 . 2009-12-17 12:48 -------- d-----w- c:\program files\GreenScreenWizardPro
2009-11-24 23:54 . 2008-03-28 17:39 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2008-05-24 09:41 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-05-24 09:41 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-03-28 17:39 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2008-03-28 17:39 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-03-28 17:39 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-03-28 17:39 97480 ----a-w- c:\windows\system32\AvastSS.scr
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-25 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"Seznam Postak"="c:\users\electroworld\AppData\Local\Seznam.cz\postak.exe" [2009-11-02 448664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-03-25 1006264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"EasySpeller"="c:\program files\EasyOffice\EasySpeller.exe" [2004-08-19 73728]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-21 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [1.3.2007 15:55 38400]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [1.3.2007 15:55 31360]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [24.5.2008 10:41 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [24.5.2008 10:41 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [28.3.2008 18:39 53328]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\System32\drivers\Axtmvflt.sys [7.10.2009 19:46 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\System32\drivers\Axtmvmdm.sys [7.10.2009 19:46 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\System32\drivers\Axtmvprt.sys [7.10.2009 19:46 38784]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [19.4.2009 20:28 55264]
S3 vmcam325av;Vimicro USB2.0 PC Camera(VC0323);c:\windows\System32\drivers\vmcam323av.sys [7.9.2008 17:23 232448]
S3 vvftav323;vvftav323;c:\windows\System32\drivers\vvftav323.sys [7.9.2008 17:23 475136]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-14 c:\windows\Tasks\User_Feed_Synchronization-{5061B87D-5249-4148-8A79-E5C2592BDFDC}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &Přelož do češtiny - c:\program files\Seznam\Listicka\Toolbar.dll/5034
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Hlede&j v ČR - c:\program files\Seznam\Listicka\Toolbar.dll/5033
IE: Hledej v &encyklopedii - c:\program files\Seznam\Listicka\Toolbar.dll/5108
IE: Hledej ve &světě - c:\program files\Seznam\Listicka\Toolbar.dll/5035
IE: Hledej ve &zboží - c:\program files\Seznam\Listicka\Toolbar.dll/5107
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 17:25
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI83AA.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\O2Micro\o2flash.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\ehome\ehmsas.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-02-14 17:35:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-14 16:35
ComboFix2.txt 2010-02-14 12:04

Před spuštěním: Volných bajtů: 22 579 625 984
Po spuštění: Volných bajtů: 23 281 008 640

- - End Of File - - FF3B9108BC01B3022A11872D1245AC1B

Prosím nový RSIT log.

Prosím, co je to a kde ho najdu? Dík M.

Postup:

1) Random's System Information Tool

Stáhněte a uložte na Plochu RSIT.
Spusťte, nechte v rolovacím menu '1 month' a klikněte na 'Continue'.
Vyčkejte několik vteřin, než se vygeneruje log se jménem log.txt
Pokud nebude log vygenerován, naleznete jej v C:\rsit\log.txt
Obsah tohoto logu vložte do svého příspěvku.

Logfile of random's system information tool 1.06 (written by random/random)
Run by electroworld at 2010-02-14 18:08:37
Microsoft® Windows Vista™ Home Premium
System drive C: has 22 GB (25%) free of 90 GB
Total RAM: 1015 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:05, on 14.2.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\EasyOffice\EasySpeller.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\electroworld\AppData\Local\Seznam.cz\postak.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\electroworld\Desktop\RSIT.exe
C:\Program Files\trend micro\electroworld.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EasySpeller] C:\Program Files\EasyOffice\EasySpeller.exe -n
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Seznam Postak] "C:\Users\electroworld\AppData\Local\Seznam.cz\postak.exe" -s
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5034
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Hlede&j v ČR - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v &encyklopedii - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5108
O8 - Extra context menu item: Hledej ve &světě - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5035
O8 - Extra context menu item: Hledej ve &zboží - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5107
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c9d0c84dd3c2d0) (gupdate1c9d0c84dd3c2d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: O2 Flash Memory Service (O2Flash) - O2Micro International - C:\Program Files\O2Micro\o2flash.exe
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\Windows\Installer\MSI83AA.tmp

