VIRY.CZ

Výpis z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-03-19 22:16:23
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 12 GB (65%) free of 19 GB
Total RAM: 255 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:49, on 19.3.2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\yuykmm.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\system32\Promon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} (G-Vista ActiveX) - http://www.cenia.cz/3dmodel/mzp/plugin/gvista31.cab
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} (Microsoft CMS HTML Editor Toolbar) - https://cms.skoda-auto.com/Centria/CMS/ ... rdhtml.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FADF8571-2163-415C-91D8-8D3EA0124FA1}: NameServer = 212.20.64.1,212.20.64.2
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: aewsd (cae) - Unknown owner - C:\WINNT\system32\yuykmm.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development LLC - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: NMS Service (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Microsoft Windows Genuine Updater (wgudtr) - Unknown owner - C:\WINNT\csrss.exe
O23 - Service: Microsoft Event Manager (wlg) - Unknown owner - C:\WINNT\system32\wlgs.exe

--
End of file - 5152 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\Avast041.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINNT\system32\msdxm.ocx [2005-06-03 849168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe [2001-08-08 69632]
"EM_EXEC"=C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2001-07-26 34816]
"Promon.exe"=C:\WINNT\system32\Promon.exe [2001-07-05 31232]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-03-10 77824]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"NeroFilterCheck"=C:\WINNT\system32\NeroCheck.exe [2001-07-09 155648]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"=C:\WINNT\system32\internat.exe [2001-06-13 20752]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nwprovau]
C:\WINNT\system32\nwprovau.dll [2006-09-01 140048]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\WINNT\System32\Notepad.exe %1
.js - open - C:\WINNT\System32\WScript.exe "%1" %*
.scr - open - "%1" /S "%3"
.vbs - edit - C:\WINNT\System32\Notepad.exe %1
.vbs - open - C:\WINNT\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-19 22:16:28 ----D---- C:\Program Files\trend micro
2010-03-19 22:16:23 ----D---- C:\rsit
2010-03-19 22:07:44 ----A---- C:\RSIT.exe
2010-03-19 21:53:41 ----A---- C:\window.exe
2010-03-15 11:16:51 ----A---- C:\WINNT\system32\msir2jp.dll
2010-03-15 11:16:51 ----A---- C:\WINNT\system32\kbdnecAT.dll
2010-03-15 11:16:51 ----A---- C:\WINNT\system32\kbdlk41j.dll
2010-03-15 11:16:51 ----A---- C:\WINNT\system32\kbdlk41a.dll
2010-03-15 11:16:50 ----A---- C:\WINNT\system32\kbdnecNT.dll
2010-03-15 11:16:50 ----A---- C:\WINNT\system32\kbdnec95.dll
