kontrola logu - blokace stranek s antiviry

[Dan_2009]

Zdravim, prosim o konrolu logu.. Do pocitace se zrejme dostal nejaky vir ci malware - nesel aktualizovat antivir ani spybot, pozdeji jsem zjistil, ze pocitac se nepripoji na zadnou web stranku s antivirem (eset, norton,avg) atd. prestoze jinak vsechny stranky na internetu funguji bez problemu. Diky za odpoved.

Logfile of HijackThis v1.99.1
Scan saved at 18:15, on 11.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\eLiska\MSSQL$ELISKACLIENT2003\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\O2 Pruvodce pripojenim\ConfTelefonica.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\ToshibaBTServer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ConfTelefonica.exe] C:\Program Files\O2 Pruvodce pripojenim\ConfTelefonica.exe /run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: MultiFrame.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1221135531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9382F7C7-15C2-492F-A0DD-DA2421BCFE41}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: urqNHARH - urqNHARH.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

[Reklama]

[jaro3]

Vítej na fóru PC-HELP!
Odinstaluj: AskTBar

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Příště novější verzi HJT:
http://www.trendsecure.com/portal/en-US ... ckThis.exe

[Dan_2009]

Diky za pomoc.. AskTBar odinstalovan.. nainstaloval sem naopak znovu alespon free verzi AVG, sice ji nemohu zaktualizovat, ale nechtel jsem se pripojovat na internet bez nulove ochrany..

Malwarebytes' Anti-Malware mi bohuzel nejde nainstalovat, a to ani v nouzovem rezimu ani pod uctem administratora.. instalace vubec nezacne, po spusteni souboru se dvakrat otoci presypaci hodiny a konec. Aplikace stale bezi (ve spravci uloh zabira kolem 2MB pameti), ale neotevre se zadne okno. Co s tim?

Prikladam vypis z nejnovejsiho HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26, on 12.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\eLiska\MSSQL$ELISKACLIENT2003\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\O2 Pruvodce pripojenim\ConfTelefonica.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\ToshibaBTServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
G:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ConfTelefonica.exe] C:\Program Files\O2 Pruvodce pripojenim\ConfTelefonica.exe /run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: MultiFrame.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1221135531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9382F7C7-15C2-492F-A0DD-DA2421BCFE41}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: urqNHARH - urqNHARH.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7248 bytes

[jaro3]

Zkus si zde
http://uloz.to/1086026/Tools.zip

stáhnout některé prográmky co by se nám mohly hodit.
Rozbal si archiv do svého adresáře. Soubory jsou záměrně pojmenované jinak než původní v návodech, tak se nediv.
Zkus pak spustit.
Nejlépe když půjde VerTer.
Návod:
Je to ve skutečnosti ComboFix:
ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud nepůjde , spusť další ikony ve složce Tools a dej sem log z kterého půjde.

[Dan_2009]

Tady je ten ComboFix:

ComboFix 09-01-11.04 - Uzivatel 2009-01-12 21:10:25.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.959.581 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uzivatel\Plocha\tools\VerTer.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\drivers\TDSSpqxt.sys
c:\windows\system32\TDSScfub.dll
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSnmxa.log
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSStkdv.log

----- BITS: Možné infikované stránky -----

hxxp://bgbtorlopos.com
Nakažená kopie byla nalezena a vyléčena.
Obnovena kopie z -

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys


((((((((((((((((((((((((( Soubory vytvořené od 2008-12-12 do 2009-01-12 )))))))))))))))))))))))))))))))
.