--
End of file - 8386 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{5061B87D-5249-4148-8A79-E5C2592BDFDC}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-31 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-12-27 806912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-28 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{B71B15CE-3093-459C-B764-AEB2486F2273} - &Seznam Lištička - C:\Program Files\Seznam\Listicka\Toolbar.dll [2007-11-04 793960]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-12-27 806912]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-03-25 1006264]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-11-06 98304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-11-06 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-11-06 81920]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-09-29 151552]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-29 4317184]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-10-09 729088]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-22 815104]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"EasySpeller"=C:\Program Files\EasyOffice\EasySpeller.exe [2004-08-19 73728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-03-25 1232896]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]
"Seznam Postak"=C:\Users\electroworld\AppData\Local\Seznam.cz\postak.exe [2009-11-02 448664]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-11-06 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.txt - open - C:\Program Files\EasyOffice\EASYPAD.EXE "%1"

======List of files/folders created in the last 1 months======

2010-02-14 18:08:38 ----D---- C:\Program Files\trend micro
2010-02-14 18:08:37 ----D---- C:\rsit
2010-02-14 17:35:37 ----A---- C:\ComboFix.txt
2010-02-14 17:22:42 ----SHD---- C:\$RECYCLE.BIN
2010-02-14 12:44:40 ----A---- C:\Windows\zip.exe
2010-02-14 12:44:40 ----A---- C:\Windows\SWXCACLS.exe
2010-02-14 12:44:40 ----A---- C:\Windows\SWSC.exe
2010-02-14 12:44:40 ----A---- C:\Windows\SWREG.exe
2010-02-14 12:44:40 ----A---- C:\Windows\sed.exe
2010-02-14 12:44:40 ----A---- C:\Windows\PEV.exe
2010-02-14 12:44:40 ----A---- C:\Windows\NIRCMD.exe
2010-02-14 12:44:40 ----A---- C:\Windows\MBR.exe
2010-02-14 12:44:40 ----A---- C:\Windows\grep.exe
2010-02-14 12:44:30 ----D---- C:\Windows\ERDNT
2010-02-14 12:38:51 ----D---- C:\Qoobox
2010-02-04 15:41:06 ----A---- C:\Windows\system32\prospeed_bmp2jpg.dll
2010-02-04 15:40:46 ----D---- C:\Program Files\erobottle46
2010-02-04 15:40:37 ----D---- C:\Windows\uninstall
2010-02-01 11:40:40 ----D---- C:\Program Files\PROFIT
2010-01-29 19:02:26 ----D---- C:\Users\electroworld\AppData\Roaming\Anix Software
2010-01-29 19:00:22 ----D---- C:\Program Files\Common Files\Anix Shared
2010-01-29 19:00:19 ----D---- C:\Program Files\Slide Show Pilot
2010-01-22 08:54:32 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 08:54:29 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 08:54:27 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 08:54:26 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 08:54:25 ----A---- C:\Windows\system32\mstime.dll
2010-01-22 08:54:23 ----A---- C:\Windows\system32\ieapfltr.dll
2010-01-22 08:54:22 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 08:54:21 ----A---- C:\Windows\system32\occache.dll
2010-01-22 08:54:21 ----A---- C:\Windows\system32\iertutil.dll
2010-01-22 08:54:21 ----A---- C:\Windows\system32\dxtmsft.dll
2010-01-22 08:54:20 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-22 08:54:19 ----A---- C:\Windows\system32\mshtmled.dll
2010-01-22 08:54:19 ----A---- C:\Windows\system32\ieaksie.dll
2010-01-22 08:54:19 ----A---- C:\Windows\system32\icardie.dll
2010-01-22 08:54:19 ----A---- C:\Windows\system32\dxtrans.dll
2010-01-22 08:54:18 ----A---- C:\Windows\system32\ieencode.dll
2010-01-22 08:54:17 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-22 08:54:16 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 08:54:16 ----A---- C:\Windows\system32\iernonce.dll
2010-01-22 08:54:16 ----A---- C:\Windows\system32\advpack.dll
2010-01-22 08:54:16 ----A---- C:\Windows\system32\admparse.dll
2010-01-22 08:54:15 ----A---- C:\Windows\system32\pngfilt.dll
2010-01-22 08:54:15 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-22 08:54:15 ----A---- C:\Windows\system32\iesetup.dll
2010-01-22 08:54:15 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-22 08:54:14 ----A---- C:\Windows\system32\ieakui.dll
2010-01-22 08:54:12 ----A---- C:\Windows\system32\mshtmler.dll

