Zpomalené PC, nefunkční RSIT

[basto]

Zdravím,
mám neuvěřitelně pomalý počítač, právě jsem ho odviroval od asi 40 virů, ale moc se to nezlepšilo. Chtěl jsem udělat log z RSIT, ale po spuštění a kliku na "Continue" mi to vyhodí error:

Kód: Vybrat vše

Autolt Error
Line 3899 (File: "C:\Documents and Settings\Pavel\Plocha\RSIT.exe"):
Error: The requested action with this object has failed

Co s tím? Chtěl jsem vložit log, ale nejde to. Díky za pomoc!

Edit: RSIT pouštím v nouzovém režimu a podobný problém mi to dělá i když chci nainstalovat defragmentační program - to mi zase háže nějaký NSIS error a instalačka nejde spustit.

[Rudy]

Zkuste kompletní sken MBAM: http://www.malwarebytes.org/mbam.php . Dejte log, předem nic nemažte.

[basto]

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 5228

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

1.12.2010 19:40:56
mbam-log-2010-12-01 (19-40-46).txt

Typ kontroly: Rychlý test
Testované objekty: 130888
Uplynulý čas: 14 minut, 10 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 95
Infikované hodnoty v registru: 4
Infikované datové položky v registru: 1
Infikované složky: 34
Infikované soubory: 61

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\AppID\243B60DF-796C-409E-BE55-0AD5C9710BA4 (Adware.Platrium) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{8F15442D-92FE-472C-93BC-C7D9C1E0FE2A} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{DBD6316E-2871-4378-B894-3276DF921ADE} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{E25B51BE-819E-4693-B72C-C1C01E12E7E2} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{F12D25DA-B90A-4C8B-968C-221878A9CD8F} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{09325003-167C-483D-A4BA-8B3122ABB432} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{396CFC12-932D-496B-A0A8-5D7201E105E1} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{60DA826C-B1C6-4358-BDEC-4837CED45470} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6DD76B7B-6423-4DF0-9A07-84A6CAD973A0} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{74C22317-5B90-471F-9AD2-FEC049870A16} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7F6CFB6A-9227-4BB8-B941-F2B067E76F51} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{27A90E95-97DA-4FC0-9713-97A2C55829DB} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63441363-D980-4D3A-8D17-591E8755DDF7} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReportsAX.UserProfiles.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReportsAX.UserProfiles (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4D03-A0CF-8203604C3DA6} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{AB0EE208-DF60-4FA7-A617-C4269760033E} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{C1089F63-7AFC-4538-B0EB-BEA0F4225A57} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.ScopeExternal.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.ScopeExternal (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47CE-A5BB-9C935E77B59D} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4A29-A940-60248385F426} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReportsAX.ClientDetector.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReportsAX.ClientDetector (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483C-A137-731E8F113DD5} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{DEE758B4-C3FB-4A5B-9939-848B9C77A2FB} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{E12AEAB6-7D12-4C07-8E36-5892EFB4DAFB} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{E2F2C137-A782-4FB5-81AF-086156F5EB0A} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{F3A32DF2-7413-4FB1-B575-1AC920A17B76} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{243B60DF-796C-409E-BE55-0AD5C9710BA4} (Adware.Platrium) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9D4E4F42-ADD2-4E61-9AB7-6029855CFB9E} (Adware.Platrium) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7C69A192-458D-40f0-B05A-52C5DF22EB8D} (Adware.Platrium) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDDBB5EE-BB64-4bfc-9DBE-E7C85941335B} (Adware.Zango) -> No action taken.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> No action taken.
HKEY_CLASSES_ROOT\AppID\bc.DLL (Adware.Platrium) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> No action taken.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AdVantage (Adware.Vomba) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{602D9049-B4AC-4A25-BF75-A9B54D747CBA} (Adware.Advantage) -> No action taken.
HKEY_CLASSES_ROOT\TR.TRFactory.1 (Adware.Advantage) -> No action taken.
HKEY_CLASSES_ROOT\TR.TRFactory (Adware.Advantage) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{DABF362D-D442-4402-9208-CA9ED70DD01E} (Adware.Advantage) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5AC3A9EF-C0F8-41D4-B4E2-B7CEBB794151} (Adware.Advantage) -> No action taken.

