PC-HELP.CZ

Ahojky, mám takovou prosbu o pomoc s virem. Teprve včera jsem si přinesla nový počítač s již předinstalovanými Visty a ze svého externího USB HDD jsem si tam nainstalovala jen pár programů a najednou mi to večer hlásilo virus v operační paměti....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:06, on 6.12.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AAF9BEB-8993-423E-9CA8-D11949F2F3BA}: NameServer = 85.255.116.99;85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{54A69D07-CFA8-410B-A4AF-4CB0CA8F65D3}: NameServer = 85.255.116.99;85.255.112.133
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.99;85.255.112.133
O17 - HKLM\System\CS1\Services\Tcpip\..\{3AAF9BEB-8993-423E-9CA8-D11949F2F3BA}: NameServer = 85.255.116.99;85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.99;85.255.112.133
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 5447 bytes

▪ Stáhni Fixwareout z některého z odkazů a ulož ho na plochu:

http://www.edisk.cz/stahni/58387/FWO.rar_449.96KB.html


▪ Restartuj počítač do Nouzového režimu, toto není nutný krok, lze jej spustit i v standardním režimu, je však doporučený .
▪ Spusť Fixwareout, klikni na Next, dále na Install, ujisti se, že je zvolena možnost Run fixit a klikni na Finish
▪ Započne čistící proces, postupuj dle instrukcí
▪ V případě odolnějších variant bude vyžadován restart počítače, restartuj ho
▪ Počítač může trochu déle nabíhat, po vstupu do Windows by mělo vyběhnout okno s logem z Fixwareoutu, tento log vlož sem. Jestliže se výpis neobjeví, je možné ho najít v cestě C:\fixwareout\report.txt

Když mě ten čistící proces nejde, jdu podle návodu, ale po znáčknutí finishe se nic nestane a píše to tam nepodporovaná verze...zkusila jsem stáhnout i jinej soubor toho programu, ale bylo to stejné. Ju, a navíc po zkusení instalace Alcoholu 120% mi naběhla modrou smrt a od té doby to ode mne chce ovladač na PLUG and PLAY BIOS EXTENSION, souvisí to nějak s virem?

Zkus toto na vyčištění oper. paměti.
www.techsupportforum.com/sectools/sUBs/ ... fector.exe

Problém s tím nesouvisí.Zkus vypnout comp , odpojit síť. kabel, otevřít PC a vyndat na chvíli baterii.( Clear CMOS).

Pokud máš 32bit. verzi vista:
Vypni rez. ochranu u Avastu.
Stáhni si ComboFix (by sUBs)

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Pokud budou problémy, zkus v nouz. režimu.