======List of files/folders modified in the last 1 months======

2010-02-14 20:54:25 ----D---- C:\Windows\system32\config
2010-02-14 20:54:07 ----D---- C:\Windows\system32\spool
2010-02-14 20:54:07 ----D---- C:\Windows\system32\CodeIntegrity
2010-02-14 20:54:06 ----D---- C:\Windows\inf
2010-02-14 20:54:04 ----D---- C:\Windows\system32\wbem
2010-02-14 20:54:03 ----D---- C:\Windows\registration
2010-02-14 18:08:53 ----D---- C:\Windows\Temp
2010-02-14 18:08:40 ----D---- C:\Windows\Prefetch
2010-02-14 18:08:39 ----D---- C:\Windows\tracing
2010-02-14 18:08:38 ----RD---- C:\Program Files
2010-02-14 17:35:45 ----D---- C:\Windows\system32\drivers
2010-02-14 17:23:52 ----SHD---- C:\System Volume Information
2010-02-14 17:22:47 ----D---- C:\Windows
2010-02-14 17:22:46 ----A---- C:\Windows\system.ini
2010-02-14 17:19:42 ----D---- C:\Windows\Tasks
2010-02-14 17:16:50 ----D---- C:\Windows\System32
2010-02-14 17:16:50 ----D---- C:\Windows\AppPatch
2010-02-14 17:16:49 ----D---- C:\Program Files\Common Files
2010-02-14 12:05:52 ----D---- C:\Windows\system32\catroot2
2010-02-14 08:59:53 ----D---- C:\ProgramData
2010-02-14 03:25:07 ----D---- C:\Windows\winsxs
2010-02-14 03:24:57 ----D---- C:\Windows\system32\catroot
2010-02-12 16:50:43 ----D---- C:\Users\electroworld\AppData\Roaming\Skype
2010-02-12 16:03:07 ----D---- C:\Users\electroworld\AppData\Roaming\skypePM
2010-02-12 09:58:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-01 12:53:01 ----D---- C:\Users\electroworld\AppData\Roaming\Adobe
2010-01-31 11:42:55 ----D---- C:\Users\electroworld\AppData\Roaming\SolidDocuments
2010-01-31 09:22:53 ----SHD---- C:\Windows\Installer
2010-01-29 18:49:22 ----AD---- C:\ProgramData\TEMP
2010-01-22 12:37:00 ----D---- C:\Windows\system32\migration
2010-01-22 12:37:00 ----D---- C:\Program Files\Internet Explorer
2010-01-21 16:12:14 ----D---- C:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-03-25 14208]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 1473024]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-02 1668456]
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-10-09 981504]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-22 181304]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552]
S3 Axtmvflt;Axesstel USB Filter Service; C:\Windows\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
S3 Axtmvmdm;Axesstel USB Modem; C:\Windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
S3 Axtmvprt;Axesstel Diagnostic Port; C:\Windows\System32\Drivers\Axtmvprt.sys [2007-03-26 38784]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\Windows\system32\DRIVERS\HPZid412.sys [2006-02-01 49664]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\Windows\system32\DRIVERS\HPZius12.sys [2006-02-01 21568]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 1473024]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 vmcam325av;Vimicro USB2.0 PC Camera(VC0323); C:\Windows\System32\Drivers\vmcam323av.sys [2007-03-27 232448]
S3 vvftav323;vvftav323; C:\Windows\system32\drivers\vvftav323.sys [2007-03-27 475136]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 81920]
R2 O2Flash;O2 Flash Memory Service; C:\Program Files\O2Micro\o2flash.exe [2006-10-19 65536]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool; C:\Windows\Installer\MSI83AA.tmp [2010-01-05 189760]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate1c9d0c84dd3c2d0;Google Update Service (gupdate1c9d0c84dd3c2d0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-09 133104]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

Pokračujeme.