Infikované hodnoty v registru:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSConfig (Trojan.Agent) -> Value: MSConfig -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\NVIDIA driver monitor (Malware.Trace) -> Value: NVIDIA driver monitor -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Worm.Palevo) -> Value: Taskman -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe "C:\DOCUME~1\Pavel\LOCALS~1\Temp\ktcg.mqo" svtiqf) Good: (Explorer.exe) -> No action taken.

Infikované složky:
c:\documents and settings\all users\data aplikací\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> No action taken.
c:\documents and settings\all users\data aplikací\b3e85faa-c316-40e0-bb3c-bf07959cab7a (Adware.Hotbar) -> No action taken.
c:\documents and settings\Pavel\data aplikací\Hotbar (Adware.Hotbar) -> No action taken.
c:\documents and settings\Pavel\data aplikací\Hotbar\Weather (Adware.Hotbar) -> No action taken.
c:\documents and settings\Pavel\data aplikací\Hotbar\Weather\weatherdpa (Adware.Hotbar) -> No action taken.
c:\documents and settings\Pavel\data aplikací\Hotbar\Weather\weatherdpa\weather_xml (Adware.Hotbar) -> No action taken.
c:\documents and settings\Pavel\data aplikací\Hotbar\Weather\weather_xml (Adware.Hotbar) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3 (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\cs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\cs\dwld (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\Firefox (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\Firefox\cs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\Firefox\cs\db (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\Firefox\cs\dwld (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\Firefox\cs\report (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\Firefox\cs\res2 (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\IE (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\IE\cs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\IE\cs\db (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\IE\cs\dwld (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\IE\cs\report (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\IE\cs\res1 (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\weatherdpa (Adware.Hotbar) -> No action taken.
c:\program files\advantage (Adware.Advantage) -> No action taken.
c:\program files\shopperreports3 (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0 (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\firefox (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\Hotbar (Adware.Hotbar) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\shopperreports (Adware.ShopperReports) -> No action taken.

Infikované soubory:
c:\program files\shopperreports3\bin\3.0.186.0\Pltfrm.dll (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\mozillaps.dll (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\CmndFF.dll (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\shopperreportssaax.dll (Adware.Hotbar) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\cntntcntr.dll (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\BRNstIE.dll (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\bc.dll (Adware.Platrium) -> No action taken.
c:\documents and settings\Pavel\local settings\Temp\733516.exe (Trojan.Oficla) -> No action taken.
c:\documents and settings\Pavel\local settings\Temp\9160.exe (Trojan.Oficla) -> No action taken.
c:\documents and settings\Pavel\local settings\Temp\9547626.exe (Trojan.Oficla) -> No action taken.
c:\documents and settings\all users\data aplikací\common.data (Malware.Trace) -> No action taken.
c:\documents and settings\Pavel\data aplikací\juzjf.exe (Worm.Palevo) -> No action taken.
c:\WINDOWS\system32\secupdat.dat (Backdoor.Bot) -> No action taken.
c:\documents and settings\Pavel\secupdat.dat (Worm.Autorun) -> No action taken.
c:\documents and settings\Pavel\sypga.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\Pavel\data aplikací\Hotbar\Weather\history (Adware.Hotbar) -> No action taken.
c:\documents and settings\Pavel\data aplikací\Hotbar\Weather\weatherstartup.xml (Adware.Hotbar) -> No action taken.
c:\documents and settings\Pavel\data aplikací\Hotbar\Weather\weatherdpa\Links (Adware.Hotbar) -> No action taken.
c:\documents and settings\Pavel\data aplikací\Hotbar\Weather\weatherdpa\weatherpreferences (Adware.Hotbar) -> No action taken.
c:\documents and settings\Pavel\data aplikací\Hotbar\Weather\weatherdpa\weather_xml\Display (Adware.Hotbar) -> No action taken.
c:\documents and settings\Pavel\data aplikací\Hotbar\Weather\weatherdpa\weather_xml\Loading (Adware.Hotbar) -> No action taken.
c:\documents and settings\Pavel\data aplikací\Hotbar\Weather\weatherdpa\weather_xml\screen2 (Adware.Hotbar) -> No action taken.
c:\documents and settings\Pavel\data aplikací\Hotbar\Weather\weather_xml\Default (Adware.Hotbar) -> No action taken.
c:\documents and settings\Pavel\data aplikací\Hotbar\Weather\weather_xml\Genera1 (Adware.Hotbar) -> No action taken.
c:\documents and settings\Pavel\data aplikací\Hotbar\Weather\weather_xml\General (Adware.Hotbar) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\Firefox\cs\Config.xml (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\Firefox\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\Firefox\cs\db\Sites.dbs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\Firefox\cs\dwld\whitelist.xip (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\Firefox\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\Firefox\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\Firefox\cs\res2\whitelist.dbs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\IE\cs\Config.xml (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\IE\cs\dwld\whitelist.xip (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> No action taken.
c:\documents and settings\Pavel\data aplikací\shopperreports3\IE\cs\res1\whitelist.dbs (Adware.ShopperReports) -> No action taken.
c:\program files\advantage\advantage.db (Adware.Advantage) -> No action taken.
c:\program files\advantage\advantage.htm (Adware.Advantage) -> No action taken.
c:\program files\advantage\advuninst.exe (Adware.Advantage) -> No action taken.
c:\program files\advantage\ffext.mod (Adware.Advantage) -> No action taken.
c:\program files\advantage\TR.dll (Adware.Advantage) -> No action taken.
c:\program files\advantage\user.db (Adware.Advantage) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\copyright.txt (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\link.ico (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\shopperreports.dll (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\shopperreportssahook.dll (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> No action taken.
c:\program files\shopperreports3\bin\3.0.186.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\Hotbar\about hotbar.lnk (Adware.Hotbar) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\Hotbar\hotbar games!.lnk (Adware.Hotbar) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\Hotbar\hotbar videos!.lnk (Adware.Hotbar) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\shopperreports\About Us.lnk (Adware.ShopperReports) -> No action taken.
c:\documents and settings\all users\nabídka start\Programy\shopperreports\customer support.lnk (Adware.ShopperReports) -> No action taken.