Problémy naštěstí nebyli...tady dávám log

ComboFix 08-12-06.06 - Veronika 2008-12-07 7:15:22.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.1.1029.18.1197 [GMT 1:00]
Spuštěný z: c:\users\Veronika\Downloads\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\program files\Mozilla Firefox\components\iamfamous.dll
C:\resycled
c:\resycled\boot.com
c:\users\Veronika\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-11-07 do 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-06 19:08 . 2008-12-06 19:25 <DIR> d-------- C:\fixwareout
2008-12-06 18:40 . 2007-07-05 14:30 101,376 -ra------ c:\windows\System32\drivers\ewusbmdm.sys
2008-12-06 18:40 . 2006-09-16 14:26 23,424 -ra------ c:\windows\System32\drivers\ewdcsc.sys
2008-12-06 13:10 . 2008-12-06 13:10 <DIR> d-------- c:\program files\CCleaner
2008-12-06 09:38 . 2008-12-06 09:39 <DIR> d-------- c:\users\Veronika\AppData\Roaming\Zoner
2008-12-06 09:38 . 2008-12-06 09:38 <DIR> d-------- c:\program files\Zoner
2008-12-06 09:27 . 2008-12-06 09:27 <DIR> d-------- c:\users\Richard
2008-12-06 08:37 . 2008-12-06 08:37 <DIR> d-------- c:\program files\Trend Micro
2008-12-05 20:54 . 2008-12-05 20:54 <DIR> d-------- c:\program files\Alwil Software
2008-12-05 20:54 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\System32\MFC71.dll
2008-12-05 20:54 . 2003-03-18 20:14 499,712 --a------ c:\windows\System32\MSVCP71.dll
2008-12-05 20:54 . 2003-02-21 04:42 348,160 --a------ c:\windows\System32\MSVCR71.dll
2008-12-05 20:54 . 2008-11-26 18:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2008-12-05 20:31 . 2008-12-05 20:35 <DIR> d-------- c:\users\Veronika\AppData\Roaming\vlc
2008-12-05 20:31 . 2008-12-05 20:31 <DIR> d-------- c:\program files\VideoLAN
2008-12-05 20:15 . 2008-12-05 20:15 <DIR> d-------- c:\users\Veronika\AppData\Roaming\skypePM
2008-12-05 20:15 . 2008-12-05 20:15 56 --ah----- c:\users\All Users\ezsidmv.dat
2008-12-05 20:15 . 2008-12-05 20:15 56 --ah----- c:\programdata\ezsidmv.dat
2008-12-05 20:10 . 2008-12-05 20:16 <DIR> d-------- c:\users\Veronika\AppData\Roaming\Skype
2008-12-05 20:07 . 2005-04-25 10:43 159,616 --a------ c:\windows\System32\drivers\Vax347b.sys
2008-12-05 20:07 . 2004-04-30 09:33 5,248 --a------ c:\windows\System32\drivers\Vax347s.sys
2008-12-05 19:59 . 2008-12-05 20:01 <DIR> d-------- c:\users\Veronika\AppData\Roaming\Vso
2008-12-05 19:59 . 2008-12-05 19:59 <DIR> d-------- c:\program files\DVDFab Platinum 4
2008-12-05 19:59 . 2008-12-05 19:59 47,360 --a------ c:\windows\System32\drivers\pcouffin.sys
2008-12-05 19:59 . 2008-12-05 19:59 47,360 --a------ c:\users\Veronika\AppData\Roaming\pcouffin.sys
2008-12-05 19:55 . 2008-12-05 19:58 <DIR> d-------- c:\program files\IrfanView
2008-12-05 19:30 . 2008-12-05 19:30 <DIR> d-------- c:\users\All Users\Avg8
2008-12-05 19:30 . 2008-12-05 19:30 <DIR> d-------- c:\programdata\Avg8
2008-12-05 18:12 . 2008-12-05 18:12 <DIR> dr-h----- c:\users\Veronika\AppData\Roaming\SecuROM
2008-12-05 18:03 . 2008-12-05 18:03 <DIR> d-------- c:\users\All Users\Electronic Arts
2008-12-05 18:03 . 2008-12-05 18:03 <DIR> d-------- c:\programdata\Electronic Arts
2008-12-05 18:03 . 2008-12-05 18:03 <DIR> d-------- c:\program files\Electronic Arts
2008-12-05 18:02 . 2008-12-05 18:02 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos
2008-12-05 18:02 . 2008-12-05 18:02 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2008-12-05 18:02 . 2008-12-05 18:02 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2008-12-05 18:02 . 2008-12-05 18:02 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures
2008-12-05 18:02 . 2008-12-05 18:02 <DIR> dr------- c:\windows\System32\config\systemprofile\Music
2008-12-05 18:02 . 2008-12-05 18:02 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2008-12-05 18:02 . 2008-12-05 18:02 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads
2008-12-05 18:02 . 2008-12-05 18:02 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
2008-12-05 18:02 . 2008-12-05 18:02 <DIR> d-------- c:\users\Veronika\AppData\Roaming\Leadertech
2008-12-05 18:02 . 2008-12-05 18:02 1,104 --a------ c:\windows\System32\ealregsnapshot1.reg
2008-12-05 17:50 . 2008-12-05 17:50 <DIR> d-------- c:\program files\EA Sports