1) OTMoveit3

Stáhněte OTM3 na Plochu.
Spusťte ho dvojklikem na OTM.exe, pokud to nepůjde, zkuste to s adminskými právy.

Do levého okna 'Paste Instructions for Items to be Moved' vkopírujte následující skript:

Kód: Vybrat vše

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-

:files
C:\PROGRA~1\ICQTOO~1

:commands
[emptytemp]
[reboot]

Poté klikněte na červené tlačítko 'MoveIt!'.
V zeleném okně vpravo by se měl zobrazit log, ten vkopírujete sem do fóra.
Pokud se zobrazí hláška k restartování, klikněte na Yes.
Po restartu se log otevře sám, nebo ho najdete v C:\_OTM\MovedFiles

2) Odinstalace ComboFixu

Proklikejte se přes Start do Spustit [klávesová zkratka je Win+R].
Do textového pole napište:
Kód: Vybrat vše
```
ComboFix /Uninstall
```
Stiskněte Enter.
Spustí se odinstalace ComboFixu, která smaže všechny jeho součásti.

3) Malwarebytes' Anti-Malware

Stáhněte MbAM a postupujte podle popisu.
Zatím nic nemažte, MbAM má občas falešné detekce.
Poté mi sem vložte log ve formě textu.

4) Jak se chová PC?

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== FILES ==========
C:\PROGRA~1\ICQToolbar\Cache folder moved successfully.
C:\PROGRA~1\ICQToolbar folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: electroworld
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 382923718 bytes
->Java cache emptied: 56176442 bytes
->Google Chrome cache emptied: 13760476 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 79720 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13142880 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 445,00 mb

OTM by OldTimer - Version 3.1.8.0 log created on 02152010_100939

Files moved on Reboot...
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Nový RSIT log.

Stále mi to projíždí ten MbAM, jinak počítač se chová normálně

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3741
Windows 6.0.6000
Internet Explorer 7.0.6000.16982

15.2.2010 12:06:18
mbam-log-2010-02-15 (12-06-18).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 246347
Uplynulý čas: 1 hour(s), 21 minute(s), 21 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Logfile of random's system information tool 1.06 (written by random/random)
Run by electroworld at 2010-02-15 12:10:58
Microsoft® Windows Vista™ Home Premium
System drive C: has 24 GB (27%) free of 90 GB
Total RAM: 1015 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:11, on 15.2.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\EasyOffice\EasySpeller.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\electroworld\AppData\Local\Seznam.cz\postak.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\electroworld\Desktop\RSIT.exe
C:\Program Files\trend micro\electroworld.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EasySpeller] C:\Program Files\EasyOffice\EasySpeller.exe -n
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Seznam Postak] "C:\Users\electroworld\AppData\Local\Seznam.cz\postak.exe" -s
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5034
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Hlede&j v ČR - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v &encyklopedii - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5108
O8 - Extra context menu item: Hledej ve &světě - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5035
O8 - Extra context menu item: Hledej ve &zboží - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5107
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8183F4B-7821-418A-815D-4C229E2D79E9}: NameServer = 160.218.10.200 160.218.43.200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c9d0c84dd3c2d0) (gupdate1c9d0c84dd3c2d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: O2 Flash Memory Service (O2Flash) - O2Micro International - C:\Program Files\O2Micro\o2flash.exe
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\Windows\Installer\MSI83AA.tmp

--
End of file - 8434 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{5061B87D-5249-4148-8A79-E5C2592BDFDC}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-31 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-12-27 806912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-28 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CE-3093-459C-B764-AEB2486F2273} - &Seznam Lištička - C:\Program Files\Seznam\Listicka\Toolbar.dll [2007-11-04 793960]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-12-27 806912]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-30 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-03-25 1006264]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-11-06 98304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-11-06 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-11-06 81920]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-09-29 151552]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-29 4317184]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-10-09 729088]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-22 815104]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"EasySpeller"=C:\Program Files\EasyOffice\EasySpeller.exe [2004-08-19 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-03-25 1232896]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]
"Seznam Postak"=C:\Users\electroworld\AppData\Local\Seznam.cz\postak.exe [2009-11-02 448664]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-11-06 212992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.txt - open - C:\Program Files\EasyOffice\EASYPAD.EXE "%1"