[Rudy]

Vše, co MBAM nalezl, smažte. Pak se pokuste znovu o RSIT.

[basto]

Smazáno, ale stále to hlásí stejný error. Chcete screen?

[Rudy]

Screen netřeba. Dejte log z ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[basto]

RSIT stále nespustitelné...

ComboFix 10-11-30.09 - Pavel 01.12.2010 21:06:06.2.1 - x86
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Drivers\uipmfsla.sys
F:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_uipmfsla
-------\Service_uipmfsla


((((((((((((((((((((((((( Soubory vytvořené od 2010-11-01 do 2010-12-01 )))))))))))))))))))))))))))))))
.

2010-12-01 18:25 . 2010-12-01 18:25 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\Malwarebytes
2010-12-01 18:24 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-01 18:24 . 2010-12-01 18:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-01 18:24 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-01 18:24 . 2010-12-01 18:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-01 16:52 . 2010-12-01 16:52 315392 ----a-w- c:\windows\system32\joohoucun.exe
2010-11-30 17:35 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{4FC541B6-6362-49A9-A009-9B8873092990}\mpengine.dll
2010-11-30 16:35 . 2010-12-01 16:52 315392 ----a-w- c:\windows\system32\desesadoj.exe
2010-11-25 14:12 . 2010-12-01 16:52 315392 ----a-w- c:\windows\system32\tuquofevyd.exe
2010-11-21 18:09 . 2010-11-21 18:09 214 ----a-w- C:\wifi32.exe
2010-11-21 11:06 . 2010-11-21 11:21 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\AskToolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-01 20:13 . 2009-08-13 13:07 0 ----a-w- c:\documents and settings\Pavel\ntuser.tmp
2010-11-10 04:33 . 2007-09-27 15:44 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-10-19 09:41 . 2009-10-03 07:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 10:23 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-07 15:12 . 2010-09-20 17:06 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-09-20 09:48 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-09-20 09:49 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-09-20 09:49 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-09-20 09:49 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-09-20 09:49 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-09-20 09:49 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-09-20 09:49 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-09-20 09:49 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 761945]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-21 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-21 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-21 138008]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-03-30 342528]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-14 850704]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-05-24 475136]
"TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" [2007-05-15 3975848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"rimmam"="c:\windows\system32\tuquofevyd.exe" [2010-12-01 315392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"ePower_DMC"=c:\acer\Empowering Technology\ePower\ePower_DMC.exe
"Acer ePresentation HPD"=c:\acer\Empowering Technology\ePresentation\ePresentation.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=

