Re: Odchází velké množství spamu
Napsal: 06 úno 2010 12:19
ComboFix 10-02-05.04 - Jiří Kaštovský 06.02.2010 12:02:30.17.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1279.650 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jiří Kaštovský\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jiří Kaštovský\Plocha\CFskript\CFScript.txt
AV: Ashampoo AntiVirus *On-access scanning enabled* (Updated) {87430BA8-187A-42D6-A8FE-8E00DF291089}
AV: AVG Internet Security Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
file zipped: C:\hnfk.exe
file zipped: c:\windows\system32\drivers\ypypq.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\hnfk.exe
c:\windows\system32\drivers\ypypq.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASHAVMON
-------\Legacy_ASWSP
-------\Legacy_YPYPQ
-------\Service_AshAVMon
-------\Service_aswSP
-------\Service_ypypq
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-06 do 2010-02-06 )))))))))))))))))))))))))))))))
.
2010-02-04 17:24 . 2010-02-05 15:03 -------- d-----w- c:\program files\trend micro
2010-01-31 15:39 . 2010-01-31 15:39 -------- d-----w- c:\windows\Downloaded Program Files
2010-01-31 10:37 . 2010-01-14 10:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-31 10:18 . 2010-01-31 10:18 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-31 10:18 . 2010-01-31 10:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-31 10:18 . 2010-01-31 10:18 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-31 10:18 . 2010-01-31 10:18 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-31 10:18 . 2010-01-31 10:18 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-31 10:18 . 2010-02-06 09:55 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-30 07:13 . 2010-01-30 07:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-27 14:44 . 2010-01-27 14:44 -------- d-----w- c:\program files\MSSOAP
2010-01-27 14:43 . 2010-01-27 14:43 164 ----a-w- c:\windows\install.dat
2010-01-25 16:44 . 2010-01-25 16:44 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-01-25 16:41 . 2010-01-25 16:42 -------- d-----w- c:\windows\ERUNT
2010-01-24 13:38 . 2010-01-24 13:38 -------- d-----w- c:\program files\7-Zip
2010-01-23 13:25 . 2007-08-15 11:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2010-01-17 13:55 . 2010-01-17 13:56 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 09:54 . 2009-08-29 08:30 -------- d-----w- c:\program files\Family Toolbar
2010-01-20 14:35 . 2008-03-07 07:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 15:58 . 2009-06-05 12:31 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-01-01 16:10 . 2008-10-01 08:06 -------- d-----w- c:\program files\AVG
2009-12-30 13:26 . 2009-12-30 13:26 0 ----a-w- c:\windows\nsreg.dat
2009-12-29 08:38 . 2007-11-26 12:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-21 19:08 . 2001-10-25 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-19 10:00 . 2008-02-07 07:10 47360 -c--a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-19 10:00 . 2009-12-19 10:00 -------- d-----w- c:\program files\VSO
2009-12-10 17:27 . 2009-12-10 17:17 156746 -c--a-w- c:\windows\hpoins15.dat
2009-11-23 16:05 . 2008-04-30 09:50 56 -c-ha-w- c:\windows\system32\ezsidmv.dat
2009-11-21 16:03 . 2001-10-25 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2006-04-27 09:24 . 2006-04-27 09:24 2945024 -csha-r- c:\windows\system32\Smab.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-12-01 26624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-03 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-01-31 2043160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-31 10:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ €)S#Č)x3q\0D#\0c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.dat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"Google Update"="c:\documents and settings\Jiří Kaštovský\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"Family Tree Builder Update"=c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [31.1.2010 11:18 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31.1.2010 11:18 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31.1.2010 11:18 108552]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [31.1.2010 11:17 297752]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [15.12.2009 17:51 27632]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [20.2.2009 15:03 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [20.2.2009 15:03 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [20.2.2009 15:03 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [20.2.2009 15:03 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [20.2.2009 15:03 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [20.2.2009 15:03 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [20.2.2009 15:03 109736]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [24.6.2004 3:54 23552]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 15:21 30720]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - AVG_ANTI-SPYWARE_GUARD
*Deregistered* - AVG Anti-Spyware Guard
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = seznam.cz/
mWindow Title = Microsoft Internet Explorer
IE: Download images to iGrab
IE: Download videos to iGrab
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Stáhnout Star Downloaderem
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {F5607125-9AA5-4598-AE5C-784E2D3DD438} = 213.155.229.197,62.84.129.4
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 12:11
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(464)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1024)
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-02-06 12:16:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-06 11:16
ComboFix2.txt 2010-02-06 09:58
ComboFix3.txt 2010-02-06 06:13
Před spuštěním: Volných bajtů: 24 564 207 616
Po spuštění: Volných bajtů: 24 387 125 248
- - End Of File - - DC15B7EA2F55979B760CFFD19843897F
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1279.650 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jiří Kaštovský\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jiří Kaštovský\Plocha\CFskript\CFScript.txt
AV: Ashampoo AntiVirus *On-access scanning enabled* (Updated) {87430BA8-187A-42D6-A8FE-8E00DF291089}
AV: AVG Internet Security Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
file zipped: C:\hnfk.exe
file zipped: c:\windows\system32\drivers\ypypq.sys
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\hnfk.exe
c:\windows\system32\drivers\ypypq.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASHAVMON
-------\Legacy_ASWSP
-------\Legacy_YPYPQ
-------\Service_AshAVMon
-------\Service_aswSP
-------\Service_ypypq
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-06 do 2010-02-06 )))))))))))))))))))))))))))))))
.
