Odchází velké množství spamu

[kastovskyjiri]

Můj sprostředkovatel připojení mi oznamuje, že z mé adresy odchází velké množství spamu. Šmejd se aktivuje vždy při zapnutí PC a v délce 3 minuty odesílá spam. Přikládám log RSIT.

[motji]

Hezké odpoledne

Ještě poprosím o ten log ze rsitu

[kastovskyjiri]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jiří Kaštovský at 2010-02-05 16:03:12
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (51%) free of 46 GB
Total RAM: 1279 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:42, on 5.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a2 Free\a2service.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Jiří Kaštovský\Plocha\RSIT.exe
C:\Program Files\trend micro\Jiří Kaštovský.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5607125-9AA5-4598-AE5C-784E2D3DD438}: NameServer = 213.155.229.197,62.84.129.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a2 Free\a2service.exe
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 8819 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-12-16 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2010-01-31 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-05-04 32768]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-01-31 2043160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"OEXPRESS"=C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE [2009-12-01 26624]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-05-04 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-01-31 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoResolveTrack"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\Nero\Nero 7\Core\nero.exe"="C:\Program Files\Nero\Nero 7\Core\nero.exe:*:Enabled:Nero Burning ROM"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-05 15:29:16 ----D---- C:\rsit
2010-02-05 15:28:46 ----SHD---- C:\RECYCLER
2010-02-04 18:29:53 ----A---- C:\WINDOWS\zip.exe
2010-02-04 18:29:53 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-04 18:29:53 ----A---- C:\WINDOWS\SWSC.exe
2010-02-04 18:29:53 ----A---- C:\WINDOWS\SWREG.exe
2010-02-04 18:29:53 ----A---- C:\WINDOWS\sed.exe
2010-02-04 18:29:53 ----A---- C:\WINDOWS\PEV.exe
2010-02-04 18:29:53 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-04 18:29:53 ----A---- C:\WINDOWS\MBR.exe
2010-02-04 18:29:53 ----A---- C:\WINDOWS\grep.exe
2010-02-04 18:29:21 ----D---- C:\Qoobox
2010-02-04 18:24:02 ----D---- C:\Program Files\trend micro
2010-01-31 16:39:15 ----D---- C:\WINDOWS\Prefetch
2010-01-31 16:39:14 ----D---- C:\WINDOWS\Downloaded Program Files
2010-01-31 16:34:37 ----D---- C:\PScanner Backup
2010-01-31 14:35:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-01-31 11:37:17 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-01-31 11:18:37 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-01-31 11:17:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
2010-01-30 10:59:27 ----D---- C:\Program Files\a2 Free
2010-01-29 12:49:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-01-27 15:44:51 ----D---- C:\Program Files\MSSOAP
2010-01-26 18:11:16 ----D---- C:\WINDOWS\temp
2010-01-25 19:12:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-25 17:41:50 ----D---- C:\WINDOWS\ERUNT
2010-01-25 17:21:55 ----D---- C:\WINDOWS\ERDNT
2010-01-24 14:38:42 ----D---- C:\Program Files\7-Zip
2010-01-23 14:25:30 ----A---- C:\WINDOWS\system32\ssubtmr6.dll
2010-01-22 15:26:19 ----A---- C:\Boot.bak
2010-01-22 15:26:11 ----RASHD---- C:\cmdcons
2010-01-17 14:55:09 ----HDC---- C:\WINDOWS\ie8
2010-01-17 07:35:05 ----D---- C:\Documents and Settings\Jiří Kaštovský\Data aplikací\Malwarebytes
2010-01-13 15:56:42 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