2010-03-15 11:16:50 ----A---- C:\WINNT\system32\kbdibm02.dll
2010-03-15 11:16:50 ----A---- C:\WINNT\system32\kbdax2.dll
2010-03-15 11:16:50 ----A---- C:\WINNT\system32\kbd106n.dll
2010-03-15 11:16:50 ----A---- C:\WINNT\system32\kbd101.dll
2010-03-15 11:16:50 ----A---- C:\WINNT\system32\f3ahvoas.dll
2010-03-15 11:16:49 ----A---- C:\WINNT\system32\imejpmgr.exe
2010-03-15 11:16:32 ----A---- C:\WINNT\system32\ftlx0411.dll
2010-03-15 11:16:20 ----A---- C:\WINNT\system32\kbdjpn.dll
2010-03-15 11:16:16 ----A---- C:\WINNT\system32\kbd106.dll
2010-03-14 16:02:23 ----A---- C:\run.vbs
2010-03-12 17:54:24 ----A---- C:\WINNT\system32\135.exe
2010-03-12 12:26:43 ----A---- C:\WINNT\system32\chsbrkr.dll
2010-03-12 12:26:31 ----A---- C:\WINNT\system32\pyime.exe
2010-03-11 16:18:20 ----A---- C:\WINNT\system32\MRT.INI
2010-03-11 14:38:24 ----AS---- C:\WINNT\csrss.exe
2010-03-10 13:22:19 ----A---- C:\WINNT\system32\se6.exe
2010-03-06 13:07:52 ----A---- C:\WINNT\lee.exe
2010-03-06 13:07:42 ----A---- C:\WINNT\vis.bat
2010-03-05 12:51:41 ----A---- C:\WINNT\system32\yuykmm.exe
2010-03-04 10:20:23 ----A---- C:\WINNT\system32\svchost.exe.txt
2010-03-04 00:38:45 ----A---- C:\ff.bat
2010-03-04 00:38:45 ----A---- C:\a.bat
2010-02-22 17:13:20 ----AH---- C:\WINNT\system32\wlgs.exe
2010-02-22 13:45:13 ----RA---- C:\WINNT\system32\sc.exe
2010-02-22 13:45:11 ----RA---- C:\WINNT\system32\reg.exe
2010-02-22 13:45:10 ----RA---- C:\WINNT\system32\instsrv.exe
2010-02-22 13:44:48 ----A---- C:\WINNT\system32\DNTUS26.EXE
2010-02-22 01:37:20 ----A---- C:\WINNT\system32\find.bat
2010-02-22 01:37:20 ----A---- C:\WINNT\system32\edu.ini
2010-02-22 01:36:49 ----A---- C:\WINNT\system32\explorers.exe
2010-02-21 22:58:59 ----RASH---- C:\WINNT\asr_33364.exe
2010-02-21 13:45:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\HP
2010-02-21 13:41:24 ----D---- C:\Program Files\Common Files\HP
2010-02-21 13:37:12 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2010-02-21 13:33:36 ----RA---- C:\WINNT\system32\HPZc3212.dll
2010-02-21 13:33:36 ----RA---- C:\WINNT\system32\hpovst08.dll
2010-02-21 13:33:35 ----RA---- C:\WINNT\system32\hpotscl.dll
2010-02-21 13:33:35 ----RA---- C:\WINNT\system32\hpgtpusd.dll
2010-02-21 13:30:08 ----A---- C:\WINNT\system32\HPZisn12.dll
2010-02-21 13:30:08 ----A---- C:\WINNT\system32\HPZipt12.dll
2010-02-21 13:30:08 ----A---- C:\WINNT\system32\HPZipm12.exe
2010-02-21 13:30:08 ----A---- C:\WINNT\system32\HPZinw12.exe
2010-02-21 13:30:07 ----A---- C:\WINNT\system32\HPZipr12.dll
2010-02-21 13:30:07 ----A---- C:\WINNT\system32\HPZidr12.dll
2010-02-21 13:21:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\PrevxCSI
2010-02-21 13:21:34 ----A---- C:\WINNT\wininit.ini
2010-02-21 13:17:29 ----AHD---- C:\Config.Msi
2010-02-21 13:15:10 ----D---- C:\Documents and Settings\Administrator\Data aplikací\HP