2009-01-12 20:24 . 2009-01-12 20:24 <DIR> d-------- c:\program files\Total Commander
2009-01-12 20:24 . 2009-01-12 20:48 634 --a------ c:\windows\wincmd.ini
2009-01-12 20:24 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2009-01-12 20:24 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2009-01-12 20:24 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2009-01-12 20:24 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2009-01-12 20:24 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2009-01-12 20:24 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2009-01-12 20:24 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF
2009-01-12 19:23 . 2009-01-12 19:23 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-12 19:23 . 2009-01-12 19:23 <DIR> d-------- c:\program files\AVG
2009-01-12 19:23 . 2009-01-12 19:23 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\AVGTOOLBAR
2009-01-12 19:23 . 2009-01-12 19:23 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-12 19:23 . 2009-01-12 19:23 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-12 19:23 . 2009-01-12 19:23 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-12 19:15 . 2009-01-12 19:15 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Sony Ericsson
2009-01-11 17:13 . 2009-01-11 17:13 <DIR> d-------- c:\program files\CCleaner
2009-01-11 16:51 . 2009-01-11 16:51 <DIR> d-------- c:\program files\CDBurnerXP
2009-01-11 16:51 . 2009-01-11 16:51 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\Canneverbe_Limited
2009-01-11 15:49 . 2008-08-04 12:14 <DIR> d-------- c:\documents and settings\Administrator\Plocha
2009-01-11 15:49 . 2008-08-04 12:14 <DIR> d--h----- c:\documents and settings\Administrator\Okolní tiskárny
2009-01-11 15:49 . 2008-08-04 12:14 <DIR> d--h----- c:\documents and settings\Administrator\Okolní síť
2009-01-11 15:49 . 2008-08-04 12:14 <DIR> d-------- c:\documents and settings\Administrator\Oblíbené položky
2009-01-11 15:49 . 2008-08-04 10:28 <DIR> d--h----- c:\documents and settings\Administrator\Šablony
2009-01-11 15:49 . 2008-08-04 12:14 <DIR> dr------- c:\documents and settings\Administrator\Nabídka Start
2009-01-11 15:49 . 2008-08-04 12:14 <DIR> d-------- c:\documents and settings\Administrator\Dokumenty
2009-01-11 15:49 . 2009-01-12 19:15 <DIR> dr-h----- c:\documents and settings\Administrator\Data aplikací
2009-01-11 15:49 . 2009-01-12 19:23 <DIR> d-------- c:\documents and settings\Administrator
2009-01-06 20:08 . 2008-04-14 04:22 26,112 --a------ c:\windows\system32\stu2.exe
2009-01-03 13:09 . 2009-01-03 13:09 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\Nero
2009-01-03 12:58 . 2009-01-12 19:05 <DIR> d-------- c:\program files\AskTBar
2008-12-28 11:10 . 2008-12-28 11:10 <DIR> d-------- c:\program files\ICQ6Toolbar
2008-12-28 11:10 . 2008-12-28 11:10 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ICQ
2008-12-18 15:42 . 2008-12-18 15:42 0 --a------ c:\windows\mngui.INI
2008-12-18 15:40 . 2008-12-18 15:40 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\Teleca
2008-12-18 15:27 . 2008-12-18 15:27 <DIR> d-------- c:\program files\Common Files\Teleca Shared
2008-12-18 15:27 . 2008-12-18 15:27 <DIR> d-------- c:\program files\Common Files\Sony Ericsson Shared
2008-12-18 15:27 . 2008-12-18 15:27 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\Sony Ericsson
2008-12-18 15:26 . 2008-12-18 15:26 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-18 15:25 . 2008-12-18 15:25 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Teleca
2008-12-17 22:13 . 2008-12-17 22:13 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Avanquest Bluetooth SDK
2008-12-17 22:11 . 2008-05-16 12:33 120,744 --a------ c:\windows\system32\drivers\s0016mdm.sys
2008-12-17 22:11 . 2008-05-16 12:33 115,752 --a------ c:\windows\system32\drivers\s0016unic.sys
2008-12-17 22:11 . 2008-05-16 12:33 114,216 --a------ c:\windows\system32\drivers\s0016mgmt.sys
2008-12-17 22:11 . 2008-05-16 12:33 110,632 --a------ c:\windows\system32\drivers\s0016obex.sys
2008-12-17 22:11 . 2008-05-16 12:33 89,256 --a------ c:\windows\system32\drivers\s0016bus.sys
2008-12-17 22:11 . 2008-05-16 12:33 25,512 --a------ c:\windows\system32\drivers\s0016nd5.sys
2008-12-17 22:11 . 2008-05-16 12:33 15,016 --a------ c:\windows\system32\drivers\s0016mdfl.sys
2008-12-17 22:11 . 2008-05-16 12:33 12,200 --a------ c:\windows\system32\drivers\s0016whnt.sys
2008-12-17 22:11 . 2008-05-16 12:33 12,200 --a------ c:\windows\system32\drivers\s0016wh.sys
2008-12-17 22:11 . 2008-05-16 12:33 12,200 --a------ c:\windows\system32\drivers\s0016cmnt.sys
2008-12-17 22:11 . 2008-05-16 12:33 12,200 --a------ c:\windows\system32\drivers\s0016cm.sys
2008-12-17 22:11 . 2008-05-16 12:33 10,792 --a------ c:\windows\system32\drivers\s0016cr.sys
2008-12-17 22:10 . 2008-12-17 22:11 <DIR> d----c--- c:\windows\system32\DRVSTORE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 18:23 --------- d-----w c:\documents and settings\All Users\Data aplikací\avg8
2009-01-11 15:53 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-11 15:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-11 15:20 --------- d-----w c:\program files\CyberLink
2009-01-11 15:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2009-01-08 08:42 --------- d-----w c:\documents and settings\Uzivatel\Data aplikací\OpenOffice.org2
2009-01-06 08:55 --------- d-----w c:\program files\eLiska
2009-01-03 10:59 --------- d-----w c:\program files\Common Files\Ahead
2009-01-03 10:12 --------- d-----w c:\documents and settings\Uzivatel\Data aplikací\Ahead
2008-12-18 14:27 --------- d-----w c:\program files\Sony Ericsson
2008-12-17 21:10 --------- d-----w c:\documents and settings\All Users\Data aplikací\Sony Ericsson
2008-12-17 20:51 --------- d-----w c:\program files\O2 Pruvodce pripojenim
2008-12-02 11:37 --------- d-----w c:\documents and settings\All Users\Data aplikací\LightScribe
2008-11-17 22:30 --------- d-----w c:\documents and settings\Uzivatel\Data aplikací\Skype
2008-11-17 20:33 --------- d-----w c:\documents and settings\Uzivatel\Data aplikací\skypePM
2008-08-04 16:09 56 --sh--r c:\windows\system32\0CD8BF0539.sys
2008-08-04 16:09 2,098 --sha-w c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ConfTelefonica.exe"="c:\program files\O2 Pruvodce pripojenim\ConfTelefonica.exe" [2006-11-13 905216]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-12 1261336]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-05-24 49152]
MultiFrame.lnk - c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe [2008-08-04 491520]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.ffds"= c:\program files\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-12 97928]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\ATK0100\ASNDIS5.sys [2008-08-04 16269]
R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Adapter;c:\windows\system32\drivers\atl02_xp.sys [2008-08-04 27776]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-03-02 69120]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [2008-08-04 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2008-08-04 7808]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-12 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-12 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-12 76040]
R4 MSSQL$ELISKACLIENT2003;MSSQL$ELISKACLIENT2003;c:\program files\eLiska\MSSQL$ELISKACLIENT2003\Binn\sqlservr.exe -sELISKACLIENT2003 --> c:\program files\eLiska\MSSQL$ELISKACLIENT2003\Binn\sqlservr.exe -sELISKACLIENT2003 [?]
S3 k310bus;Sony Ericsson K310 Driver driver (WDM);c:\windows\system32\drivers\k310bus.sys [2008-01-09 60800]
S3 k310mdfl;Sony Ericsson K310 USB WMC Modem Filter;c:\windows\system32\drivers\k310mdfl.sys [2008-01-09 9264]
S3 k310mdm;Sony Ericsson K310 USB WMC Modem Driver;c:\windows\system32\drivers\k310mdm.sys [2008-01-09 96352]
S3 k310mgmt;Sony Ericsson K310 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k310mgmt.sys [2008-01-09 87824]
S3 k310obex;Sony Ericsson K310 USB WMC OBEX Interface;c:\windows\system32\drivers\k310obex.sys [2008-01-09 85696]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2008-12-17 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2008-12-17 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2008-12-17 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2008-12-17 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2008-12-17 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2008-12-17 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2008-12-17 115752]
S3 SQLAgent$ELISKACLIENT2003;SQLAgent$ELISKACLIENT2003;c:\program files\eLiska\MSSQL$ELISKACLIENT2003\Binn\sqlagent.EXE -i ELISKACLIENT2003 --> c:\program files\eLiska\MSSQL$ELISKACLIENT2003\Binn\sqlagent.EXE -i ELISKACLIENT2003 [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
.
Obsah adresáře 'Naplánované úlohy'