======List of files/folders modified in the last 1 months======

2010-02-05 15:59:57 ----SHD---- C:\WINDOWS\Installer
2010-02-05 15:59:30 ----D---- C:\Config.Msi
2010-02-05 15:59:29 ----D---- C:\WINDOWS\inf
2010-02-05 15:59:29 ----AD---- C:\Program Files
2010-02-05 15:56:25 ----D---- C:\WINDOWS
2010-02-05 15:06:49 ----D---- C:\Documents and Settings\Jiří Kaštovský\Data aplikací\Skype
2010-02-05 13:14:41 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-05 13:06:54 ----D---- C:\Documents and Settings\Jiří Kaštovský\Data aplikací\skypePM
2010-02-04 18:38:15 ----A---- C:\WINDOWS\system.ini
2010-02-04 18:35:32 ----D---- C:\WINDOWS\system32\drivers
2010-02-04 18:35:32 ----D---- C:\WINDOWS\system32
2010-02-04 18:35:31 ----D---- C:\WINDOWS\AppPatch
2010-02-04 18:35:27 ----D---- C:\Program Files\Common Files
2010-02-03 19:00:34 ----D---- C:\Documents and Settings\Jiří Kaštovský\Data aplikací\Vso
2010-02-02 19:28:27 ----AC---- C:\WINDOWS\NeroDigital.ini
2010-01-31 16:39:11 ----D---- C:\Documents and Settings\Jiří Kaštovský\Data aplikací\OfficeUpdate12
2010-01-31 16:36:54 ----D---- C:\WINDOWS\Registration
2010-01-31 16:26:44 ----SD---- C:\WINDOWS\Tasks
2010-01-31 16:19:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-31 13:56:37 ----D---- C:\temp
2010-01-31 11:27:07 ----DC---- C:\WINDOWS\system32\dllcache
2010-01-31 11:27:07 ----D---- C:\Program Files\Internet Explorer
2010-01-31 11:27:05 ----D---- C:\WINDOWS\ie8updates
2010-01-31 11:26:19 ----D---- C:\WINDOWS\$hf_mig$
2010-01-31 10:54:59 ----D---- C:\Program Files\Family Toolbar
2010-01-30 08:14:29 ----D---- C:\WINDOWS\system32\config
2010-01-30 08:13:44 ----D---- C:\WINDOWS\system32\wbem
2010-01-30 08:04:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-01-29 17:27:40 ----D---- C:\Documents and Settings\Jiří Kaštovský\Data aplikací\Thinstall
2010-01-29 15:33:56 ----D---- C:\Documents and Settings\Jiří Kaštovský\Data aplikací\uTorrent
2010-01-29 14:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2010-01-29 07:34:45 ----D---- C:\WINDOWS\system
2010-01-27 16:24:06 ----D---- C:\Documents and Settings
2010-01-27 15:45:28 ----AC---- C:\WINDOWS\win.ini
2010-01-26 18:56:11 ----D---- C:\Documents and Settings\Jiří Kaštovský\Data aplikací\Mozilla
2010-01-25 20:58:59 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2010-01-25 19:11:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2010-01-25 16:57:05 ----SHD---- C:\System Volume Information
2010-01-25 16:57:05 ----D---- C:\WINDOWS\system32\Restore
2010-01-24 07:07:11 ----D---- C:\WINDOWS\Debug
2010-01-24 07:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2010-01-23 17:37:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-23 15:16:04 ----RSD---- C:\WINDOWS\Fonts
2010-01-23 14:39:17 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-01-23 14:23:09 ----D---- C:\Program Files\WinZip
2010-01-23 14:23:09 ----D---- C:\Program Files\WinRAR
2010-01-22 15:26:19 ----RASH---- C:\boot.ini
2010-01-21 19:10:39 ----D---- C:\WINDOWS\XXLGS
2010-01-20 15:35:27 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-19 16:58:36 ----D---- C:\Program Files\Common Files\ACD Systems
2010-01-18 18:49:16 ----D---- C:\Documents and Settings\Jiří Kaštovský\Data aplikací\Orbit
2010-01-17 15:10:01 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-17 15:00:39 ----D---- C:\WINDOWS\Media
2010-01-17 15:00:39 ----D---- C:\WINDOWS\Help
2010-01-17 14:55:09 ----D---- C:\WINDOWS\system32\cs-cz
2010-01-17 14:33:51 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2010-01-16 19:27:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2010-01-16 17:16:02 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2010-01-16 15:27:38 ----D---- C:\Documents and Settings\Jiří Kaštovský\Data aplikací\LangSoft
2010-01-16 09:45:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\ABBYY
2010-01-13 15:57:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-01-31 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-01-31 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-01-31 108552]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2003-10-10 52128]
R2 vsp1284d;vsp1284d; C:\WINDOWS\system32\VSP1284D.SYS [1999-07-31 58304]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-05-04 1133056]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2004-04-15 42496]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-31 22016]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-19 47360]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-01-31 211712]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys []
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys []
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys []
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys []
S3 AshAVMon;AshAVMon; C:\WINDOWS\system32\drivers\AshAVMon.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\JIKATO~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\System32\ntsim.sys []
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\WINDOWS\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\WINDOWS\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 23552]
S3 tap0901_2gm;VPN Anonymizer Adapter; C:\WINDOWS\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a2 Free\a2service.exe [2009-10-01 1858144]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2005-05-04 364544]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2010-01-31 297752]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-05-03 516096]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-11 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-08-08 208896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[motji]