======List of files/folders modified in the last 1 months======

2010-03-19 22:16:28 ----RD---- C:\Program Files
2010-03-19 22:16:27 ----D---- C:\WINNT\SYSTEM32
2010-03-19 20:31:15 ----D---- C:\WINNT\Temp
2010-03-19 12:00:51 ----D---- C:\WINNT\SECURITY
2010-03-19 08:12:40 ----D---- C:\WINNT\Debug
2010-03-19 08:10:50 ----SHD---- C:\WINNT\CSC
2010-03-19 08:10:49 ----D---- C:\WINNT\system32\CONFIG
2010-03-19 08:10:06 ----D---- C:\WINNT
2010-03-19 07:58:01 ----A---- C:\WINNT\run.vbs
2010-03-16 04:13:06 ----D---- C:\Program Files\Google
2010-03-15 11:16:57 ----D---- C:\WINNT\system32\DLLCACHE
2010-03-15 11:16:51 ----D---- C:\WINNT\Help
2010-03-15 11:16:37 ----RSD---- C:\WINNT\Fonts
2010-03-12 11:25:49 ----D---- C:\WINNT\system32\NtmsData
2010-03-11 21:56:45 ----A---- C:\WINNT\SchedLgU.Txt
2010-03-02 06:30:12 ----A---- C:\WINNT\system32\MRT.exe
2010-02-26 10:19:19 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-02-22 16:27:24 ----SD---- C:\WINNT\Tasks
2010-02-21 13:48:39 ----SHD---- C:\WINNT\Installer
2010-02-21 13:46:58 ----A---- C:\WINNT\WIN.INI
2010-02-21 13:41:24 ----D---- C:\Program Files\Hp
2010-02-21 13:41:24 ----D---- C:\Program Files\Common Files
2010-02-21 13:38:14 ----D---- C:\WINNT\system32\DRIVERS
2010-02-21 13:38:10 ----D---- C:\WINNT\TWAIN_32
2010-02-21 13:28:08 ----HD---- C:\WINNT\INF
2010-02-20 15:04:09 ----D---- C:\Documents and Settings

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINNT\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINNT\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINNT\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2001-03-02 52720]
R1 ClntMgmt.sys;ClntMgmt; C:\WINNT\System32\Drivers\ClntMgmt.sys [2001-05-18 44624]
R2 aswFsBlk;aswFsBlk; C:\WINNT\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon;avast! Standard Shield Support; C:\WINNT\system32\drivers\aswMon.sys [2009-11-25 93424]
R2 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2001-03-02 22585]
R3 aswRdr;aswRdr; C:\WINNT\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINNT\System32\DRIVERS\e100bnt5.sys [2001-05-18 119056]
R3 FTD2XX;FTD2XX.SYS FT8U2XX device driver; C:\WINNT\System32\Drivers\FTD2XX.sys [2004-10-15 29292]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINNT\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINNT\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINNT\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
R3 ichaud;Služba pro ovladač AC'97 (WDM); C:\WINNT\system32\drivers\ichaud.sys [1999-10-22 32592]
R3 l8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINNT\System32\DRIVERS\L8042pr2.sys [2001-07-23 50462]
R3 lkbdflt2;Logitech Keyboard Class Filter Driver; C:\WINNT\System32\DRIVERS\lkbdflt2.sys [2001-07-23 5838]
R3 lmouflt2;Logitech Mouse Class Filter Driver; C:\WINNT\System32\DRIVERS\lmouflt2.sys [2001-07-23 66142]
R3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINNT\system32\drivers\NMSCFG.SYS []
R3 nv4;nv4; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2001-06-07 785625]
R3 uhcd;Ovladač univerzálního hostitelského řadiče USB; C:\WINNT\System32\DRIVERS\uhcd.sys [2003-06-19 32848]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
R3 usbprint;Třída USB Printer; C:\WINNT\System32\DRIVERS\usbprint.sys [2003-06-19 21872]
R3 usbscan;Ovladač skeneru USB; C:\WINNT\System32\DRIVERS\usbscan.sys [2003-06-19 12592]
S2 HidUsb;Ovladač třídy standardu HID; C:\WINNT\System32\DRIVERS\hidusb.sys [1999-10-04 13904]
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\system32\DRIVERS\CCDECODE.sys [2001-10-08 15264]
S3 Dot4;HPPA IEEE-1284.4 Driver; C:\WINNT\system32\DRIVERS\hppadt40.sys [2001-01-16 50576]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINNT\system32\DRIVERS\hppaprt0.sys [2001-01-16 15792]
S3 mouhid;Ovladač myši standardu HID; C:\WINNT\System32\DRIVERS\mouhid.sys [2003-06-19 11632]
S3 MPE;BDA MPE Filter; C:\WINNT\system32\DRIVERS\MPE.sys [2001-10-16 13952]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2002-05-01 4896]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2001-10-08 86016]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2001-10-16 10368]
S3 smwdm;smwdm; C:\WINNT\system32\drivers\smwdm.sys [2001-08-24 442168]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2001-10-16 14400]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2001-10-08 18208]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 cae;aewsd; C:\WINNT\system32\yuykmm.exe [2010-03-05 45056]
R2 DNTUS26;DameWare NT Utilities 2.6; C:\WINNT\SYSTEM32\DNTUS26.EXE [2008-11-24 114688]
R2 ias;rtpyfhmy; C:\WINNT\System32\svchost.exe [2001-06-13 7952]
R2 NMSSvc;NMS Service; C:\WINNT\System32\NMSSvc.exe [2001-04-16 1036288]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINNT\system32\HPZipm12.exe [2004-09-29 69632]
R2 StiSvc;Still Image Service; C:\WINNT\system32\stisvc.exe [2003-06-19 61712]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINNT\system32\mspmspsv.exe [2001-05-01 53248]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 wlg;Microsoft Event Manager; C:\WINNT\system32\wlgs.exe [2007-01-02 15360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 wgudtr;Microsoft Windows Genuine Updater; C:\WINNT\csrss.exe [2004-08-11 65536]