2008-12-05 17:49 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\System32\d3dx9_33.dll
2008-12-05 17:19 . 2008-12-05 17:25 <DIR> d-------- c:\users\Veronika\AppData\Roaming\ICQ
2008-12-05 17:19 . 2008-12-05 17:26 <DIR> d-------- c:\program files\ICQ6
2008-12-05 17:11 . 2008-12-05 17:11 29,184 --a------ c:\windows\System32\drivers\Ndisprot.sys
2008-12-05 16:55 . 2008-12-05 16:55 <DIR> d-------- c:\users\All Users\Adobe
2008-12-05 16:55 . 2008-12-05 16:55 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-05 16:51 . 2008-12-05 16:51 <DIR> d-------- c:\users\All Users\Skype
2008-12-05 16:51 . 2008-12-05 16:51 <DIR> d-------- c:\programdata\Skype
2008-12-05 16:51 . 2008-12-05 16:51 <DIR> d-------- c:\program files\Skype
2008-12-05 16:51 . 2008-12-05 16:51 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-05 14:42 . 2008-07-16 02:32 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-05 14:22 . 2008-06-26 02:45 12,240,896 --a------ c:\windows\System32\NlsLexicons0007.dll
2008-12-05 14:22 . 2008-06-26 02:45 2,644,480 --a------ c:\windows\System32\NlsLexicons0009.dll
2008-12-05 14:22 . 2008-06-26 04:29 801,280 --a------ c:\windows\System32\NaturalLanguage6.dll
2008-12-05 14:17 . 2008-12-05 14:17 <DIR> d-------- c:\windows\System32\Macromed
2008-12-05 14:02 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-05 14:02 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-05 14:00 . 2008-07-31 02:13 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-05 14:00 . 2008-07-31 04:32 28,160 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-05 13:52 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-12-05 13:52 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-12-05 13:48 . 2008-06-19 04:31 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-12-05 13:48 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-05 13:47 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-12-05 13:47 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-12-05 13:47 . 2008-04-18 06:48 269,312 --a------ c:\windows\System32\es.dll
2008-12-05 13:47 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-05 13:45 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-12-05 13:45 . 2008-04-10 06:12 738,304 --a------ c:\windows\System32\inetcomm.dll
2008-12-05 13:45 . 2008-08-02 02:01 625,152 --a------ c:\windows\System32\drivers\dxgkrnl.sys
2008-12-05 13:45 . 2008-06-26 04:29 565,248 --a------ c:\windows\System32\emdmgmt.dll
2008-12-05 13:45 . 2008-05-20 03:07 148,480 --a------ c:\windows\System32\drivers\nwifi.sys
2008-12-05 13:45 . 2008-06-26 04:29 45,056 --a------ c:\windows\System32\dataclen.dll
2008-12-05 13:45 . 2008-08-02 04:26 36,864 --a------ c:\windows\System32\cdd.dll
2008-12-05 13:37 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-05 13:37 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-05 13:37 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-05 13:37 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-05 13:37 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-05 13:37 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-05 13:37 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-05 13:37 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-05 13:37 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-12-05 13:32 . 2008-12-05 13:32 <DIR> d-------- c:\program files\T-Mobile
2008-12-05 13:21 . 2008-12-05 13:21 <DIR> d-------- c:\users\Veronika\AppData\Roaming\Thunderbird
2008-12-05 13:21 . 2008-12-05 13:21 <DIR> d-------- c:\program files\Mozilla Thunderbird
2008-12-05 13:21 . 2008-12-05 13:21 0 --a------ c:\windows\nsreg.dat
2008-12-05 13:18 . 2008-12-05 13:19 <DIR> d-------- c:\users\Veronika\AppData\Roaming\GHISLER
2008-12-05 13:18 . 2008-12-06 19:17 <DIR> d-------- c:\program files\totalcmd
2008-12-05 13:18 . 2007-06-21 07:01 545 --a------ c:\windows\UC.PIF
2008-12-05 13:18 . 2007-06-21 07:01 545 --a------ c:\windows\RAR.PIF
2008-12-05 13:18 . 2007-06-21 07:01 545 --a------ c:\windows\PKZIP.PIF
2008-12-05 13:18 . 2007-06-21 07:01 545 --a------ c:\windows\PKUNZIP.PIF
2008-12-05 13:18 . 2007-06-21 07:01 545 --a------ c:\windows\NOCLOSE.PIF