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem

[kastovskyjiri]

ComboFix 10-02-04.08 - Jiří Kaštovský 05.02.2010 16:49:32.12.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1279.669 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jiří Kaštovský\Plocha\ComboFix.exe
AV: Ashampoo AntiVirus *On-access scanning enabled* (Updated) {87430BA8-187A-42D6-A8FE-8E00DF291089}
AV: AVG Internet Security Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-05 do 2010-02-05 )))))))))))))))))))))))))))))))
.

2010-02-04 17:24 . 2010-02-05 15:03 -------- d-----w- c:\program files\trend micro
2010-01-31 15:39 . 2010-01-31 15:39 -------- d-----w- c:\windows\Downloaded Program Files
2010-01-31 15:34 . 2010-01-31 15:34 -------- d-----w- C:\PScanner Backup
2010-01-31 10:37 . 2010-01-14 10:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-31 10:18 . 2010-01-31 10:18 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-31 10:18 . 2010-01-31 10:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-31 10:18 . 2010-01-31 10:18 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-31 10:18 . 2010-01-31 10:18 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-31 10:18 . 2010-01-31 10:18 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-31 10:18 . 2010-02-05 12:10 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-30 09:59 . 2010-01-31 08:31 -------- d-----w- c:\program files\a2 Free
2010-01-30 07:13 . 2010-01-30 07:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-27 14:44 . 2010-01-27 14:44 -------- d-----w- c:\program files\MSSOAP
2010-01-27 14:43 . 2010-01-27 14:43 164 ----a-w- c:\windows\install.dat
2010-01-25 16:44 . 2010-01-25 16:44 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-01-25 16:41 . 2010-01-25 16:42 -------- d-----w- c:\windows\ERUNT
2010-01-24 13:38 . 2010-01-24 13:38 -------- d-----w- c:\program files\7-Zip
2010-01-23 13:25 . 2007-08-15 11:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2010-01-17 13:55 . 2010-01-17 13:56 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 15:56 . 2009-12-15 05:57 791552 ----a-w- c:\windows\system32\drivers\ypypq.sys
2010-01-31 09:54 . 2009-08-29 08:30 -------- d-----w- c:\program files\Family Toolbar
2010-01-20 14:35 . 2008-03-07 07:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 15:58 . 2009-06-05 12:31 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-01-01 16:10 . 2008-10-01 08:06 -------- d-----w- c:\program files\AVG
2009-12-30 13:26 . 2009-12-30 13:26 0 ----a-w- c:\windows\nsreg.dat
2009-12-29 08:38 . 2007-11-26 12:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-21 19:08 . 2001-10-25 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-19 10:00 . 2008-02-07 07:10 47360 -c--a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-19 10:00 . 2009-12-19 10:00 -------- d-----w- c:\program files\VSO
2009-12-15 11:30 . 2009-12-14 16:19 37607 ----a-w- C:\hnfk.exe
2009-12-10 17:27 . 2009-12-10 17:17 156746 -c--a-w- c:\windows\hpoins15.dat
2009-11-23 16:05 . 2008-04-30 09:50 56 -c-ha-w- c:\windows\system32\ezsidmv.dat
2009-11-21 16:03 . 2001-10-25 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2006-04-27 09:24 . 2006-04-27 09:24 2945024 -csha-r- c:\windows\system32\Smab.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-04_17.38.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-05 14:56 . 2010-02-05 14:56 16384 c:\windows\temp\Perflib_Perfdata_6a4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-12-01 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-03 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-01-31 2043160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-31 10:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ €)ˆS#Č)x3q\0D#\0c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.dat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"Google Update"="c:\documents and settings\Jiří Kaštovský\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"Family Tree Builder Update"=c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [31.1.2010 11:18 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31.1.2010 11:18 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31.1.2010 11:18 108552]
R2 a2free;a-squared Free Service;c:\program files\a2 Free\a2service.exe [30.1.2010 10:59 1858144]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [31.1.2010 11:17 297752]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [15.12.2009 17:51 27632]
S1 aswSP;avast! Self Protection; [x]
S3 AshAVMon;AshAVMon; [x]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [20.2.2009 15:03 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [20.2.2009 15:03 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [20.2.2009 15:03 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [20.2.2009 15:03 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [20.2.2009 15:03 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [20.2.2009 15:03 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [20.2.2009 15:03 109736]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [24.6.2004 3:54 23552]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 15:21 30720]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - AVG_ANTI-SPYWARE_GUARD
*Deregistered* - AVG Anti-Spyware Guard
*Deregistered* - ypypq

