Zavirované PC

[toox]

Zdravim, kamarádovi sem v PC našel přes MBAM 14 trojanů. Jsou v karanténě. přikládám LOG z rsit


Logfile of random's system information tool 1.06 (written by random/random)
Run by Petr at 2010-12-30 15:55:17
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 86 GB (58%) free of 149 GB
Total RAM: 767 MB (31% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-10-06 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-02 1018616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-15 4390912]
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-06-20 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-20 92704]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
"eRecoveryService"= []
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-09-02 13351304]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-12-30 15:40:22 ----D---- C:\Program Files\trend micro
2010-12-30 15:40:20 ----D---- C:\rsit
2010-12-30 14:11:06 ----D---- C:\Users\Petr\AppData\Roaming\Malwarebytes
2010-12-30 14:10:54 ----D---- C:\ProgramData\Malwarebytes
2010-12-30 14:10:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-30 14:06:34 ----A---- C:\Windows\system32\TUProgSt.exe
2010-12-30 14:05:34 ----A---- C:\Windows\system32\uxtuneup.dll
2010-12-30 14:05:34 ----A---- C:\Windows\system32\authuitu.dll
2010-12-30 14:05:19 ----A---- C:\Windows\system32\TuneUpDefragService.exe
2010-12-30 14:04:13 ----D---- C:\Users\Petr\AppData\Roaming\TuneUp Software
2010-12-30 14:02:27 ----D---- C:\ProgramData\TuneUp Software
2010-12-30 14:02:27 ----D---- C:\Program Files\TuneUp Utilities 2009
2010-12-30 13:57:47 ----SHD---- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
2010-12-30 13:51:13 ----D---- C:\Program Files\CCleaner
2010-12-16 05:15:34 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-16 05:15:33 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-16 05:15:33 ----A---- C:\Windows\system32\taskschd.dll
2010-12-16 05:15:32 ----A---- C:\Windows\system32\taskeng.exe
2010-12-16 05:15:31 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-16 05:15:02 ----A---- C:\Windows\system32\consent.exe
2010-12-16 05:14:51 ----A---- C:\Windows\system32\atmfd.dll
2010-12-16 05:14:50 ----A---- C:\Windows\system32\atmlib.dll
2010-12-16 05:14:47 ----A---- C:\Windows\system32\fontsub.dll
2010-12-16 05:12:10 ----A---- C:\Windows\system32\tzres.dll
2010-12-16 05:05:32 ----A---- C:\Windows\system32\mstime.dll
2010-12-16 05:05:28 ----A---- C:\Windows\system32\ieframe.dll
2010-12-16 05:05:26 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-16 05:05:25 ----A---- C:\Windows\system32\mshtml.dll
2010-12-16 05:05:22 ----A---- C:\Windows\system32\ieapfltr.dll
2010-12-16 05:05:20 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-16 05:05:19 ----A---- C:\Windows\system32\wininet.dll
2010-12-16 05:05:17 ----A---- C:\Windows\system32\urlmon.dll
2010-12-16 05:05:16 ----A---- C:\Windows\system32\ieaksie.dll
2010-12-16 05:05:14 ----A---- C:\Windows\system32\iertutil.dll
2010-12-16 05:05:14 ----A---- C:\Windows\system32\iepeers.dll
2010-12-16 05:05:14 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-16 05:05:13 ----A---- C:\Windows\system32\occache.dll
2010-12-16 05:05:12 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-16 05:05:12 ----A---- C:\Windows\system32\ieencode.dll
2010-12-14 10:25:16 ----D---- C:\Users\Petr\AppData\Roaming\elefundesktops
2010-12-14 10:25:04 ----D---- C:\Program Files\EleFun Desktops
2010-12-14 10:17:19 ----D---- C:\Program Files\Prolific Publishing, Inc