2008-12-05 13:18 . 2007-06-21 07:01 545 --a------ c:\windows\LHA.PIF
2008-12-05 13:18 . 2007-06-21 07:01 545 --a------ c:\windows\ARJ.PIF
2008-12-05 13:08 . 2008-12-05 13:08 <DIR> dr------- c:\users\Veronika\Searches
2008-12-05 13:07 . 2008-12-05 13:08 <DIR> dr------- c:\users\Veronika\Videos
2008-12-05 13:07 . 2008-12-05 13:08 <DIR> dr------- c:\users\Veronika\Saved Games
2008-12-05 13:07 . 2008-12-05 13:08 <DIR> dr------- c:\users\Veronika\Pictures
2008-12-05 13:07 . 2008-12-05 13:08 <DIR> dr------- c:\users\Veronika\Music
2008-12-05 13:07 . 2008-12-05 13:08 <DIR> dr------- c:\users\Veronika\Links
2008-12-05 13:07 . 2008-12-07 07:14 <DIR> dr------- c:\users\Veronika\Downloads
2008-12-05 13:07 . 2008-12-06 16:39 <DIR> dr------- c:\users\Veronika\Documents
2008-12-05 13:07 . 2008-12-05 15:26 <DIR> dr------- c:\users\Veronika\Contacts
2008-12-05 13:07 . 2008-12-05 13:08 <DIR> d--h----- c:\users\Veronika\AppData
2008-12-05 13:07 . 2008-12-06 18:40 <DIR> d-------- c:\users\Veronika
2008-12-05 13:04 . 2008-12-05 13:04 <DIR> dr------- c:\windows\System32\config\systemprofile\Contacts
2008-11-25 14:27 . 2008-11-25 14:27 268 --ah----- C:\sqmdata07.sqm
2008-11-25 14:27 . 2008-11-25 14:27 244 --ah----- C:\sqmnoopt07.sqm
2008-11-25 12:11 . 2008-11-25 12:11 268 --ah----- C:\sqmdata06.sqm
2008-11-25 12:11 . 2008-11-25 12:11 244 --ah----- C:\sqmnoopt06.sqm
2008-11-25 11:09 . 2008-11-25 11:09 268 --ah----- C:\sqmdata05.sqm
2008-11-25 11:09 . 2008-11-25 11:09 244 --ah----- C:\sqmnoopt05.sqm
2008-11-24 15:26 . 2008-11-24 15:26 268 --ah----- C:\sqmdata04.sqm
2008-11-24 15:26 . 2008-11-24 15:26 244 --ah----- C:\sqmnoopt04.sqm
2008-11-24 13:31 . 2008-11-24 13:31 268 --ah----- C:\sqmdata03.sqm
2008-11-24 13:31 . 2008-11-24 13:31 244 --ah----- C:\sqmnoopt03.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 17:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 17:02 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-05 14:34 --------- d-----w c:\program files\Windows Mail
2008-12-05 12:04 --------- d-sh--w c:\programdata\Plocha
2008-12-05 12:04 --------- d-sh--w c:\programdata\Oblíbené položky
2008-12-05 12:04 --------- d-sh--w c:\programdata\Šablony
2008-12-05 12:04 --------- d-sh--w c:\programdata\Nabídka Start
2008-12-05 12:04 --------- d-sh--w c:\programdata\Dokumenty
2008-12-05 12:04 --------- d-sh--w c:\programdata\Data aplikací
2008-10-17 16:53 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-10-17 16:53 --------- d-----w c:\program files\Realtek
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-10 03:40 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2008-01-21 02:57 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2007-08-28 955608]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-25 141848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B7AFB35A-7316-470D-B20E-DEF85F0416EF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{04D72EB3-4B46-4E4E-9461-F87B48E52DBA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DA54341A-E049-4A2C-AD6B-42A5C0190464}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{E7579C56-4950-458A-9181-AF1477070227}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{135ABF90-DD34-4C2B-87BC-B20887FCBD8F}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-05 111184]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-06-27 72192]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-05 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-12-05 51792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f115b80-c3aa-11dd-a43f-001d92fd430e}]
\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f115b92-c3aa-11dd-a43f-001d92fd430e}]
\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fe540d4-c2c4-11dd-8e1b-001d92fd430e}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL j:\resycled\boot.com j:
\shell\Open\command - j:\resycled\boot.com j:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fe5415a-c2c4-11dd-8e1b-001d92fd430e}]
\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fe54192-c2c4-11dd-8e1b-001d92fd430e}]
\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d465ebc3-baf4-11dd-a8fe-806e6f6e6963}]
\shell\AutoRun\command - D:\Setupx.exe