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = seznam.cz/
mWindow Title = Microsoft Internet Explorer
IE: Download images to iGrab
IE: Download videos to iGrab
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Stáhnout Star Downloaderem
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {F5607125-9AA5-4598-AE5C-784E2D3DD438} = 213.155.229.197,62.84.129.4
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 16:55
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ypypq]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1844237615-115176313-839522115-1003\Software\Andreas Haak\a*Ű]
"Language"="English"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(472)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1448)
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-02-05 16:58:41
ComboFix-quarantined-files.txt 2010-02-05 15:58

Před spuštěním: Volných bajtů: 24 751 403 008
Po spuštění: Volných bajtů: 24 710 369 280

Current=2 Default=2 Failed=4 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - 53AF76949451503A538774CF5BA852E9

[motji]

Viníka už vidím, ale nejprve
Máte 3 antiviry, ponechte pouze jeden
otestujte na www.virustotal.com
C:\hnfk.exe

[kastovskyjiri]

a-squared 4.5.0.50 2010.02.05 -
AhnLab-V3 5.0.0.2 2010.02.05 -
AntiVir 7.9.1.158 2010.02.05 -
Antiy-AVL 2.0.3.7 2010.02.05 Backdoor/Win32.IRCNite.gen
Authentium 5.2.0.5 2010.02.05 W32/Damaged_File.gen!Eldorado
Avast 4.8.1351.0 2010.02.05 Win32:Malware-gen
AVG 9.0.0.730 2010.02.05 -
BitDefender 7.2 2010.02.05 Backdoor.IRC.ZGQ
CAT-QuickHeal 10.00 2010.02.05 -
ClamAV 0.96.0.0-git 2010.02.05 -
Comodo 3830 2010.02.05 -
DrWeb 5.0.1.12222 2010.02.05 BackDoor.IRC.Nite.36
eSafe 7.0.17.0 2010.02.04 -
eTrust-Vet 35.2.7285 2010.02.05 -
F-Prot 4.5.1.85 2010.02.05 W32/Damaged_File.gen!Eldorado
F-Secure 9.0.15370.0 2010.02.05 Backdoor.IRC.ZGQ
Fortinet 4.0.14.0 2010.02.05 -
GData 19 2010.02.05 Backdoor.IRC.ZGQ
Ikarus T3.1.1.80.0 2010.02.05 -
Jiangmin 13.0.900 2010.02.05 Backdoor/IRCNite.q
K7AntiVirus 7.10.967 2010.02.05 -
Kaspersky 7.0.0.125 2010.02.05 Backdoor.Win32.IRCNite.fq
McAfee 5883 2010.02.05 -
McAfee+Artemis 5883 2010.02.05 -
McAfee-GW-Edition 6.8.5 2010.02.05 Heuristic.BehavesLike.Win32.Downloader.H
Microsoft 1.5406 2010.02.05 -
NOD32 4838 2010.02.05 -
Norman 6.04.03 2010.02.05 -
nProtect 2009.1.8.0 2010.02.05 -
Panda 10.0.2.2 2010.02.05 -
PCTools 7.0.3.5 2010.02.05 -
Prevx 3.0 2010.02.05 -
Rising 22.33.04.04 2010.02.05 -
Sophos 4.50.0 2010.02.05 -
Sunbelt 3.2.1858.2 2010.02.05 -
TheHacker 6.5.1.0.180 2010.02.05 -
TrendMicro 9.120.0.1004 2010.02.05 -
VBA32 3.12.12.1 2010.02.05 Backdoor.Win32.IRCNite.fq
ViRobot 2010.2.5.2174 2010.02.05 Trojan.Win32.Downloader.65536.JC
VirusBuster 5.0.21.0 2010.02.04 -