2010-02-04 17:24 . 2010-02-05 15:03 -------- d-----w- c:\program files\trend micro
2010-01-31 15:39 . 2010-01-31 15:39 -------- d-----w- c:\windows\Downloaded Program Files
2010-01-31 10:37 . 2010-01-14 10:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-31 10:18 . 2010-01-31 10:18 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-31 10:18 . 2010-01-31 10:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-31 10:18 . 2010-01-31 10:18 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-31 10:18 . 2010-01-31 10:18 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-31 10:18 . 2010-01-31 10:18 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-31 10:18 . 2010-02-06 09:55 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-30 07:13 . 2010-01-30 07:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-27 14:44 . 2010-01-27 14:44 -------- d-----w- c:\program files\MSSOAP
2010-01-27 14:43 . 2010-01-27 14:43 164 ----a-w- c:\windows\install.dat
2010-01-25 16:44 . 2010-01-25 16:44 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-01-25 16:41 . 2010-01-25 16:42 -------- d-----w- c:\windows\ERUNT
2010-01-24 13:38 . 2010-01-24 13:38 -------- d-----w- c:\program files\7-Zip
2010-01-23 13:25 . 2007-08-15 11:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2010-01-17 13:55 . 2010-01-17 13:56 -------- dc-h--w- c:\windows\ie8
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 09:54 . 2009-08-29 08:30 -------- d-----w- c:\program files\Family Toolbar
2010-01-20 14:35 . 2008-03-07 07:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 15:58 . 2009-06-05 12:31 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-01-01 16:10 . 2008-10-01 08:06 -------- d-----w- c:\program files\AVG
2009-12-30 13:26 . 2009-12-30 13:26 0 ----a-w- c:\windows\nsreg.dat
2009-12-29 08:38 . 2007-11-26 12:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-21 19:08 . 2001-10-25 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-19 10:00 . 2008-02-07 07:10 47360 -c--a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-19 10:00 . 2009-12-19 10:00 -------- d-----w- c:\program files\VSO
2009-12-10 17:27 . 2009-12-10 17:17 156746 -c--a-w- c:\windows\hpoins15.dat
2009-11-23 16:05 . 2008-04-30 09:50 56 -c-ha-w- c:\windows\system32\ezsidmv.dat
2009-11-21 16:03 . 2001-10-25 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2006-04-27 09:24 . 2006-04-27 09:24 2945024 -csha-r- c:\windows\system32\Smab.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-12-01 26624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-03 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-01-31 2043160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-31 10:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ €)S#Č)x3q\0D#\0c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.dat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"Google Update"="c:\documents and settings\Jiří Kaštovský\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"Family Tree Builder Update"=c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [31.1.2010 11:18 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31.1.2010 11:18 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31.1.2010 11:18 108552]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [31.1.2010 11:17 297752]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [15.12.2009 17:51 27632]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [20.2.2009 15:03 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [20.2.2009 15:03 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [20.2.2009 15:03 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [20.2.2009 15:03 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [20.2.2009 15:03 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [20.2.2009 15:03 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [20.2.2009 15:03 109736]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [24.6.2004 3:54 23552]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 15:21 30720]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - AVG_ANTI-SPYWARE_GUARD
*Deregistered* - AVG Anti-Spyware Guard
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = seznam.cz/
mWindow Title = Microsoft Internet Explorer
IE: Download images to iGrab
IE: Download videos to iGrab
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Stáhnout Star Downloaderem
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {F5607125-9AA5-4598-AE5C-784E2D3DD438} = 213.155.229.197,62.84.129.4
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 12:11
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(464)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1024)
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-02-06 12:16:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-06 11:16
ComboFix2.txt 2010-02-06 09:58
ComboFix3.txt 2010-02-06 06:13
Před spuštěním: Volných bajtů: 24 564 207 616
Po spuštění: Volných bajtů: 24 387 125 248
- - End Of File - - DC15B7EA2F55979B760CFFD19843897F
.
Vidím 3 antiviry, ponechte pouze jeden 