-----------------EOF-----------------

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Ahoj,

díky za radu. ComboFix jsem spustil, zde je log.
Díky předem za ochotu!

ComboFix 10-03-20.06 - Administrator 21.03.2010 18:00:13.1.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.420.1029.18.255.106 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\a.bat
C:\LOG.TXT
C:\Logo.sys
c:\program files\\setup.exe
c:\winnt\asr_33364.exe
c:\winnt\run.vbs
c:\winnt\SYSTEM32\135.exe
c:\winnt\system32\explorers.exe
c:\winnt\system32\instsrv.exe
c:\winnt\Temp\135.exe
c:\winnt\Web\default.htt

c:\winnt\system32\comres.dll . . . je infikován!!

c:\winnt\system32\comres.dll . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-21 do 2010-03-21 )))))))))))))))))))))))))))))))
.

2010-03-20 22:17 . 2010-03-20 22:17 510 ----a-w- c:\winnt\run2.vbs
2010-03-20 08:06 . 2010-03-21 11:31 44544 ----a-w- C:\window.exe
2010-03-19 21:16 . 2010-03-19 21:16 -------- d-----w- c:\program files\trend micro
2010-03-19 21:16 . 2010-03-19 21:16 -------- d-----w- C:\rsit
2010-03-19 21:07 . 2010-03-19 21:07 781909 ----a-w- C:\RSIT.exe
2010-03-14 15:02 . 2010-03-14 15:02 57 ----a-w- C:\run.vbs
2010-03-12 11:26 . 2001-06-13 16:00 12560 ----a-w- c:\winnt\system32\chsbrkr.dll
2010-03-12 11:26 . 2001-06-13 16:00 12560 ----a-w- c:\winnt\system32\dllcache\chsbrkr.dll
2010-03-12 11:26 . 2001-06-13 16:00 3442432 ----a-w- c:\winnt\system32\pyime.exe
2010-03-12 11:26 . 2001-06-13 16:00 3442432 ----a-w- c:\winnt\system32\dllcache\pyime.exe
2010-03-10 12:22 . 2010-03-10 12:22 192512 ----a-w- c:\winnt\system32\se6.exe
2010-03-06 12:07 . 2010-03-06 12:09 96520 ----a-w- c:\winnt\lee.exe
2010-03-06 12:07 . 2010-03-06 12:07 83 ----a-w- c:\winnt\home.sys
2010-03-06 12:07 . 2010-03-06 12:07 125 ----a-w- c:\winnt\vis.bat
2010-03-05 11:51 . 2010-03-05 11:51 45056 ----a-w- c:\winnt\system32\yuykmm.exe
2010-03-03 23:38 . 2010-03-14 15:02 68 ----a-w- C:\ff.bat
2010-03-03 07:01 . 2010-03-03 07:01 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_214.dat
2010-02-22 16:13 . 2007-01-02 12:29 15360 ---ha-w- c:\winnt\system32\wlgs.exe
2010-02-22 12:45 . 2001-10-02 15:17 31232 ----a-r- c:\winnt\system32\sc.exe
2010-02-22 12:45 . 2006-03-02 11:00 53248 ----a-r- c:\winnt\system32\reg.exe
2010-02-22 12:44 . 2008-11-24 11:37 114688 ----a-w- c:\winnt\system32\DNTUS26.EXE
2010-02-22 00:37 . 2006-02-28 23:43 1634 ----a-w- c:\winnt\system32\find.bat
2010-02-21 12:41 . 2010-02-21 12:41 -------- d-----w- c:\program files\Common Files\HP
2010-02-21 12:37 . 2010-02-21 12:37 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-02-21 12:35 . 2005-03-08 04:43 16496 ----a-r- c:\winnt\system32\drivers\HPZipr12.sys