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

KillAll::
Drivers::
ypypq
aswSP
AshAVMon
Colect::
c:\windows\system32\drivers\ypypq.sys
C:\hnfk.exe

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[kastovskyjiri]

Omlouvám se ale pod označením ComboFix se nevytvořil log ale nějaký soubor o velikosti 198Mb. Klasický log tam není.

[kastovskyjiri]

Uděla jsem chybu. Tady je ten log.

ComboFix 10-02-05.01 - Jiří Kaštovský 05.02.2010 19:07:07.14.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1279.591 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jiří Kaštovský\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jiří Kaštovský\Plocha\CFScript.txt.txt
AV: Ashampoo AntiVirus *On-access scanning enabled* (Updated) {87430BA8-187A-42D6-A8FE-8E00DF291089}
AV: AVG Internet Security Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-05 do 2010-02-05 )))))))))))))))))))))))))))))))
.

2010-02-04 17:24 . 2010-02-05 15:03 -------- d-----w- c:\program files\trend micro
2010-01-31 15:39 . 2010-01-31 15:39 -------- d-----w- c:\windows\Downloaded Program Files
2010-01-31 15:34 . 2010-01-31 15:34 -------- d-----w- C:\PScanner Backup
2010-01-31 10:37 . 2010-01-14 10:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-31 10:18 . 2010-01-31 10:18 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-31 10:18 . 2010-01-31 10:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-31 10:18 . 2010-01-31 10:18 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-31 10:18 . 2010-01-31 10:18 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-31 10:18 . 2010-01-31 10:18 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-31 10:18 . 2010-02-05 12:10 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-30 09:59 . 2010-01-31 08:31 -------- d-----w- c:\program files\a2 Free
2010-01-30 07:13 . 2010-01-30 07:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-27 14:44 . 2010-01-27 14:44 -------- d-----w- c:\program files\MSSOAP
2010-01-27 14:43 . 2010-01-27 14:43 164 ----a-w- c:\windows\install.dat
2010-01-25 16:44 . 2010-01-25 16:44 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-01-25 16:41 . 2010-01-25 16:42 -------- d-----w- c:\windows\ERUNT
2010-01-24 13:38 . 2010-01-24 13:38 -------- d-----w- c:\program files\7-Zip
2010-01-23 13:25 . 2007-08-15 11:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2010-01-17 13:55 . 2010-01-17 13:56 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 18:17 . 2009-12-15 05:57 791552 ----a-w- c:\windows\system32\drivers\ypypq.sys
2010-01-31 09:54 . 2009-08-29 08:30 -------- d-----w- c:\program files\Family Toolbar
2010-01-20 14:35 . 2008-03-07 07:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 15:58 . 2009-06-05 12:31 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-01-01 16:10 . 2008-10-01 08:06 -------- d-----w- c:\program files\AVG
2009-12-30 13:26 . 2009-12-30 13:26 0 ----a-w- c:\windows\nsreg.dat
2009-12-29 08:38 . 2007-11-26 12:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-21 19:08 . 2001-10-25 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-19 10:00 . 2008-02-07 07:10 47360 -c--a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-19 10:00 . 2009-12-19 10:00 -------- d-----w- c:\program files\VSO
2009-12-15 11:30 . 2009-12-14 16:19 37607 ----a-w- C:\hnfk.exe
2009-12-10 17:27 . 2009-12-10 17:17 156746 -c--a-w- c:\windows\hpoins15.dat
2009-11-23 16:05 . 2008-04-30 09:50 56 -c-ha-w- c:\windows\system32\ezsidmv.dat
2009-11-21 16:03 . 2001-10-25 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2006-04-27 09:24 . 2006-04-27 09:24 2945024 -csha-r- c:\windows\system32\Smab.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-12-01 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-03 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-01-31 2043160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-31 10:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ €)ˆS#Č)x3q\0D#\0c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.dat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"Google Update"="c:\documents and settings\Jiří Kaštovský\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"Family Tree Builder Update"=c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [31.1.2010 11:18 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31.1.2010 11:18 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31.1.2010 11:18 108552]
R2 a2free;a-squared Free Service;c:\program files\a2 Free\a2service.exe [30.1.2010 10:59 1858144]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [31.1.2010 11:17 297752]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [15.12.2009 17:51 27632]
S1 aswSP;avast! Self Protection; [x]
S3 AshAVMon;AshAVMon; [x]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [20.2.2009 15:03 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [20.2.2009 15:03 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [20.2.2009 15:03 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [20.2.2009 15:03 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [20.2.2009 15:03 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [20.2.2009 15:03 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [20.2.2009 15:03 109736]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [24.6.2004 3:54 23552]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 15:21 30720]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - AVG_ANTI-SPYWARE_GUARD
*Deregistered* - AVG Anti-Spyware Guard
*Deregistered* - ypypq