*Newly Created Service* - PROCEXP90
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\qqxqk6fq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.seznam.cz/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 07:16:34
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
Celkový čas: 2008-12-07 7:17:02
ComboFix-quarantined-files.txt 2008-12-07 06:17:00

Před spuštěním: Volných bajtů: 221 960 126 464
Po spuštění: Volných bajtů: 222,033,559,552

224 --- E O F --- 2008-12-05 13:44:48

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

ComboFix 08-12-06.06 - Veronika 2008-12-07 12:14:44.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.1.1029.18.1245 [GMT 1:00]
Spuštěný z: c:\users\Veronika\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Veronika\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení

FILE ::
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-11-07 do 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-07 11:57 . 2008-12-07 11:58 131,072 --a------ c:\windows\System32\Ikeext.etl
2008-12-06 19:08 . 2008-12-06 19:25 <DIR> d-------- C:\fixwareout
2008-12-06 18:40 . 2007-07-05 14:30 101,376 -ra------ c:\windows\System32\drivers\ewusbmdm.sys
2008-12-06 18:40 . 2006-09-16 14:26 23,424 -ra------ c:\windows\System32\drivers\ewdcsc.sys
2008-12-06 13:10 . 2008-12-06 13:10 <DIR> d-------- c:\program files\CCleaner
2008-12-06 09:38 . 2008-12-06 09:39 <DIR> d-------- c:\users\Veronika\AppData\Roaming\Zoner
2008-12-06 09:38 . 2008-12-06 09:38 <DIR> d-------- c:\program files\Zoner
2008-12-06 09:27 . 2008-12-06 09:27 <DIR> d-------- c:\users\Richard
2008-12-06 08:37 . 2008-12-06 08:37 <DIR> d-------- c:\program files\Trend Micro
2008-12-05 20:54 . 2008-12-05 20:54 <DIR> d-------- c:\program files\Alwil Software
2008-12-05 20:54 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\System32\MFC71.dll
2008-12-05 20:54 . 2003-03-18 20:14 499,712 --a------ c:\windows\System32\MSVCP71.dll
2008-12-05 20:54 . 2003-02-21 04:42 348,160 --a------ c:\windows\System32\MSVCR71.dll
2008-12-05 20:54 . 2008-11-26 18:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2008-12-05 20:31 . 2008-12-05 20:35 <DIR> d-------- c:\users\Veronika\AppData\Roaming\vlc
2008-12-05 20:31 . 2008-12-05 20:31 <DIR> d-------- c:\program files\VideoLAN
2008-12-05 20:15 . 2008-12-07 08:22 <DIR> d-------- c:\users\Veronika\AppData\Roaming\skypePM
2008-12-05 20:15 . 2008-12-05 20:15 56 --ah----- c:\users\All Users\ezsidmv.dat
2008-12-05 20:15 . 2008-12-05 20:15 56 --ah----- c:\programdata\ezsidmv.dat
2008-12-05 20:10 . 2008-12-07 08:26 <DIR> d-------- c:\users\Veronika\AppData\Roaming\Skype
2008-12-05 20:07 . 2005-04-25 10:43 159,616 --a------ c:\windows\System32\drivers\Vax347b.sys
2008-12-05 20:07 . 2004-04-30 09:33 5,248 --a------ c:\windows\System32\drivers\Vax347s.sys
2008-12-05 19:59 . 2008-12-05 20:01 <DIR> d-------- c:\users\Veronika\AppData\Roaming\Vso
2008-12-05 19:59 . 2008-12-05 19:59 <DIR> d-------- c:\program files\DVDFab Platinum 4
2008-12-05 19:59 . 2008-12-05 19:59 47,360 --a------ c:\windows\System32\drivers\pcouffin.sys
2008-12-05 19:59 . 2008-12-05 19:59 47,360 --a------ c:\users\Veronika\AppData\Roaming\pcouffin.sys
2008-12-05 19:55 . 2008-12-05 19:58 <DIR> d-------- c:\program files\IrfanView
2008-12-05 19:30 . 2008-12-05 19:30 <DIR> d-------- c:\users\All Users\Avg8
2008-12-05 19:30 . 2008-12-05 19:30 <DIR> d-------- c:\programdata\Avg8
2008-12-05 18:12 . 2008-12-05 18:12 <DIR> dr-h----- c:\users\Veronika\AppData\Roaming\SecuROM
2008-12-05 18:03 . 2008-12-05 18:03 <DIR> d-------- c:\users\All Users\Electronic Arts
2008-12-05 18:03 . 2008-12-05 18:03 <DIR> d-------- c:\programdata\Electronic Arts
2008-12-05 18:03 . 2008-12-05 18:03 <DIR> d-------- c:\program files\Electronic Arts
2008-12-05 18:02 . 2008-12-05 18:02 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos
2008-12-05 18:02 . 2008-12-05 18:02 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2008-12-05 18:02 . 2008-12-05 18:02 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2008-12-05 18:02 . 2008-12-05 18:02 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures
2008-12-05 18:02 . 2008-12-05 18:02 <DIR> dr------- c:\windows\System32\config\systemprofile\Music
2008-12-05 18:02 . 2008-12-05 18:02 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2008-12-05 18:02 . 2008-12-05 18:02 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads
2008-12-05 18:02 . 2008-12-05 18:02 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
2008-12-05 18:02 . 2008-12-05 18:02 <DIR> d-------- c:\users\Veronika\AppData\Roaming\Leadertech
2008-12-05 18:02 . 2008-12-05 18:02 1,104 --a------ c:\windows\System32\ealregsnapshot1.reg
2008-12-05 17:50 . 2008-12-05 17:50 <DIR> d-------- c:\program files\EA Sports
2008-12-05 17:49 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\System32\d3dx9_33.dll
2008-12-05 17:19 . 2008-12-05 17:25 <DIR> d-------- c:\users\Veronika\AppData\Roaming\ICQ
2008-12-05 17:19 . 2008-12-05 17:26 <DIR> d-------- c:\program files\ICQ6
2008-12-05 17:11 . 2008-12-05 17:11 29,184 --a------ c:\windows\System32\drivers\Ndisprot.sys
2008-12-05 16:55 . 2008-12-05 16:55 <DIR> d-------- c:\users\All Users\Adobe
2008-12-05 16:55 . 2008-12-05 16:55 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-05 16:51 . 2008-12-05 16:51 <DIR> d-------- c:\users\All Users\Skype