======List of files/folders modified in the last 1 months======

2010-12-30 15:55:14 ----D---- C:\Windows\Temp
2010-12-30 15:40:22 ----RD---- C:\Program Files
2010-12-30 15:38:14 ----D---- C:\Windows\system32\drivers
2010-12-30 15:37:52 ----SHD---- C:\Config.Msi
2010-12-30 15:37:43 ----D---- C:\Windows\Microsoft.NET
2010-12-30 14:50:24 ----SHD---- C:\Windows\Installer
2010-12-30 14:50:20 ----RD---- C:\Program Files\Skype
2010-12-30 14:36:34 ----HD---- C:\ProgramData
2010-12-30 14:24:07 ----D---- C:\Windows\system32\Tasks
2010-12-30 14:06:48 ----D---- C:\Windows\Debug
2010-12-30 14:06:47 ----D---- C:\Windows\Prefetch
2010-12-30 14:06:47 ----D---- C:\Windows\Minidump
2010-12-30 14:06:47 ----D---- C:\Windows
2010-12-30 14:06:34 ----D---- C:\Windows\System32
2010-12-30 14:04:45 ----D---- C:\Windows\Tasks
2010-12-30 14:04:07 ----SD---- C:\Users\Petr\AppData\Roaming\Microsoft
2010-12-30 14:03:46 ----D---- C:\Users\Petr\AppData\Roaming\ICQ
2010-12-30 14:01:32 ----SHD---- C:\System Volume Information
2010-12-30 13:53:17 ----D---- C:\Windows\inf
2010-12-30 13:53:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-29 19:34:08 ----D---- C:\Program Files\Warcraft III
2010-12-29 19:03:48 ----D---- C:\Program Files\Garena
2010-12-22 23:41:17 ----D---- C:\Windows\system32\catroot2
2010-12-17 14:50:59 ----D---- C:\Windows\rescache
2010-12-17 14:39:21 ----D---- C:\Windows\winsxs
2010-12-17 14:20:05 ----D---- C:\Program Files\Windows Mail
2010-12-17 14:19:53 ----D---- C:\Program Files\Internet Explorer
2010-12-17 14:11:51 ----D---- C:\Windows\system32\cs-CZ
2010-12-17 14:11:01 ----D---- C:\Windows\system32\catroot
2010-12-17 13:59:55 ----A---- C:\Windows\system32\mrt.exe
2010-12-04 15:07:38 ----D---- C:\Windows\system32\WDI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 46672]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-14 1740904]
R3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-05-03 6144]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-20 7468128]
R3 Ph3xIB32;Philips 713x VU PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 194560]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\Petr\AppData\Local\Temp\GWYFFB2.tmp [2010-12-29 25616]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-06-06 25280]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-01-19 47360]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\Windows\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-01-31 53248]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-20 118784]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-06-08 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-06-12 202448]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2010-12-30 603904]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-25 182768]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2010-12-30 360192]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

díky za brzké vyřešení

[Marek-26]

Dobrý den,
poprosím o log z Combofixu. Postupujte dle tohoto:
http://www.bleepingcomputer.com/combofi ... t-combofix

[toox]

LOG
ComboFix 10-12-29.02 - Petr 30.12.2010 16:24:11.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.767.138 [GMT 1:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\\setup.exe
c:\program files\Setup.exe
c:\users\Petr\Silverlight.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-28 do 2010-12-30 )))))))))))))))))))))))))))))))
.

2010-12-30 15:38 . 2010-12-30 15:39 -------- d-----w- c:\users\Petr\AppData\Local\temp
2010-12-30 15:38 . 2010-12-30 15:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-30 14:40 . 2010-12-30 14:40 -------- d-----w- c:\program files\trend micro
2010-12-30 14:40 . 2010-12-30 14:40 -------- d-----w- C:\rsit
2010-12-30 13:11 . 2010-12-30 13:11 -------- d-----w- c:\users\Petr\AppData\Roaming\Malwarebytes
2010-12-30 13:10 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-30 13:10 . 2010-12-30 13:10 -------- d-----w- c:\programdata\Malwarebytes
2010-12-30 13:10 . 2010-12-30 13:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-30 13:06 . 2010-12-30 13:06 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2010-12-30 13:05 . 2008-12-11 12:31 17152 ----a-w- c:\windows\system32\authuitu.dll
2010-12-30 13:05 . 2008-12-11 12:31 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2010-12-30 13:05 . 2010-12-30 13:05 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-12-30 13:04 . 2010-12-30 13:04 -------- d-----w- c:\users\Petr\AppData\Roaming\TuneUp Software
2010-12-30 13:02 . 2010-12-30 13:04 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-12-30 13:02 . 2010-12-30 13:02 -------- d-----w- c:\programdata\TuneUp Software
2010-12-30 12:57 . 2010-12-30 12:57 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2010-12-30 12:51 . 2010-12-30 12:51 -------- d-----w- c:\program files\CCleaner
2010-12-28 18:11 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{25810EA4-1EEA-4A15-8155-F0932682BE98}\mpengine.dll
2010-12-16 04:15 . 2010-11-06 11:09 603648 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-16 04:15 . 2010-11-06 11:10 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-16 04:15 . 2010-11-06 11:10 357376 ----a-w- c:\windows\system32\taskschd.dll
2010-12-16 04:15 . 2010-11-05 00:53 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-16 04:15 . 2010-11-06 11:10 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-16 04:15 . 2010-10-12 13:52 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-16 04:15 . 2010-10-12 13:52 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-16 04:15 . 2010-10-12 15:48 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-16 04:15 . 2010-10-18 13:56 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-12-16 04:15 . 2010-10-18 14:01 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-16 04:14 . 2010-10-28 13:03 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-16 04:14 . 2010-10-28 15:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-16 04:14 . 2010-06-16 15:12 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-16 04:12 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 04:04 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-14 09:25 . 2010-12-14 09:25 2262648 ----a-w- c:\windows\system32\Flash9b.ocx
2010-12-14 09:25 . 2010-12-14 09:25 -------- d-----w- c:\users\Petr\AppData\Roaming\elefundesktops
2010-12-14 09:25 . 2010-12-14 09:25 -------- d-----w- c:\program files\EleFun Desktops
2010-12-14 09:25 . 2008-11-23 15:56 4863875 ----a-w- c:\windows\system32\Christmas Forest.scr
2010-12-14 09:17 . 2006-02-24 08:45 4833280 ----a-w- c:\windows\system32\SHARKS2.scr
2010-12-14 09:17 . 2010-12-14 09:17 -------- d-----w- c:\program files\Prolific Publishing, Inc