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = seznam.cz/
mWindow Title = Microsoft Internet Explorer
IE: Download images to iGrab
IE: Download videos to iGrab
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Stáhnout Star Downloaderem
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {F5607125-9AA5-4598-AE5C-784E2D3DD438} = 213.155.229.197,62.84.129.4
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 19:15
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ypypq]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1844237615-115176313-839522115-1003\Software\Andreas Haak\a*Ű]
"Language"="English"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(476)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2276)
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-02-05 19:20:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-05 18:20

Před spuštěním: Volných bajtů: 24 689 364 992
Po spuštění: Volných bajtů: 24 652 414 976

Current=2 Default=2 Failed=4 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - 29E6F73B03DEBAEEE5AEE975DAB76AD1

[motji]

Skript se neprovedl, měl jste ho dobře uložený?
Uložte jako CFskript.txt - typ - všechny soubory

[kastovskyjiri]

Omlouvám se, posilám nový log.


ComboFix 10-02-05.03 - Jiří Kaštovský 06.02.2010 6:59.15.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1279.654 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jiří Kaštovský\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jiří Kaštovský\Plocha\CFScript.txt.txt
AV: Ashampoo AntiVirus *On-access scanning enabled* (Updated) {87430BA8-187A-42D6-A8FE-8E00DF291089}
AV: AVG Internet Security Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-06 do 2010-02-06 )))))))))))))))))))))))))))))))
.