2008-12-05 16:51 . 2008-12-05 16:51 <DIR> d-------- c:\programdata\Skype
2008-12-05 16:51 . 2008-12-05 16:51 <DIR> d-------- c:\program files\Skype
2008-12-05 16:51 . 2008-12-05 16:51 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-05 14:42 . 2008-07-16 02:32 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-05 14:22 . 2008-06-26 02:45 12,240,896 --a------ c:\windows\System32\NlsLexicons0007.dll
2008-12-05 14:22 . 2008-06-26 02:45 2,644,480 --a------ c:\windows\System32\NlsLexicons0009.dll
2008-12-05 14:22 . 2008-06-26 04:29 801,280 --a------ c:\windows\System32\NaturalLanguage6.dll
2008-12-05 14:17 . 2008-12-05 14:17 <DIR> d-------- c:\windows\System32\Macromed
2008-12-05 14:02 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-05 14:02 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-05 14:00 . 2008-07-31 02:13 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-05 14:00 . 2008-07-31 04:32 28,160 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-05 13:52 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-12-05 13:52 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-12-05 13:48 . 2008-06-19 04:31 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-12-05 13:48 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-12-05 13:47 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-12-05 13:47 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-12-05 13:47 . 2008-04-18 06:48 269,312 --a------ c:\windows\System32\es.dll
2008-12-05 13:47 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-12-05 13:45 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-12-05 13:45 . 2008-04-10 06:12 738,304 --a------ c:\windows\System32\inetcomm.dll
2008-12-05 13:45 . 2008-08-02 02:01 625,152 --a------ c:\windows\System32\drivers\dxgkrnl.sys
2008-12-05 13:45 . 2008-06-26 04:29 565,248 --a------ c:\windows\System32\emdmgmt.dll
2008-12-05 13:45 . 2008-05-20 03:07 148,480 --a------ c:\windows\System32\drivers\nwifi.sys
2008-12-05 13:45 . 2008-06-26 04:29 45,056 --a------ c:\windows\System32\dataclen.dll
2008-12-05 13:45 . 2008-08-02 04:26 36,864 --a------ c:\windows\System32\cdd.dll
2008-12-05 13:37 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-05 13:37 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-05 13:37 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-05 13:37 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-05 13:37 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-05 13:37 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-05 13:37 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-05 13:37 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-05 13:37 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-12-05 13:32 . 2008-12-05 13:32 <DIR> d-------- c:\program files\T-Mobile
2008-12-05 13:21 . 2008-12-05 13:21 <DIR> d-------- c:\users\Veronika\AppData\Roaming\Thunderbird
2008-12-05 13:21 . 2008-12-05 13:21 <DIR> d-------- c:\program files\Mozilla Thunderbird
2008-12-05 13:21 . 2008-12-05 13:21 0 --a------ c:\windows\nsreg.dat
2008-12-05 13:18 . 2008-12-05 13:19 <DIR> d-------- c:\users\Veronika\AppData\Roaming\GHISLER
2008-12-05 13:18 . 2008-12-06 19:17 <DIR> d-------- c:\program files\totalcmd
2008-12-05 13:18 . 2007-06-21 07:01 545 --a------ c:\windows\UC.PIF
2008-12-05 13:18 . 2007-06-21 07:01 545 --a------ c:\windows\RAR.PIF
2008-12-05 13:18 . 2007-06-21 07:01 545 --a------ c:\windows\PKZIP.PIF
2008-12-05 13:18 . 2007-06-21 07:01 545 --a------ c:\windows\PKUNZIP.PIF
2008-12-05 13:18 . 2007-06-21 07:01 545 --a------ c:\windows\NOCLOSE.PIF
2008-12-05 13:18 . 2007-06-21 07:01 545 --a------ c:\windows\LHA.PIF
2008-12-05 13:18 . 2007-06-21 07:01 545 --a------ c:\windows\ARJ.PIF
2008-12-05 13:08 . 2008-12-05 13:08 <DIR> dr------- c:\users\Veronika\Searches
2008-12-05 13:07 . 2008-12-05 13:08 <DIR> dr------- c:\users\Veronika\Videos
2008-12-05 13:07 . 2008-12-05 13:08 <DIR> dr------- c:\users\Veronika\Saved Games
2008-12-05 13:07 . 2008-12-05 13:08 <DIR> dr------- c:\users\Veronika\Pictures
2008-12-05 13:07 . 2008-12-05 13:08 <DIR> dr------- c:\users\Veronika\Music
2008-12-05 13:07 . 2008-12-05 13:08 <DIR> dr------- c:\users\Veronika\Links
2008-12-05 13:07 . 2008-12-07 07:14 <DIR> dr------- c:\users\Veronika\Downloads
2008-12-05 13:07 . 2008-12-06 16:39 <DIR> dr------- c:\users\Veronika\Documents
2008-12-05 13:07 . 2008-12-05 15:26 <DIR> dr------- c:\users\Veronika\Contacts
2008-12-05 13:07 . 2008-12-05 13:08 <DIR> d--h----- c:\users\Veronika\AppData
2008-12-05 13:07 . 2008-12-06 18:40 <DIR> d-------- c:\users\Veronika
2008-12-05 13:04 . 2008-12-05 13:04 <DIR> dr------- c:\windows\System32\config\systemprofile\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 17:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 17:02 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-05 14:34 --------- d-----w c:\program files\Windows Mail
2008-12-05 12:04 --------- d-sh--w c:\programdata\Plocha
2008-12-05 12:04 --------- d-sh--w c:\programdata\Oblíbené položky
2008-12-05 12:04 --------- d-sh--w c:\programdata\Šablony
2008-12-05 12:04 --------- d-sh--w c:\programdata\Nabídka Start
2008-12-05 12:04 --------- d-sh--w c:\programdata\Dokumenty
2008-12-05 12:04 --------- d-sh--w c:\programdata\Data aplikací