R2 bohqzlid;bohqzlid; [x]
R2 caosaitl;caosaitl; [x]
R2 corivubf;corivubf; [x]
R2 czduluyn;czduluyn; [x]
R2 dccpizah;dccpizah; [x]
R2 dnyzcohj;dnyzcohj; [x]
R2 dukfjqte;dukfjqte; [x]
R2 dvnwtixc;dvnwtixc; [x]
R2 eitmvcie;eitmvcie; [x]
R2 fqxkzxox;fqxkzxox; [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 135664]
R2 hlbilcac;hlbilcac; [x]
R2 hnfdtzwq;hnfdtzwq; [x]
R2 hpolcvay;hpolcvay; [x]
R2 huhazogx;huhazogx; [x]
R2 ipfjbuat;ipfjbuat; [x]
R2 jcbgvjjt;jcbgvjjt; [x]
R2 jrhkdwxm;jrhkdwxm; [x]
R2 kaltwjfv;kaltwjfv; [x]
R2 khhmgupu;khhmgupu; [x]
R2 kqivccle;kqivccle; [x]
R2 lgyvqxtq;lgyvqxtq; [x]
R2 lswsundi;lswsundi; [x]
R2 ltcswlvy;ltcswlvy; [x]
R2 lwetizmt;lwetizmt; [x]
R2 mfxsbrnd;mfxsbrnd; [x]
R2 mzetiimj;mzetiimj; [x]
R2 nbelpzbe;nbelpzbe; [x]
R2 nhfvspoq;nhfvspoq; [x]
R2 nmxeoufy;nmxeoufy; [x]
R2 npeamrqh;npeamrqh; [x]
R2 npmqkahp;npmqkahp; [x]
R2 nqeuwjtx;nqeuwjtx; [x]
R2 nslzscku;nslzscku; [x]
R2 nuxrasuy;nuxrasuy; [x]
R2 orncnbtq;orncnbtq; [x]
R2 osfcifrl;osfcifrl; [x]
R2 oufljycr;oufljycr; [x]
R2 pcfjeggv;pcfjeggv; [x]
R2 pczaebgp;pczaebgp; [x]
R2 pfwwmreq;pfwwmreq; [x]
R2 punagqnm;punagqnm; [x]
R2 qaegvkrt;qaegvkrt; [x]
R2 qljyblun;qljyblun; [x]
R2 qpgeauzd;qpgeauzd; [x]
R2 qyxknpnf;qyxknpnf; [x]
R2 rntzxtcj;rntzxtcj; [x]
R2 rxjycatd;rxjycatd; [x]
R2 rxyqfdux;rxyqfdux; [x]
R2 satttlho;satttlho; [x]
R2 sckujrno;sckujrno; [x]
R2 scuirxot;scuirxot; [x]
R2 srnzgvdp;srnzgvdp; [x]
R2 tmdjjeup;tmdjjeup; [x]
R2 txtdlspl;txtdlspl; [x]
R2 uadttnng;uadttnng; [x]
R2 uicilsfx;uicilsfx; [x]
R2 uqkcdbas;uqkcdbas; [x]
R2 uynterdr;uynterdr; [x]
R2 vbsbdjrq;vbsbdjrq; [x]
R2 vrjroumz;vrjroumz; [x]
R2 vvtcnzbz;vvtcnzbz; [x]
R2 vzuhcrny;vzuhcrny; [x]
R2 wqorixtf;wqorixtf; [x]
R2 xaifsdci;xaifsdci; [x]
R2 xbovsbtu;xbovsbtu; [x]
R2 xdwmnopx;xdwmnopx; [x]
R2 xgsqkyoa;xgsqkyoa; [x]
R2 xrufjmka;xrufjmka; [x]
R2 xtnewzda;xtnewzda; [x]
R2 ylolemld;ylolemld; [x]
R2 yuoaishw;yuoaishw; [x]
R2 zcasbfvo;zcasbfvo; [x]
R2 zewbojie;zewbojie; [x]
R2 zhhqmjbr;zhhqmjbr; [x]
R2 zmornlve;zmornlve; [x]
R3 pvurpwsn;pvurpwsn;c:\windows\System32\Drivers\pvurpwsn.sys [x]
R3 xaeeegel;xaeeegel;c:\windows\System32\Drivers\xaeeegel.sys [x]
S1 aswSP;aswSP; [x]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
S2 aswFsBlk;aswFsBlk; [x]
S2 iayeiaeuy;BsHelpCS;c:\windows\system32\desesadoj.exe [2010-12-01 315392]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-11-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 18:35]

2010-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 16:22]

2010-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 16:22]