2010-02-21 12:34 . 2005-03-08 04:43 51120 ----a-r- c:\winnt\system32\drivers\HPZid412.sys
2010-02-21 12:33 . 2005-04-08 01:51 258122 ----a-r- c:\winnt\system32\hpovst08.dll
2010-02-21 12:33 . 2005-03-08 04:39 274432 ----a-r- c:\winnt\system32\HPZc3212.dll
2010-02-21 12:33 . 2005-04-08 01:51 229376 ----a-r- c:\winnt\system32\hpgtpusd.dll
2010-02-21 12:33 . 2005-04-08 01:51 606208 ----a-r- c:\winnt\system32\hpotscl.dll
2010-02-21 12:33 . 2003-06-19 20:05 12592 ----a-w- c:\winnt\system32\drivers\usbscan.sys
2010-02-21 12:33 . 2003-06-19 20:05 12592 ----a-w- c:\winnt\system32\dllcache\usbscan.sys
2010-02-21 12:30 . 2004-09-29 11:14 69632 ----a-w- c:\winnt\system32\HPZipm12.exe
2010-02-21 12:30 . 2004-09-29 11:09 57344 ----a-w- c:\winnt\system32\HPZisn12.dll
2010-02-21 12:30 . 2004-09-29 11:09 94208 ----a-w- c:\winnt\system32\HPZipt12.dll
2010-02-21 12:30 . 2004-09-29 11:08 61440 ----a-w- c:\winnt\system32\HPZinw12.exe
2010-02-21 12:30 . 2004-09-29 11:15 204800 ----a-w- c:\winnt\system32\HPZipr12.dll
2010-02-21 12:30 . 2004-09-29 11:12 278584 ----a-w- c:\winnt\system32\HPZidr12.dll
2010-02-21 12:15 . 2010-02-21 12:49 113341 ----a-w- c:\winnt\hpoins07.dat
2010-02-21 12:15 . 2005-05-24 02:48 21124 ------w- c:\winnt\hpomdl07.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 10:33 . 2009-04-17 12:51 -------- d-----w- c:\program files\Google
2010-02-21 12:41 . 2010-02-12 20:06 -------- d-----w- c:\program files\Hp
2010-02-21 12:39 . 2004-02-05 15:17 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-28 13:16 . 2001-06-13 19:00 320272 ------w- c:\winnt\system32\MSPAINT.EXE
2003-03-17 08:12 . 2003-03-17 08:12 28815 -c--a-w- c:\program files\irfanview380cz.zip
2003-03-17 08:07 . 2003-03-17 08:07 841216 -c--a-w- c:\program files\iview380.exe
2001-07-03 13:32 . 2001-07-03 13:32 22034 ---h--w- c:\program files\FOLDER.HTT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2001-06-13 20752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111888]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2001-08-08 69632]
"EM_EXEC"="c:\progra~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-07-26 34816]
"Promon.exe"="Promon.exe" [2001-07-05 31232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-03-10 77824]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NeroFilterCheck"="c:\winnt\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2001-06-13 20752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 188688]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]
2006-09-01 05:49 140048 ------w- c:\winnt\SYSTEM32\NWPROVAU.DLL