2008-10-17 16:53 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-10-17 16:53 --------- d-----w c:\program files\Realtek
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-10 03:40 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2008-01-21 02:57 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-12-07_ 7.16.46,38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-04 19:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
- 2008-12-07 06:04:41 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-07 10:56:17 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-07 06:04:41 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-07 10:56:17 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-07 06:05:59 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-07 11:08:27 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-12-07 06:05:53 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-07 11:08:21 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-07 11:08:21 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-07 06:04:41 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-07 11:08:43 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-07 06:04:41 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-07 11:08:43 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-07 06:04:41 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-07 11:08:43 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\System32\Macromed\Flash\FlashUtil10a.exe
+ 2008-12-07 07:21:05 89,102 ----a-w c:\windows\System32\Macromed\Flash\uninstall_activeX.exe
+ 2008-12-07 11:08:18 2,456 ----a-w c:\windows\System32\networklist\icons\{1D36A11C-6BD5-47B3-BBA4-944E5C2316FF}_24.bin
+ 2008-12-07 11:08:18 4,280 ----a-w c:\windows\System32\networklist\icons\{1D36A11C-6BD5-47B3-BBA4-944E5C2316FF}_32.bin
+ 2008-12-07 11:08:18 9,560 ----a-w c:\windows\System32\networklist\icons\{1D36A11C-6BD5-47B3-BBA4-944E5C2316FF}_48.bin
- 2008-12-07 06:09:11 114,786 ----a-w c:\windows\System32\perfc005.dat
+ 2008-12-07 11:05:31 114,786 ----a-w c:\windows\System32\perfc005.dat
- 2008-12-07 06:09:11 101,052 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-07 11:05:31 101,052 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-07 06:09:11 598,594 ----a-w c:\windows\System32\perfh005.dat
+ 2008-12-07 11:05:31 598,594 ----a-w c:\windows\System32\perfh005.dat
- 2008-12-07 06:09:11 586,980 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-07 11:05:31 586,980 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-07 06:07:24 3,628 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1480039668-1574901346-2280156850-1000_UserData.bin
+ 2008-12-07 10:58:07 3,978 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1480039668-1574901346-2280156850-1000_UserData.bin
- 2008-12-07 06:07:23 68,152 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-07 10:58:07 68,818 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-07 06:07:23 25,770 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-07 10:58:06 26,210 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-07 10:58:49 65,536 ----a-w c:\windows\tracing\IPSEC.BIN
+ 2008-12-07 10:58:49 65,536 ----a-w c:\windows\tracing\RASL2TP.BIN
+ 2008-12-07 10:58:49 65,536 ----a-w c:\windows\tracing\RASPPTP.BIN
+ 2008-12-07 10:58:49 65,536 ----a-w c:\windows\tracing\RASSSTP.BIN
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"T-Mobile Communication Centre"="c:\program files\T-Mobile\Web'n'walk Manager\Manager.exe" [2007-08-28 955608]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-25 141848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B7AFB35A-7316-470D-B20E-DEF85F0416EF}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{04D72EB3-4B46-4E4E-9461-F87B48E52DBA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DA54341A-E049-4A2C-AD6B-42A5C0190464}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{E7579C56-4950-458A-9181-AF1477070227}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{135ABF90-DD34-4C2B-87BC-B20887FCBD8F}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-05 111184]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\pacer.sys [2008-06-27 72192]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-05 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-12-05 51792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f115b80-c3aa-11dd-a43f-001d92fd430e}]
\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f115b92-c3aa-11dd-a43f-001d92fd430e}]
\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fe5415a-c2c4-11dd-8e1b-001d92fd430e}]
\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fe54192-c2c4-11dd-8e1b-001d92fd430e}]
\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3a2029b-c44d-11dd-af85-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3a202e8-c44d-11dd-af85-001d92fd430e}]
\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d465ebc3-baf4-11dd-a8fe-806e6f6e6963}]
\shell\AutoRun\command - D:\Setupx.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\qqxqk6fq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.seznam.cz/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 12:15:59
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
Celkový čas: 2008-12-07 12:16:27
ComboFix-quarantined-files.txt 2008-12-07 11:16:25
ComboFix2.txt 2008-12-07 06:17:03