2010-12-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-12-01 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 20:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://googleure.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\p76bgmi8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PTV2&o=15851&locale=en_EU&apn_uid=17364013-532D-4A4D-BED4-9DB3FA6E86B9&apn_ptnrs=H3&apn_sauid=D6255A88-D870-43D9-B989-7574C8707E43&apn_dtid=YYYYYYYYCZ&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: ÄŚeskĂ© slovnĂ­ky pro kontrolu pravopisu: cs@dictionaries.addons.mozilla.org - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\p76bgmi8.default\extensions\cs@dictionaries.addons.mozilla.org
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\p76bgmi8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: PandoraTV Toolbar: toolbar@ask.com - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\p76bgmi8.default\extensions\toolbar@ask.com
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-uipmfsla.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-01 21:16
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1300)
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\MFC71U.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\docume~1\Pavel\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2010-12-01 21:23:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-01 20:23
ComboFix2.txt 2010-08-15 15:13

Před spuštěním: 1 147 502 592
Po spuštění: 1 112 326 144

- - End Of File - - 95A74BBA5231D1E13580FA49ADDD2EA3

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\system32\joohoucun.exe
c:\windows\system32\desesadoj.exe
c:\windows\system32\tuquofevyd.exe
C:\wifi32.exe
c:\documents and settings\Pavel\Local Settings\Data aplikací\AskToolbar
c:\windows\System32\Drivers\pvurpwsn.sys
c:\windows\System32\Drivers\xaeeegel.sys

Driver::
bohqzlid
caosaitl
corivubf
czduluyn
dccpizah
dnyzcohj
dukfjqte
dvnwtixc
eitmvcie
fqxkzxox
hlbilcac
hnfdtzwq
hpolcvay
huhazogx
ipfjbuat
jcbgvjjt
jrhkdwxm
kaltwjfv
khhmgupu
kqivccle
lgyvqxtq
lswsundi
ltcswlvy
lwetizmt
mfxsbrnd
mzetiimj
nbelpzbe
nhfvspoq
nmxeoufy
npeamrqh
npmqkahp
nqeuwjtx
nslzscku
nuxrasuy
orncnbtq
osfcifrl
oufljycr
pcfjeggv
pczaebgp
pfwwmreq
punagqnm
qaegvkrt
qljyblun
qpgeauzd
qyxknpnf
rntzxtcj
rxjycatd
rxyqfdux
satttlho
sckujrno
scuirxot
srnzgvdp
tmdjjeup
txtdlspl
uadttnng
uicilsfx
uqkcdbas
uynterdr
vbsbdjrq
vrjroumz
vvtcnzbz
vzuhcrny
wqorixtf
xaifsdci
xbovsbtu
xdwmnopx
xgsqkyoa
xrufjmka
xtnewzda
ylolemld
yuoaishw
zcasbfvo
zewbojie
zhhqmjbr
zmornlve
pvurpwsn
xaeeegel
iayeiaeuy

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rimmam"=-

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[basto]

ComboFix 10-12-01.01 - Pavel 02.12.2010 18:50:03.3.1 - x86
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení

file zipped: C:\wifi32.exe
file zipped: c:\windows\system32\joohoucun.exe
file zipped: c:\windows\system32\tuquofevyd.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\wifi32.exe
c:\windows\system32\joohoucun.exe
c:\windows\system32\tuquofevyd.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOHQZLID
-------\Legacy_CAOSAITL
-------\Legacy_CORIVUBF
-------\Legacy_CZDULUYN
-------\Legacy_DCCPIZAH
-------\Legacy_DNYZCOHJ
-------\Legacy_DUKFJQTE
-------\Legacy_DVNWTIXC
-------\Legacy_EITMVCIE
-------\Legacy_FQXKZXOX
-------\Legacy_HLBILCAC
-------\Legacy_HNFDTZWQ
-------\Legacy_HPOLCVAY
-------\Legacy_HUHAZOGX
-------\Legacy_IAYEIAEUY
-------\Legacy_IPFJBUAT
-------\Legacy_JCBGVJJT
-------\Legacy_JRHKDWXM
-------\Legacy_KALTWJFV
-------\Legacy_KHHMGUPU
-------\Legacy_KQIVCCLE
-------\Legacy_LGYVQXTQ
-------\Legacy_LSWSUNDI
-------\Legacy_LTCSWLVY
-------\Legacy_LWETIZMT
-------\Legacy_MFXSBRND
-------\Legacy_MZETIIMJ
-------\Legacy_NBELPZBE
-------\Legacy_NHFVSPOQ
-------\Legacy_NMXEOUFY
-------\Legacy_NPEAMRQH
-------\Legacy_NPMQKAHP
-------\Legacy_NQEUWJTX
-------\Legacy_NSLZSCKU
-------\Legacy_NUXRASUY
-------\Legacy_ORNCNBTQ
-------\Legacy_OSFCIFRL
-------\Legacy_OUFLJYCR
-------\Legacy_PCFJEGGV
-------\Legacy_PCZAEBGP
-------\Legacy_PFWWMREQ
-------\Legacy_PUNAGQNM
-------\Legacy_QAEGVKRT
-------\Legacy_QLJYBLUN
-------\Legacy_QPGEAUZD
-------\Legacy_QYXKNPNF
-------\Legacy_RNTZXTCJ
-------\Legacy_RXJYCATD
-------\Legacy_RXYQFDUX
-------\Legacy_SATTTLHO
-------\Legacy_SCKUJRNO
-------\Legacy_SCUIRXOT
-------\Legacy_SRNZGVDP
-------\Legacy_TMDJJEUP
-------\Legacy_TXTDLSPL
-------\Legacy_UADTTNNG
-------\Legacy_UICILSFX
-------\Legacy_UQKCDBAS
-------\Legacy_UYNTERDR
-------\Legacy_VBSBDJRQ
-------\Legacy_VRJROUMZ
-------\Legacy_VVTCNZBZ
-------\Legacy_VZUHCRNY
-------\Legacy_WQORIXTF
-------\Legacy_XAIFSDCI
-------\Legacy_XBOVSBTU
-------\Legacy_XDWMNOPX
-------\Legacy_XGSQKYOA
-------\Legacy_XRUFJMKA
-------\Legacy_XTNEWZDA
-------\Legacy_YLOLEMLD
-------\Legacy_YUOAISHW
-------\Legacy_ZCASBFVO
-------\Legacy_ZEWBOJIE
-------\Legacy_ZHHQMJBR
-------\Legacy_ZMORNLVE
-------\Service_bohqzlid
-------\Service_caosaitl
-------\Service_corivubf
-------\Service_czduluyn
-------\Service_dccpizah
-------\Service_dnyzcohj
-------\Service_dukfjqte
-------\Service_dvnwtixc
-------\Service_eitmvcie
-------\Service_fqxkzxox
-------\Service_hlbilcac
-------\Service_hnfdtzwq
-------\Service_hpolcvay
-------\Service_huhazogx
-------\Service_ipfjbuat
-------\Service_jcbgvjjt
-------\Service_jrhkdwxm
-------\Service_kaltwjfv
-------\Service_khhmgupu
-------\Service_kqivccle
-------\Service_lgyvqxtq
-------\Service_lswsundi
-------\Service_ltcswlvy
-------\Service_lwetizmt
-------\Service_mfxsbrnd
-------\Service_mzetiimj
-------\Service_nbelpzbe
-------\Service_nhfvspoq
-------\Service_nmxeoufy
-------\Service_npeamrqh
-------\Service_npmqkahp
-------\Service_nqeuwjtx
-------\Service_nslzscku
-------\Service_nuxrasuy
-------\Service_orncnbtq
-------\Service_osfcifrl
-------\Service_oufljycr
-------\Service_pcfjeggv
-------\Service_pczaebgp
-------\Service_pfwwmreq
-------\Service_punagqnm
-------\Service_pvurpwsn
-------\Service_qaegvkrt
-------\Service_qljyblun
-------\Service_qpgeauzd
-------\Service_qyxknpnf
-------\Service_rntzxtcj
-------\Service_rxjycatd
-------\Service_rxyqfdux
-------\Service_satttlho
-------\Service_sckujrno
-------\Service_scuirxot
-------\Service_srnzgvdp
-------\Service_tmdjjeup
-------\Service_txtdlspl
-------\Service_uadttnng
-------\Service_uicilsfx
-------\Service_uqkcdbas
-------\Service_uynterdr
-------\Service_vbsbdjrq
-------\Service_vrjroumz
-------\Service_vvtcnzbz
-------\Service_vzuhcrny
-------\Service_wqorixtf
-------\Service_xaeeegel
-------\Service_xaifsdci
-------\Service_xbovsbtu
-------\Service_xdwmnopx
-------\Service_xgsqkyoa
-------\Service_xrufjmka
-------\Service_xtnewzda
-------\Service_ylolemld
-------\Service_yuoaishw
-------\Service_zcasbfvo
-------\Service_zewbojie
-------\Service_zhhqmjbr
-------\Service_zmornlve


((((((((((((((((((((((((( Soubory vytvořené od 2010-11-02 do 2010-12-02 )))))))))))))))))))))))))))))))
.