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-06 11:09 . 2010-12-16 04:15 603648 ----a-w- c:\windows\system32\schedsvc.dll
2010-10-19 09:41 . 2009-10-03 05:50 222080 ------w- c:\windows\system32\MpSigStub.exe
2008-03-17 02:42 . 2008-03-17 02:42 4366848 ----a-w- c:\program files\openofficeorg24.msi
2008-03-17 02:42 . 2008-03-17 02:42 1821008 ----a-w- c:\program files\instmsiw.exe
2008-03-17 02:42 . 2008-03-17 02:42 1707856 ----a-w- c:\program files\instmsia.exe
2008-12-25 13:05 . 2007-12-18 09:25 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-25 13:05 . 2007-12-18 09:25 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-25 13:05 . 2007-12-18 09:25 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-25 13:05 . 2007-12-18 09:25 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-25 13:05 . 2007-12-18 09:25 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-19 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-19 92704]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-5-3 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Acer Tour Reminder"=
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"Registry Cleaner"="c:\program files\Registry Cleaner Trial\Regclean.exe" -startminimize

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"w3dr.exe"=c:\program files\Warcraft III\w3dr.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GarenaPEngine;GarenaPEngine;c:\users\Petr\AppData\Local\Temp\GWYFFB2.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-11-20 685816]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
S3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-12-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.centrum.cz/?ms=ge
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{141D2E4F-F313-4991-B61A-EE5D6D849361} - http://bleskove.centrum.cz
IE: {{2A5CFB1C-AAA2-4760-8462-1B61CF74B7D8} - http://www.centrum.cz
IE: {{2BCB61BF-DC41-4738-A149-BDAAAD7FF0BD} - http://www.xchat.cz
IE: {{2E01031B-AB09-4455-823D-25F1A1C11F48} - http://aktualne.centrum.cz
IE: {{2F741D0A-150E-40F9-A602-1B2421475F1D} - http://slovniky.centrum.cz
IE: {{309176E6-E204-40A0-8D13-7F19C0498C40} - http://www.supermapy.cz
IE: {{49681216-5BF4-41A2-AAFA-129A6BD625DA} - http://mp3.centrum.cz/
IE: {{8B6E8E01-D262-4980-8C27-B8B2802285C1} - http://www.zena.cz
IE: {{8FD64249-590C-4FBC-B181-12A6BAF516AF} - http://www.fotoalba.cz
IE: {{A5050656-2286-454F-A489-C605ED1B461C} - http://pocasi.centrum.cz
IE: {{BC78516C-9DC9-40C5-A91E-74593222EF89} - http://sportplus.centrum.cz
IE: {{DAE865E8-970E-4931-A172-119CB56BBAF5} - http://www.digitalne.cz/
IE: {{FC29EB7D-EDBA-4299-AEE4-D1BDC70EFA15} - http://www.stahuj.cz/
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\qcgtff85.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-eRecoveryService - (no file)
HKU-Default-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
AddRemove-LifeGlobe Sharks, Terrors of the Deep 2_is1 - c:\program files\Prolific Publishing



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-30 16:39
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Petr\AppData\Local\Temp\GWYFFB2.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-12-30 16:44:30
ComboFix-quarantined-files.txt 2010-12-30 15:44

Před spuštěním: Volných bajtů: 90 168 356 864
Po spuštění: Volných bajtů: 89 778 520 064

- - End Of File - - DCB59B3C431801B32D3F197EFCCB3035

[Marek-26]

Odinstalujte ICQ6Toolbar a pokud nepoužíváte tak i Google Toolbar.
Jinak by měl být PC již čistý

Dejte Start -> Spustit a vepište

Kód: Vybrat vše

Combofix /uninstall

Poté ještě stáhněte T-Cleaner co mám v podpisu a spusťte ho