R?2 ewutesax;Configuration and tracking ;c:\winnt\System32\svchost.exe -k ewutesax [13.6.2001 20:00 7952]
R?2 sss;wjxepewq;c:\winnt\System32\svchost.exe -k sss [13.6.2001 20:00 7952]
R1 aswSP;avast! Self Protection;c:\winnt\SYSTEM32\DRIVERS\aswSP.sys [17.4.2008 5:48 114768]
R2 aswFsBlk;aswFsBlk;c:\winnt\SYSTEM32\DRIVERS\aswFsBlk.sys [17.4.2008 5:48 20560]
R2 aswMon;avast! Standard Shield Support;c:\winnt\SYSTEM32\DRIVERS\aswmon.sys [31.10.2006 10:40 93424]
R2 cae;aewsd;c:\winnt\SYSTEM32\yuykmm.exe [5.3.2010 12:51 45056]
R3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\winnt\SYSTEM32\DRIVERS\FTD2XX.sys [15.10.2004 16:49 29292]
S2 wlg;Microsoft Event Manager;c:\winnt\SYSTEM32\wlgs.exe [22.2.2010 17:13 15360]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - IPNAT
*NewlyCreated* - RASAUTO
*NewlyCreated* - SHAREDACCESS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ewutesax REG_MULTI_SZ ewutesax
sss REG_MULTI_SZ sss
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: %SystemRoot%\system32\msafd.dll
TCP: {FADF8571-2163-415C-91D8-8D3EA0124FA1} = 212.20.64.1,212.20.64.2
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} - hxxp://www.cenia.cz/3dmodel/mzp/plugin/gvista31.cab
DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} - hxxps://cms.skoda-auto.com/Centria/CMS/WebAuthor/Client/PlaceholderControlSupport/nrdhtml.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 18:18
Windows 5.0.2195 Service Pack 4 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ewutesax]
"servicedll"="c:\winnt\system32\ewute.lib"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sss]
"servicedll"="c:\progra~1\Google\mwdxy.obj"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(196)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
c:\winnt\system32\iphlpapi.dll
c:\winnt\system32\MPRAPI.dll
c:\winnt\system32\DHCPCSVC.DLL

- - - - - - - > 'explorer.exe'(1252)
c:\winnt\system32\SHDOCVW.DLL
c:\progra~1\MOUSEW~1\SYSTEM\LgMousHk.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\winnt\SYSTEM32\DNTUS26.EXE
c:\winnt\System32\NMSSvc.exe
c:\winnt\system32\HPZipm12.exe
c:\winnt\system32\regsvc.exe
c:\winnt\system32\MSTask.exe
c:\winnt\system32\stisvc.exe
c:\winnt\System32\WBEM\WinMgmt.exe
c:\winnt\system32\mspmspsv.exe
c:\winnt\system32\Promon.exe
c:\winnt\system32\internat.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-03-21 18:28:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-21 17:28

Před spuštěním: Volných bajtů: 12 998 729 728
Po spuštění: Volných bajtů: 14 470 543 360

- - End Of File - - D7704FD58EDEC67936654A932138F802

Ještě dočistíme. Otevřete poznámkový blok a zkopírujte do něj:

Collect::
C:\window.exe
c:\winnt\lee.exe
c:\winnt\home.sys
c:\winnt\vis.bat
c:\winnt\system32\yuykmm.exe
C:\ff.bat
c:\winnt\system32\sc.exe
c:\winnt\system32\reg.exe
c:\winnt\system32\DNTUS26.EXE
c:\winnt\system32\find.bat
c:\winnt\SYSTEM32\yuykmm.exe

Driver::
ewutesax
sss
cae

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

V systému chybí jakýkoliv ServicePack. Nainstalujte SP4.

Ahoj, po aplikaci skriptu následující log.
Myslíte, že je hotovo?

Díky!