======List of files/folders created in the last 1 months======

2010-02-15 10:42:30 ----D---- C:\Users\electroworld\AppData\Roaming\Malwarebytes
2010-02-15 10:42:22 ----D---- C:\ProgramData\Malwarebytes
2010-02-15 10:42:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-15 10:09:39 ----D---- C:\_OTM
2010-02-14 18:08:38 ----D---- C:\Program Files\trend micro
2010-02-14 18:08:37 ----D---- C:\rsit
2010-02-14 17:35:37 ----A---- C:\ComboFix.txt
2010-02-14 17:22:42 ----SHD---- C:\$RECYCLE.BIN
2010-02-14 12:44:40 ----A---- C:\Windows\zip.exe
2010-02-14 12:44:40 ----A---- C:\Windows\SWXCACLS.exe
2010-02-14 12:44:40 ----A---- C:\Windows\SWSC.exe
2010-02-14 12:44:40 ----A---- C:\Windows\SWREG.exe
2010-02-14 12:44:40 ----A---- C:\Windows\sed.exe
2010-02-14 12:44:40 ----A---- C:\Windows\PEV.exe
2010-02-14 12:44:40 ----A---- C:\Windows\NIRCMD.exe
2010-02-14 12:44:40 ----A---- C:\Windows\MBR.exe
2010-02-14 12:44:40 ----A---- C:\Windows\grep.exe
2010-02-14 12:44:30 ----D---- C:\Windows\ERDNT
2010-02-14 12:38:51 ----D---- C:\Qoobox
2010-02-14 12:34:01 ----A---- C:\Windows\system32\tcpipcfg.dll
2010-02-14 12:34:01 ----A---- C:\Windows\system32\netiougc.exe
2010-02-14 12:33:42 ----A---- C:\Windows\system32\quartz.dll
2010-02-14 12:33:42 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-14 12:33:41 ----A---- C:\Windows\system32\msyuv.dll
2010-02-14 12:33:41 ----A---- C:\Windows\system32\msrle32.dll
2010-02-14 12:33:40 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-14 12:33:39 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-14 12:33:39 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-14 12:33:39 ----A---- C:\Windows\system32\avifil32.dll
2010-02-14 12:33:38 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-14 12:33:38 ----A---- C:\Windows\system32\avicap32.dll
2010-02-04 15:41:06 ----A---- C:\Windows\system32\prospeed_bmp2jpg.dll
2010-02-04 15:40:46 ----D---- C:\Program Files\erobottle46
2010-02-04 15:40:37 ----D---- C:\Windows\uninstall
2010-02-01 11:40:40 ----D---- C:\Program Files\PROFIT
2010-01-29 19:02:26 ----D---- C:\Users\electroworld\AppData\Roaming\Anix Software
2010-01-29 19:00:22 ----D---- C:\Program Files\Common Files\Anix Shared
2010-01-29 19:00:19 ----D---- C:\Program Files\Slide Show Pilot
2010-01-22 08:54:32 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 08:54:29 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 08:54:27 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 08:54:26 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 08:54:25 ----A---- C:\Windows\system32\mstime.dll
2010-01-22 08:54:23 ----A---- C:\Windows\system32\ieapfltr.dll
2010-01-22 08:54:22 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 08:54:21 ----A---- C:\Windows\system32\occache.dll
2010-01-22 08:54:21 ----A---- C:\Windows\system32\iertutil.dll
2010-01-22 08:54:21 ----A---- C:\Windows\system32\dxtmsft.dll
2010-01-22 08:54:20 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-22 08:54:19 ----A---- C:\Windows\system32\mshtmled.dll
2010-01-22 08:54:19 ----A---- C:\Windows\system32\ieaksie.dll
2010-01-22 08:54:19 ----A---- C:\Windows\system32\icardie.dll
2010-01-22 08:54:19 ----A---- C:\Windows\system32\dxtrans.dll
2010-01-22 08:54:18 ----A---- C:\Windows\system32\ieencode.dll
2010-01-22 08:54:17 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-22 08:54:16 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 08:54:16 ----A---- C:\Windows\system32\iernonce.dll
2010-01-22 08:54:16 ----A---- C:\Windows\system32\advpack.dll
2010-01-22 08:54:16 ----A---- C:\Windows\system32\admparse.dll
2010-01-22 08:54:15 ----A---- C:\Windows\system32\pngfilt.dll
2010-01-22 08:54:15 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-22 08:54:15 ----A---- C:\Windows\system32\iesetup.dll
2010-01-22 08:54:15 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-22 08:54:14 ----A---- C:\Windows\system32\ieakui.dll
2010-01-22 08:54:12 ----A---- C:\Windows\system32\mshtmler.dll