2010-02-04 17:24 . 2010-02-05 15:03 -------- d-----w- c:\program files\trend micro
2010-01-31 15:39 . 2010-01-31 15:39 -------- d-----w- c:\windows\Downloaded Program Files
2010-01-31 15:34 . 2010-01-31 15:34 -------- d-----w- C:\PScanner Backup
2010-01-31 10:37 . 2010-01-14 10:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-31 10:18 . 2010-01-31 10:18 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-31 10:18 . 2010-01-31 10:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-31 10:18 . 2010-01-31 10:18 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-31 10:18 . 2010-01-31 10:18 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-31 10:18 . 2010-01-31 10:18 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-31 10:18 . 2010-02-06 05:54 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-30 09:59 . 2010-01-31 08:31 -------- d-----w- c:\program files\a2 Free
2010-01-30 07:13 . 2010-01-30 07:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-27 14:44 . 2010-01-27 14:44 -------- d-----w- c:\program files\MSSOAP
2010-01-27 14:43 . 2010-01-27 14:43 164 ----a-w- c:\windows\install.dat
2010-01-25 16:44 . 2010-01-25 16:44 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-01-25 16:41 . 2010-01-25 16:42 -------- d-----w- c:\windows\ERUNT
2010-01-24 13:38 . 2010-01-24 13:38 -------- d-----w- c:\program files\7-Zip
2010-01-23 13:25 . 2007-08-15 11:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2010-01-17 13:55 . 2010-01-17 13:56 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 06:10 . 2009-12-15 05:57 791552 ----a-w- c:\windows\system32\drivers\ypypq.sys
2010-01-31 09:54 . 2009-08-29 08:30 -------- d-----w- c:\program files\Family Toolbar
2010-01-20 14:35 . 2008-03-07 07:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 15:58 . 2009-06-05 12:31 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-01-01 16:10 . 2008-10-01 08:06 -------- d-----w- c:\program files\AVG
2009-12-30 13:26 . 2009-12-30 13:26 0 ----a-w- c:\windows\nsreg.dat
2009-12-29 08:38 . 2007-11-26 12:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-21 19:08 . 2001-10-25 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-19 10:00 . 2008-02-07 07:10 47360 -c--a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-19 10:00 . 2009-12-19 10:00 -------- d-----w- c:\program files\VSO
2009-12-15 11:30 . 2009-12-14 16:19 37607 ----a-w- C:\hnfk.exe
2009-12-10 17:27 . 2009-12-10 17:17 156746 -c--a-w- c:\windows\hpoins15.dat
2009-11-23 16:05 . 2008-04-30 09:50 56 -c-ha-w- c:\windows\system32\ezsidmv.dat
2009-11-21 16:03 . 2001-10-25 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2006-04-27 09:24 . 2006-04-27 09:24 2945024 -csha-r- c:\windows\system32\Smab.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-12-01 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-03 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-01-31 2043160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-31 10:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ €)ˆS#Č)x3q\0D#\0c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.dat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"Google Update"="c:\documents and settings\Jiří Kaštovský\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"Family Tree Builder Update"=c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [31.1.2010 11:18 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31.1.2010 11:18 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31.1.2010 11:18 108552]
R2 a2free;a-squared Free Service;c:\program files\a2 Free\a2service.exe [30.1.2010 10:59 1858144]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [31.1.2010 11:17 297752]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [15.12.2009 17:51 27632]
S1 aswSP;avast! Self Protection; [x]
S3 AshAVMon;AshAVMon; [x]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [20.2.2009 15:03 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [20.2.2009 15:03 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [20.2.2009 15:03 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [20.2.2009 15:03 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [20.2.2009 15:03 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [20.2.2009 15:03 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [20.2.2009 15:03 109736]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [24.6.2004 3:54 23552]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 15:21 30720]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - AVG_ANTI-SPYWARE_GUARD
*Deregistered* - AVG Anti-Spyware Guard
*Deregistered* - ypypq

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = seznam.cz/
mWindow Title = Microsoft Internet Explorer
IE: Download images to iGrab
IE: Download videos to iGrab
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Stáhnout Star Downloaderem
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {F5607125-9AA5-4598-AE5C-784E2D3DD438} = 213.155.229.197,62.84.129.4
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 07:07
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ypypq]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1844237615-115176313-839522115-1003\Software\Andreas Haak\a*Ű]
"Language"="English"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(476)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1560)
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-02-06 07:13:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-06 06:13

Před spuštěním: Volných bajtů: 24 637 095 936
Po spuštění: Volných bajtů: 24 600 866 816

Current=2 Default=2 Failed=4 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - 0EA54EC35F6C03155B875F6549C5D102

[motji]

c:\documents and settings\Jiří Kaštovský\Plocha\CFScript.txt.txt
Zase ho máte špatně uložený
Z přílohy si stahněte soubor, rozbalte archiv, najdete tam již hotový skript - jen ho přetáhnete nad combofix

[kastovskyjiri]

ComboFix 10-02-05.04 - Jiří Kaštovský 06.02.2010 10:43:13.16.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1279.590 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jiří Kaštovský\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jiří Kaštovský\Plocha\CFskript\CFScript.txt
AV: Ashampoo AntiVirus *On-access scanning enabled* (Updated) {87430BA8-187A-42D6-A8FE-8E00DF291089}
AV: AVG Internet Security Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-06 do 2010-02-06 )))))))))))))))))))))))))))))))
.