ComboFix 10-04-01.02 - Administrator 02.04.2010 22:07:15.2.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.420.1029.18.255.129 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

file zipped: C:\ff.bat
file zipped: c:\winnt\home.sys
file zipped: c:\winnt\lee.exe
file zipped: c:\winnt\system32\DNTUS26.EXE
file zipped: c:\winnt\system32\find.bat
file zipped: c:\winnt\system32\reg.exe
file zipped: c:\winnt\system32\sc.exe
file zipped: c:\winnt\system32\yuykmm.exe
file zipped: c:\winnt\vis.bat
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\a.bat
C:\ff.bat
c:\winnt\home.sys
c:\winnt\lee.exe
c:\winnt\run.vbs
c:\winnt\SYSTEM32\135.exe
c:\winnt\system32\DNTUS26.EXE
c:\winnt\system32\find.bat
c:\winnt\system32\reg.exe
c:\winnt\system32\sc.exe
c:\winnt\system32\yuykmm.exe
c:\winnt\temp\8888.exe
c:\winnt\vis.bat

c:\winnt\system32\comres.dll . . . je infikován!!

c:\winnt\system32\comres.dll . . . je infikován!!

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CAE
-------\Legacy_EWUTESAX
-------\Legacy_SSS
-------\Service_cae
-------\Service_ewutesax
-------\Service_sss
-------\Legacy_DNTUS26
-------\Service_DNTUS26

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-02 do 2010-04-02 )))))))))))))))))))))))))))))))
.

2010-04-02 20:16 . 2010-04-02 20:16 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_218.dat
2010-04-02 01:43 . 2010-04-02 01:43 -------- d-----w- C:\DrWatson
2010-03-20 22:17 . 2010-03-24 23:08 510 ----a-w- c:\winnt\run2.vbs
2010-03-19 21:16 . 2010-03-19 21:16 -------- d-----w- c:\program files\trend micro
2010-03-19 21:16 . 2010-03-19 21:16 -------- d-----w- C:\rsit
2010-03-19 21:07 . 2010-03-19 21:07 781909 ----a-w- C:\RSIT.exe
2010-03-14 15:02 . 2010-03-14 15:02 57 ----a-w- C:\run.vbs
2010-03-12 11:26 . 2001-06-13 16:00 12560 ----a-w- c:\winnt\system32\chsbrkr.dll
2010-03-12 11:26 . 2001-06-13 16:00 12560 ----a-w- c:\winnt\system32\dllcache\chsbrkr.dll
2010-03-12 11:26 . 2001-06-13 16:00 3442432 ----a-w- c:\winnt\system32\pyime.exe
2010-03-12 11:26 . 2001-06-13 16:00 3442432 ----a-w- c:\winnt\system32\dllcache\pyime.exe
2010-03-10 12:22 . 2010-03-10 12:22 192512 ----a-w- c:\winnt\system32\se6.exe
2010-03-05 08:33 . 2010-03-05 08:33 579072 ----a-w- c:\winnt\system32\WININET.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 10:33 . 2009-04-17 12:51 -------- d-----w- c:\program files\Google
2010-02-21 12:49 . 2010-02-21 12:15 113341 ----a-w- c:\winnt\hpoins07.dat
2010-02-21 12:41 . 2010-02-21 12:41 -------- d-----w- c:\program files\Common Files\HP
2010-02-21 12:41 . 2010-02-12 20:06 -------- d-----w- c:\program files\Hp
2010-02-21 12:39 . 2004-02-05 15:17 -------- d-----w- c:\program files\Hewlett-Packard
2010-02-21 12:37 . 2010-02-21 12:37 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2003-03-17 08:12 . 2003-03-17 08:12 28815 -c--a-w- c:\program files\irfanview380cz.zip
2003-03-17 08:07 . 2003-03-17 08:07 841216 -c--a-w- c:\program files\iview380.exe
2001-07-03 13:32 . 2001-07-03 13:32 22034 ---h--w- c:\program files\FOLDER.HTT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2001-06-13 20752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111888]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2001-08-08 69632]
"EM_EXEC"="c:\progra~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-07-26 34816]
"Promon.exe"="Promon.exe" [2001-07-05 31232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-03-10 77824]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NeroFilterCheck"="c:\winnt\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2001-06-13 20752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 188688]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]
2006-09-01 05:49 140048 ------w- c:\winnt\SYSTEM32\NWPROVAU.DLL