2010-12-01 18:25 . 2010-12-01 18:25 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\Malwarebytes
2010-12-01 18:24 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-01 18:24 . 2010-12-01 18:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-12-01 18:24 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-01 18:24 . 2010-12-01 18:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-30 17:35 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{4FC541B6-6362-49A9-A009-9B8873092990}\mpengine.dll
2010-11-21 11:06 . 2010-11-21 11:21 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\AskToolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-01 20:13 . 2009-08-13 13:07 0 ----a-w- c:\documents and settings\Pavel\ntuser.tmp
2010-11-10 04:33 . 2007-09-27 15:44 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-10-19 09:41 . 2009-10-03 07:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 10:23 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:52 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-07 15:12 . 2010-09-20 17:06 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-09-20 09:48 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-09-20 09:49 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-09-20 09:49 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-09-20 09:49 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-09-20 09:49 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-09-20 09:49 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-09-20 09:49 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-09-20 09:49 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-02 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 761945]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-21 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-21 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-21 138008]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-03-30 342528]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-14 850704]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-05-24 475136]
"TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" [2007-05-15 3975848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"ePower_DMC"=c:\acer\Empowering Technology\ePower\ePower_DMC.exe
"Acer ePresentation HPD"=c:\acer\Empowering Technology\ePresentation\ePresentation.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 135664]
S1 aswSP;aswSP; [x]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
S2 aswFsBlk;aswFsBlk; [x]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-11-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 18:35]

2010-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 16:22]

2010-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 16:22]

2010-12-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-12-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-28 20:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://googleure.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\p76bgmi8.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PTV2&o=15851&locale=en_EU&apn_uid=17364013-532D-4A4D-BED4-9DB3FA6E86B9&apn_ptnrs=H3&apn_sauid=D6255A88-D870-43D9-B989-7574C8707E43&apn_dtid=YYYYYYYYCZ&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: ÄŚeskĂ© slovnĂ­ky pro kontrolu pravopisu: cs@dictionaries.addons.mozilla.org - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\p76bgmi8.default\extensions\cs@dictionaries.addons.mozilla.org
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\p76bgmi8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: PandoraTV Toolbar: toolbar@ask.com - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\p76bgmi8.default\extensions\toolbar@ask.com
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-02 18:59
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(736)
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\MFC71U.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\igfxext.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\docume~1\Pavel\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2010-12-02 19:04:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-02 18:04
ComboFix2.txt 2010-12-01 20:23
ComboFix3.txt 2010-08-15 15:13

Před spuštěním: 1 021 476 864
Po spuštění: 1 018 589 184

- - End Of File - - 0E82DB325DBAB06BA2326F6954FE4082

[Rudy]

Ještě maličkost. Stáhněte a spusťte Avenger: http://www.viry.cz/forum/viewtopic.php?f=15&t=19832 tímto skriptem:

Folders to delete:
c:\documents and settings\Pavel\Local Settings\Data aplikací\AskToolbar

[basto]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "c:\documents and settings\Pavel\Local Settings\Data aplikací\AskToolbar" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[Rudy]

Adresář byl smazán, PC již vypadá čistý. Nastala nějaká změna?

[basto]

Změna k lepšímu je viditelná, PC už se dá rozběhnout v normálním režimu. A to, že je pomalejší, už asi nebude chyba virů chtěl jsem se zeptat, jakou pravidelnou údržbu byste doporučil? A co mám dělat příště, když budu chtít např. preventivní kontrolu logů, když nefunguje RSIT?

[Rudy]

1. PC vyčistěte od balastu CCleanerem: http://www.viry.cz/forum/viewtopic.php?f=46&t=7478.
2. Pokud budete chtít si preventivně nechat zkontrolovat PC, dejte log z RSIT do sekce RSIT logy - preventivky.

[basto]

Jo to vím, jde o to, že ten RSIT přece nejde spustit... jinak díky hrozně moc za pomoc!