Spamy z vlastní adresy

[cernto]

Dobrý den. Chtěl bych požádat o radu. Jednomu mému známemu chodí neustle spamy z jeho vlastní adresy. Předpokládám, že si nějaký virus někde sebral nějaký seznam adres ve kterém byl i on a teď maskuje odesílatele tím, že tam dává jeho adresu. Už se mu stává, že na na některé adresy jeho maily nechodí, protože ho adresáti mají zřejmě v blacklistu. Je možné se proti tomu nějak bránit? Přikládám i výpis z RSITu z jeho PC. Předem děkuji za jakoukoliv radu.
Cernto

Logfile of random's system information tool 1.08 (written by random/random)
Run by LSima at 2012-02-21 06:14:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 566 MB (3%) free of 20 GB
Total RAM: 959 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:14:39, on 21.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Fleetware\UDP\UDPMsgSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Navigate\Modules\Fleetware\FleetServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft Outlook\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\uobchodni\Plocha\RSIT.exe
C:\Program Files\trend micro\LSima.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Download GPS Recorder.lnk = C:\Program Files\NaviGate\Modules\Fleetware\FleetReader.exe
O4 - Global Startup: Nokia Nseries PC Suite.lnk = C:\Program Files\Nokia\NNPCS\RunLauncher.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI05E6~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://sbsillik/ConnectComputer/nshelp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0777081537
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0778962266
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PekarstviIllik.local
O17 - HKLM\Software\..\Telephony: DomainName = PekarstviIllik.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PekarstviIllik.local
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Fleetware Communication Service (FleetwareCommService) - Radium s.r.o. - C:\Program Files\Navigate\Modules\Fleetware\FleetServ.exe
O23 - Service: Fleetware Messaging Server (MsgSvc) - Radium s.r.o. - C:\Program Files\Common Files\Fleetware\UDP\UDPMsgSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

--
End of file - 6151 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-12-10 188416]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-10 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-11-03 163840]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2215064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"TuneUp MemOptimizer"=C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe [2004-11-09 302592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-04-21 94208]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Download GPS Recorder.lnk - C:\Program Files\NaviGate\Modules\Fleetware\FleetReader.exe
Nokia Nseries PC Suite.lnk - C:\Program Files\Nokia\NNPCS\RunLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWelcomeScreen"=1
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\IDS\iGuard® LE\iGuardRemoteView.exe"="C:\Program Files\IDS\iGuard® LE\iGuardRemoteView.exe:*:Enabled:iGuard® RemoteView"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Canon\Color Network ScanGear\SgTool.exe"="C:\Program Files\Canon\Color Network ScanGear\SgTool.exe:*:Enabled:Color Network ScanGear Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IDS\iGuard® LE\iGuardRemoteView.exe"="C:\Program Files\IDS\iGuard® LE\iGuardRemoteView.exe:*:Enabled:iGuard® RemoteView"
"C:\Program Files\Canon\DIAS\CnxDIAS.exe"="C:\Program Files\Canon\DIAS\CnxDIAS.exe:*:Enabled:Canon Driver Information Assist Service"
"C:\Program Files\Canon\Color Network ScanGear\SgTool.exe"="C:\Program Files\Canon\Color Network ScanGear\SgTool.exe:*:Enabled:Color Network ScanGear Tool"

======List of files/folders created in the last 1 months======

2012-02-21 06:14:12 ----D---- C:\Program Files\trend micro
2012-02-21 06:14:10 ----D---- C:\rsit
2012-02-16 13:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-16 13:30:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-16 13:28:40 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-02-14 07:49:02 ----A---- C:\WINDOWS\system32\CNAB5PTU.DLL
2012-02-14 07:49:01 ----A---- C:\WINDOWS\system32\CNAB5SMK.DLL
2012-02-14 07:49:01 ----A---- C:\WINDOWS\system32\CNAB5RPK.EXE
2012-02-14 07:49:01 ----A---- C:\WINDOWS\system32\CNAB5LMK.DLL
2012-02-14 07:49:01 ----A---- C:\WINDOWS\system32\CNAB5EMU.DLL