Před spuštěním: Volných bajtů: 221 054 386 176
Po spuštění: Volných bajtů: 221,027,266,560

277 --- E O F --- 2008-12-05 13:44:48

Vlož sem ještě nový log z HJT.

Tak tady je nový log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:06, on 6.12.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [T-Mobile Communication Centre] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AAF9BEB-8993-423E-9CA8-D11949F2F3BA}: NameServer = 85.255.116.99;85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{54A69D07-CFA8-410B-A4AF-4CB0CA8F65D3}: NameServer = 85.255.116.99;85.255.112.133
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.99;85.255.112.133
O17 - HKLM\System\CS1\Services\Tcpip\..\{3AAF9BEB-8993-423E-9CA8-D11949F2F3BA}: NameServer = 85.255.116.99;85.255.112.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.99;85.255.112.133
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 5447 bytes

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Poté zkus aplikaci Fixwareout.
Potom sem vlož z něj log.
A následně nový log z HJT.

Vypla jsem avast, ukončila připojení k internetu a restartovala počítač, ale ty soubory tam zůstávají stále, to není možné, v XP vše tak hladce fungovalo...

Fixwareout má asi potíže ve vistě. Tedy ty položky 017 -(85.255.116 atd.) jsou v logu HJT znovu?
Podívám se po netu na možnou náhradu, spíše zítra.
Toto otestuj na Virustotal
c:\users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\qqxqk6fq.default
Vlož sem pak výsledek.