======List of files/folders modified in the last 1 months======

2010-02-15 12:11:09 ----D---- C:\Windows\Prefetch
2010-02-15 12:10:55 ----D---- C:\Windows\Temp
2010-02-15 11:31:39 ----D---- C:\Users\electroworld\AppData\Roaming\Skype
2010-02-15 10:42:24 ----D---- C:\Windows\system32\drivers
2010-02-15 10:42:22 ----RD---- C:\Program Files
2010-02-15 10:42:22 ----D---- C:\ProgramData
2010-02-15 10:16:59 ----D---- C:\Windows\tracing
2010-02-15 09:11:47 ----D---- C:\Users\electroworld\AppData\Roaming\skypePM
2010-02-15 03:25:22 ----D---- C:\Windows\winsxs
2010-02-15 03:24:16 ----D---- C:\Windows\system32\catroot
2010-02-15 03:21:06 ----D---- C:\Windows\system32\migration
2010-02-15 03:21:06 ----D---- C:\Windows\System32
2010-02-15 03:21:06 ----D---- C:\Program Files\Windows Mail
2010-02-15 03:01:14 ----SHD---- C:\System Volume Information
2010-02-14 20:54:25 ----D---- C:\Windows\system32\config
2010-02-14 20:54:07 ----D---- C:\Windows\system32\spool
2010-02-14 20:54:07 ----D---- C:\Windows\system32\CodeIntegrity
2010-02-14 20:54:06 ----D---- C:\Windows\inf
2010-02-14 20:54:04 ----D---- C:\Windows\system32\wbem
2010-02-14 20:54:03 ----D---- C:\Windows\registration
2010-02-14 17:22:47 ----D---- C:\Windows
2010-02-14 17:22:46 ----A---- C:\Windows\system.ini
2010-02-14 17:19:42 ----D---- C:\Windows\Tasks
2010-02-14 17:16:50 ----D---- C:\Windows\AppPatch
2010-02-14 17:16:49 ----D---- C:\Program Files\Common Files
2010-02-14 12:05:52 ----D---- C:\Windows\system32\catroot2
2010-02-12 09:58:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe
2010-02-01 12:53:01 ----D---- C:\Users\electroworld\AppData\Roaming\Adobe
2010-01-31 11:42:55 ----D---- C:\Users\electroworld\AppData\Roaming\SolidDocuments
2010-01-31 09:22:53 ----SHD---- C:\Windows\Installer
2010-01-29 18:49:22 ----AD---- C:\ProgramData\TEMP
2010-01-22 12:37:00 ----D---- C:\Program Files\Internet Explorer
2010-01-21 16:12:14 ----D---- C:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R3 Axtmvflt;Axesstel USB Filter Service; C:\Windows\system32\DRIVERS\Axtmvflt.sys [2007-03-22 3456]
R3 Axtmvmdm;Axesstel USB Modem; C:\Windows\system32\DRIVERS\Axtmvmdm.sys [2007-03-26 40064]
R3 Axtmvprt;Axesstel Diagnostic Port; C:\Windows\System32\Drivers\Axtmvprt.sys [2007-03-26 38784]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-03-25 14208]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 1473024]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-02 1668456]
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-10-09 981504]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-22 181304]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\Windows\system32\DRIVERS\HPZid412.sys [2006-02-01 49664]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\Windows\system32\DRIVERS\HPZius12.sys [2006-02-01 21568]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 1473024]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 vmcam325av;Vimicro USB2.0 PC Camera(VC0323); C:\Windows\System32\Drivers\vmcam323av.sys [2007-03-27 232448]
S3 vvftav323;vvftav323; C:\Windows\system32\drivers\vvftav323.sys [2007-03-27 475136]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 81920]
R2 O2Flash;O2 Flash Memory Service; C:\Program Files\O2Micro\o2flash.exe [2006-10-19 65536]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool; C:\Windows\Installer\MSI83AA.tmp [2010-01-05 189760]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 gupdate1c9d0c84dd3c2d0;Google Update Service (gupdate1c9d0c84dd3c2d0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-09 133104]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