======List of files/folders modified in the last 1 months======

2012-02-21 06:14:24 ----D---- C:\WINDOWS\Prefetch
2012-02-21 06:14:14 ----D---- C:\WINDOWS\Temp
2012-02-21 06:14:12 ----RD---- C:\Program Files
2012-02-21 06:12:48 ----D---- C:\WINDOWS\security
2012-02-20 17:10:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-17 12:37:20 ----D---- C:\TEMP
2012-02-16 13:47:52 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-16 13:47:47 ----RSD---- C:\WINDOWS\assembly
2012-02-16 13:39:40 ----D---- C:\WINDOWS
2012-02-16 13:38:53 ----D---- C:\WINDOWS\system32
2012-02-16 13:36:01 ----SHD---- C:\Config.Msi
2012-02-16 13:35:43 ----SHD---- C:\WINDOWS\Installer
2012-02-16 13:35:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-16 13:34:43 ----D---- C:\WINDOWS\WinSxS
2012-02-16 13:32:09 ----HD---- C:\WINDOWS\inf
2012-02-16 13:32:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-16 13:32:01 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-16 13:31:59 ----A---- C:\WINDOWS\imsins.BAK
2012-02-16 13:31:47 ----D---- C:\Program Files\Internet Explorer
2012-02-16 13:29:22 ----D---- C:\WINDOWS\system32\CatRoot2
2012-01-25 06:22:23 ----HD---- C:\Program Files\InstallShield Installation Information
2012-01-25 06:19:39 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2005-12-23 5685]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-08-03 95896]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 ek3000;EK-3000 Programmer Driver; C:\WINDOWS\system32\DRIVERS\ek3000.sys [2004-08-11 3712]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-02-10 244352]
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Canon Driver Information Assist Service;Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [2010-03-04 3883432]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
R2 FleetwareCommService;Fleetware Communication Service; C:\Program Files\Navigate\Modules\Fleetware\FleetServ.exe [2005-09-30 1323008]
R2 MsgSvc;Fleetware Messaging Server; C:\Program Files\Common Files\Fleetware\UDP\UDPMsgSvc.exe [2006-08-10 450560]
R2 MSSQLSERVER;SQL Server (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framew¨ŚĽŔŹŁčG*#ĂoěđóC\>/o7C CüH•+#ƒLPŤ}ExËĘČ |€A€red¨¬°ë]GY¤ŘÜŕ‰[ůĽ<yDDDu\¬Śr8<@M_VFąhlp˝b¦#ƒ\˜ś D;©Ś›Č7Ěи>Gřü Eíw+EX^(EśCŚCďlŮLDa,EoäĹ•0ΚG·E7M^`e`ű›ErY™o°—¸Ľ©ŚŔ˛č7잼¬Śđ†‰FFą|^ F€DHLůVFPpox|ň]F€Ź7¨¬©Ś°ŘÜO^VFŕ–’GGƒ\>/GeŠ8<A.+#@’Ťh —•‘lp©•˜ËĘČś H–ČČeedĚĐA—řňň92ü H ‹(HçkŔČF7,ßÉełřHť“II(š.ĹA.HPIďaoeËÔ–x€ÎŚ)ůq¨°IBýHŇ]ůH‹`"Ha؃T®ŕCLDˆŚ'/+#ÉJ‘AFžJ¸Ľ‡/#•Ŕ8ş˜żŹ8Čč@JůH
(IFFF.,X\ˆFFFFŚ¸ĽěĽóÎF™LJěp$|ĺČw¤€H
đIČČČČL|¬Ü°ĽĆŮo<JŤJmŢ~‡¸Ťä0" ŁÔZ÷â{ç@p
9<ŇŮţ´FĐŽ¤Mfľ=ĂĺĹȈ„Hl,<>Ď3ň&HdhlxśÔĄu™˜
¬Í^XN‰»¸?Ääą›1Č?´$ĚŘĐ@dddôřü./gźvěż$(,fß#…?T1X2ňŚĚ?\h„Č322ˆŚ˜ ĎČČČ´¸ĽČ,<#w#ä1´$čř<ó;űŽc
?(łďČHHDHL?X#ďŚ<htx|yfˆŚ¤¨
ł‘g6¬?¸°ÔqŘ;ňĚfżÜ?čĽq#Íďě
?Ě4<###8<HŕČ3űŽd±h1xô>#łŮ”c˜?ś¨†xFf)ă1ČĚ˙égä­ëF$ôżc®yç=7žĽ$x˙|€Ëqä„DĄ¨IóĺHs6üĺ4$Č;äĺ(,8F@FŢČČTXh0T„äŤĚFˆ?Ś˜¸h›ddd´¸ĽČFlöŕČxä3č
ěUddŽĎř†Y™Í^dś?D1HNđŽLÇX¨tf¤ă]x
`łČČȸ†?¸ŚŚŚ<ČÔŘÜFćřŚčІaÎěEFÜ?4‘g6ň8<?HěňĚfłdqh
l?xüf‘Ž7”qn?¨Í"s}‡S
Ěddä™?Ř0ôřâHsdüT$Fޤ™ű8pTóĽóFh"˜°ĘČČŹő¬°´2ňťË łŘEÜŕyň˛2äQŽäňyyˇ8Y<@DŰŻŚŚrhlptFą¬ů°˜ś ƒ\VF¤ß­ČĚ.+##ĐԘ¤řĎË‘Aü ç‘Ë“—®( , 0dĘ•4źHX\°ËĘl`‹dś±ˆE#•ŮČŚŃ”!¸y#Ď‹ -ČĚřčEš§Ó[´äéĚÖňX,Fž‘gˆH¸hčtŹy€ÂTž‘gö +<H¸Î3ňFxШđ+##ĽŔÄkˇČČw.čEěđňdĺĘô˜E