R?2 ias;Fenpoter;c:\winnt\System32\svchost.exe -k netsvcs [13.6.2001 21:00 7952]
R?2 ushpyjxv;Configuration and tracking ;c:\winnt\System32\svchost.exe -k ushpyjxv [13.6.2001 21:00 7952]
R1 aswSP;avast! Self Protection;c:\winnt\SYSTEM32\DRIVERS\aswSP.sys [17.4.2008 6:48 114768]
R2 aswFsBlk;aswFsBlk;c:\winnt\SYSTEM32\DRIVERS\aswFsBlk.sys [17.4.2008 6:48 20560]
R2 aswMon;avast! Standard Shield Support;c:\winnt\SYSTEM32\DRIVERS\aswmon.sys [31.10.2006 11:40 93424]
R3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\winnt\SYSTEM32\DRIVERS\FTD2XX.sys [15.10.2004 17:49 29292]
S2 wlg;Microsoft Event Manager;c:\winnt\SYSTEM32\wlgs.exe [22.2.2010 18:13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ewutesax REG_MULTI_SZ ewutesax
sss REG_MULTI_SZ sss
ushpyjxv REG_MULTI_SZ ushpyjxv
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: %SystemRoot%\system32\msafd.dll
TCP: {FADF8571-2163-415C-91D8-8D3EA0124FA1} = 212.20.64.1,212.20.64.2
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {2CA0FF2C-0CE1-4382-A0C4-B2782965CCC2} - hxxp://www.cenia.cz/3dmodel/mzp/plugin/gvista31.cab
DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} - hxxps://cms.skoda-auto.com/Centria/CMS/WebAuthor/Client/PlaceholderControlSupport/nrdhtml.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 22:18
Windows 5.0.2195 Service Pack 4 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ias]
"servicedll"="c:\winnt\Web\fbkqb.lib"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ushpyjxv]
"servicedll"="c:\winnt\system32\befvj.lib"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(200)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'explorer.exe'(1388)
c:\winnt\system32\SHDOCVW.DLL
c:\progra~1\MOUSEW~1\SYSTEM\LgMousHk.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\winnt\System32\NMSSvc.exe
c:\winnt\system32\HPZipm12.exe
c:\winnt\system32\regsvc.exe
c:\winnt\system32\MSTask.exe
c:\winnt\system32\stisvc.exe
c:\winnt\System32\WBEM\WinMgmt.exe
c:\winnt\system32\mspmspsv.exe
c:\winnt\system32\Promon.exe
c:\winnt\system32\internat.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2010-04-02 22:27:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-02 20:27
ComboFix2.txt 2010-03-21 17:28

Před spuštěním: Volných bajtů: 14 429 711 360
Po spuštění: Volných bajtů: 14 398 448 640

- - End Of File - - 9D7B33D3C71EA4C4DA60C815BCF3E42E

Stáhněte odtud: http://www.dll-files.com/dllindex/dll-f ... tml?comres knihovnu comres.dll a rozbalte ji na plochu. Pak otevřte poznámkový blok a zkopírujte do něj:

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

FCopy::
c:\documents and settings\Administrator\Plocha\comres.dll | c:\winnt\system32\comres.dll

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

VIRY.CZ

Avast hlásí zavirovaný C:\window.exe

Avast hlásí zavirovaný C:\window.exe

Re: Avast hlásí zavirovaný C:\window.exe

Re: Avast hlásí zavirovaný C:\window.exe

Re: Avast hlásí zavirovaný C:\window.exe

Re: Avast hlásí zavirovaný C:\window.exe

Re: Avast hlásí zavirovaný C:\window.exe