Dokončíme.

1) Fixnutí v HJT

Spusťte přejmenované HijackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_uzivatele.exe
Klikněte na 'Do a system scan only'.

U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

Pokud by tam nějaká položka nebyla, vynechte ji.

2) Odinstalace ComboFixu

Proklikejte se přes Start do Spustit [klávesová zkratka je Win+R].
Do textového pole napište:
Kód: Vybrat vše
```
ComboFix /Uninstall
```
Stiskněte Enter.
Spustí se odinstalace ComboFixu, která smaže všechny jeho součásti.

3) OTCleaner

Stáhněte OTC a dvojklikem ho spusťte.
Vyskočí okénko, kde kliknete na 'CleanUp!'.
Potvrdíte kliknutím na 'Yes'.
Poté se ještě zeptá, zda chcete restartovat PC - to proveďte opět kliknutím na 'Yes'.

4) CCleaner

Stáhněte si program jménem CCleaner.
Normálně nainstalujte, jen dávejte pozor a odškrtněte položku 'Instalovat Yahoo! Toolbar'.
Spusťte ho.
- Záložka Čistič → nechte zatrženo vše, jak je, a klikněte na 'Spustit CCleaner'.
- Záložka Registry → klikněte na 'Hledej problémy'. Vyhledá problémy v registru, až dokončí analyzování, klikněte na 'Opravit vybrané problémy'. Nabídne Vám vytvoření zálohy - pro jistotu ji vytvořte a uložte například na Plochu.
CCleaner doporučuji používat pravidelně, celkem rapidně dokáže zrychlit PC.

5) Defragmentace

Defragmentujte disk.
Lze to udělat několika způsoby ↓
- Přes defragmentaci integrovanou ve Windows [Start → Spustit → dfrg.msc → Enter]. Toto není příliš účinný způsob.
- Přes jednoduchý a přehledný program jménem Defraggler.
- Přes geniální program, který se nemusí instalovat a je hodně jednoduchý - JKDefrag.

6) FileHippo.com UpdateChecker

Během procesu čištění jsem zvyklý odstraňovat zbytečné aplikace spouštěné po startu.
Mezi ně patří například Java Update. Nesmyslně užírá RAM paměť jelikož neustále sonduje, zda není novější verze.
Abyste měl/a přehled o aktualizacích, doporučuji stáhnout program FileHippo.com UpdateChecker.
- Běžně ho nainstalujte.
- Spouštějte ho například jednou až dvakrát týdně.
- Přehledně zobrazí všechny programy, které jsou neaktualizované, nabídne stažení novější verze (což doporučuji).

7) Nový RSIT log.

Uf tak jdu na to, a já myslela, že už je to v cajku

VIRY.CZ

Security tool prosím o pomoc

Re: Security tool prosím o pomoc

Re: Security tool prosím o pomoc

Re: Security tool prosím o pomoc

Re: Security tool prosím o pomoc

Re: Security tool prosím o pomoc

Re: Security tool prosím o pomoc

Re: Security tool prosím o pomoc

Re: Security tool prosím o pomoc

Re: Security tool prosím o pomoc

Re: Security tool prosím o pomoc

Re: Security tool prosím o pomoc

Re: Security tool prosím o pomoc

Re: Security tool prosím o pomoc

Re: Security tool prosím o pomoc

Re: Security tool prosím o pomoc