Čĺóň
$
ęˇH˛222LPTnşäx|€„Ś

[JaRon]

fiiiiha, Tebe tam niekto rozsypal cinske rezance
stiahni a uloz na plochu ComboFix

potom spust pod uctom s administratorskym opravnenim


akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie

Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.

po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)

[cernto]

Tak provedl jsem scan Combofiem a posílám log. Díky

ComboFix 12-02-21.02 - LSima 22.02.2012 6:22.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.959.489 [GMT 1:00]
Spuštěný z: c:\documents and settings\uobchodni\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-22 do 2012-02-22 )))))))))))))))))))))))))))))))
.
.
2012-02-21 05:14 . 2012-02-21 05:16 -------- d-----w- c:\program files\trend micro
2012-02-21 05:14 . 2012-02-21 05:14 -------- d-----w- C:\rsit
2012-02-16 12:28 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 12:28 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 06:49 . 2005-09-14 15:00 28672 ----a-w- c:\windows\system32\CNAB5PTU.DLL
2012-02-14 06:49 . 2005-09-14 15:00 98370 ----a-w- c:\windows\system32\CNAB5SMK.DLL
2012-02-14 06:49 . 2005-09-14 15:00 57410 ----a-w- c:\windows\system32\CNAB5RPK.EXE
2012-02-14 06:49 . 2005-09-14 15:00 28738 ----a-w- c:\windows\system32\CNAB5LMK.DLL
2012-02-14 06:49 . 2005-09-14 15:00 192512 ----a-w- c:\windows\system32\CNAB5EMU.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2004-08-18 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2004-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-18 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2004-08-18 12:00 385024 ------w- c:\windows\system32\html.iec
2011-11-25 21:57 . 2004-08-18 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . AF6A4BCDE2343E8562D3003A1740CC96 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
.
c:\windows\System32\ksuser.dll ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2004\MemOptimizer.exe" [2004-11-09 302592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416]
"VTTimer"="VTTimer.exe" [2005-03-10 53248]
"VTTrayp"="VTtrayp.exe" [2005-11-03 163840]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Download GPS Recorder.lnk - c:\program files\NaviGate\Modules\Fleetware\FleetReader.exe [2006-8-22 1546752]
Nokia Nseries PC Suite.lnk - c:\program files\Nokia\NNPCS\RunLauncher.exe [2008-5-8 943568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\IDS\\iGuard® LE\\iGuardRemoteView.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Canon\\Color Network ScanGear\\SgTool.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56338:UDP"= 56338:UDP:Color Network ScanGear
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 12:28 95896]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.8.2010 13:16 810144]
R2 FleetwareCommService;Fleetware Communication Service;c:\program files\NaviGate\Modules\Fleetware\FleetServ.exe [30.9.2005 12:39 1323008]
R2 MsgSvc;Fleetware Messaging Server;c:\program files\Common Files\Fleetware\UDP\UDPMsgSvc.exe [10.8.2006 17:32 450560]
R3 ek3000;EK-3000 Programmer Driver;c:\windows\system32\drivers\ek3000.sys [11.8.2004 13:34 3712]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 13:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2004\SystemOptimizer.exe [2004-11-09 20:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.7.54
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-22 06:29
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-02-22 06:31:35
ComboFix-quarantined-files.txt 2012-02-22 05:31
.
Před spuštěním: 627 191 808
Po spuštění: 3 630 747 648
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9ABA6554802E3D12EDE13ECDE52FB4FD

[JaRon]

prescanuj PC s MBAM

[cernto]

Posílám log z MBAM. Díky.
Cernto

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.60.1.1000
www.malwarebytes.org

Verze databáze: v2012.02.23.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
LSima :: OBCHODNI [administrátor]

Ochrana: Povolena

23.2.2012 6:16:38
mbam-log-2012-02-23 (06-16-38).txt

Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 294432
Uplynulý čas: 28 minut, 2 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[JaRon]

nuz zatial to vypada, ze tento PC je v tom ohladne spamu nevinne ,,,
skus este pretestovat PC s AVPTool
pri tom spame bude treba zistit skutocneho odosielatela - napr.
v OE klikni pravym tl. na spravu - vlastnosti - podrobnosti

[cernto]

Díky za radu, ale nevím jestli se mi podaří to oskemovat tím programen, co jsi mi navrhl, protože jak jsem se dočetl, tak ten program běží několik hodin, ale já na to mám tal 1,5 hodinu, než on na tom začne dělat a pak na tom dělá až skoro do večera. No uvidím, každopádně moc díky za pomoc.
Cernto

[JaRon]

System drive C: has 566 MB (3%) free of 20 GB
najprv vycisti temporary internet files
a potom AVPTool - pri 20GB by to mal do hodinky stihnut

[cernto]

Dobře vyzkouším to po víkendu a dám vědět. Díky.
Cernto