2010-02-04 17:24 . 2010-02-05 15:03 -------- d-----w- c:\program files\trend micro
2010-01-31 15:39 . 2010-01-31 15:39 -------- d-----w- c:\windows\Downloaded Program Files
2010-01-31 10:37 . 2010-01-14 10:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-31 10:18 . 2010-01-31 10:18 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-31 10:18 . 2010-01-31 10:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-31 10:18 . 2010-01-31 10:18 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-31 10:18 . 2010-01-31 10:18 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-31 10:18 . 2010-01-31 10:18 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-31 10:18 . 2010-02-06 05:54 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-30 07:13 . 2010-01-30 07:13 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-27 14:44 . 2010-01-27 14:44 -------- d-----w- c:\program files\MSSOAP
2010-01-27 14:43 . 2010-01-27 14:43 164 ----a-w- c:\windows\install.dat
2010-01-25 16:44 . 2010-01-25 16:44 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-01-25 16:41 . 2010-01-25 16:42 -------- d-----w- c:\windows\ERUNT
2010-01-24 13:38 . 2010-01-24 13:38 -------- d-----w- c:\program files\7-Zip
2010-01-23 13:25 . 2007-08-15 11:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2010-01-17 13:55 . 2010-01-17 13:56 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 09:54 . 2009-12-15 05:57 791552 ----a-w- c:\windows\system32\drivers\ypypq.sys
2010-01-31 09:54 . 2009-08-29 08:30 -------- d-----w- c:\program files\Family Toolbar
2010-01-20 14:35 . 2008-03-07 07:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 15:58 . 2009-06-05 12:31 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-01-01 16:10 . 2008-10-01 08:06 -------- d-----w- c:\program files\AVG
2009-12-30 13:26 . 2009-12-30 13:26 0 ----a-w- c:\windows\nsreg.dat
2009-12-29 08:38 . 2007-11-26 12:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-21 19:08 . 2001-10-25 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-19 10:00 . 2008-02-07 07:10 47360 -c--a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-19 10:00 . 2009-12-19 10:00 -------- d-----w- c:\program files\VSO
2009-12-15 11:30 . 2009-12-14 16:19 37607 ----a-w- C:\hnfk.exe
2009-12-10 17:27 . 2009-12-10 17:17 156746 -c--a-w- c:\windows\hpoins15.dat
2009-11-23 16:05 . 2008-04-30 09:50 56 -c-ha-w- c:\windows\system32\ezsidmv.dat
2009-11-21 16:03 . 2001-10-25 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2006-04-27 09:24 . 2006-04-27 09:24 2945024 -csha-r- c:\windows\system32\Smab.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2009-12-01 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-05-03 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-01-31 2043160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-31 10:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ €)ˆS#Č)x3q\0D#\0c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\DATAAP~1\SPYWAR~1\sp_rsdel.dat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"Google Update"="c:\documents and settings\Jiří Kaštovský\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"Family Tree Builder Update"=c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [31.1.2010 11:18 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [31.1.2010 11:18 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [31.1.2010 11:18 108552]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [6.12.2007 21:03 660768]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [31.1.2010 11:17 297752]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [15.12.2009 17:51 27632]
S1 aswSP;avast! Self Protection; [x]
S3 AshAVMon;AshAVMon; [x]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [20.2.2009 15:03 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [20.2.2009 15:03 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [20.2.2009 15:03 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [20.2.2009 15:03 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [20.2.2009 15:03 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [20.2.2009 15:03 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [20.2.2009 15:03 109736]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [24.6.2004 3:54 23552]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 15:21 30720]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - AVG_ANTI-SPYWARE_GUARD
*Deregistered* - AVG Anti-Spyware Guard
*Deregistered* - ypypq

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = seznam.cz/
mWindow Title = Microsoft Internet Explorer
IE: Download images to iGrab
IE: Download videos to iGrab
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Stáhnout Star Downloaderem
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: {F5607125-9AA5-4598-AE5C-784E2D3DD438} = 213.155.229.197,62.84.129.4
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 10:51
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ypypq]

.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(476)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1904)
c:\documents and settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-02-06 10:57:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-06 09:57
ComboFix2.txt 2010-02-06 06:13

Před spuštěním: Volných bajtů: 24 592 306 176
Po spuštění: Volných bajtů: 24 572 174 336

Current=2 Default=2 Failed=4 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - 36299F066869DBE5321D353AD9A9050C

[motji]

Já se omlouvám ale mám hned 2 chyby ve skriptu
, proto se příkazy neprovedli. Nezlobte se, hned to napravím .
Asi jsem včera už na to špatně viděla

V příloze máte nový skript