2008-12-22 c:\windows\Tasks\At1.job
- c:\windows\system32\0MFu4LuX.exe []

2008-12-23 c:\windows\Tasks\At10.job
- c:\windows\system32\0MFu4LuX.exe []

2009-01-08 c:\windows\Tasks\At11.job
- c:\windows\system32\0MFu4LuX.exe []

2009-01-08 c:\windows\Tasks\At12.job
- c:\windows\system32\0MFu4LuX.exe []

2009-01-06 c:\windows\Tasks\At13.job
- c:\windows\system32\0MFu4LuX.exe []

2009-01-08 c:\windows\Tasks\At14.job
- c:\windows\system32\0MFu4LuX.exe []

2009-01-11 c:\windows\Tasks\At15.job
- c:\windows\system32\0MFu4LuX.exe []

2009-01-11 c:\windows\Tasks\At16.job
- c:\windows\system32\0MFu4LuX.exe []

2009-01-05 c:\windows\Tasks\At17.job
- c:\windows\system32\0MFu4LuX.exe []

2009-01-04 c:\windows\Tasks\At18.job
- c:\windows\system32\0MFu4LuX.exe []

2009-01-11 c:\windows\Tasks\At19.job
- c:\windows\system32\0MFu4LuX.exe []

2008-12-23 c:\windows\Tasks\At2.job
- c:\windows\system32\0MFu4LuX.exe []

2009-01-12 c:\windows\Tasks\At20.job
- c:\windows\system32\0MFu4LuX.exe []

2009-01-12 c:\windows\Tasks\At21.job
- c:\windows\system32\0MFu4LuX.exe []

2009-01-09 c:\windows\Tasks\At22.job
- c:\windows\system32\0MFu4LuX.exe []

2009-01-09 c:\windows\Tasks\At23.job
- c:\windows\system32\0MFu4LuX.exe []

2009-01-09 c:\windows\Tasks\At24.job
- c:\windows\system32\0MFu4LuX.exe []

2008-12-06 c:\windows\Tasks\At3.job
- c:\windows\system32\0MFu4LuX.exe []

2008-10-22 c:\windows\Tasks\At4.job
- c:\windows\system32\0MFu4LuX.exe []

2008-10-22 c:\windows\Tasks\At5.job
- c:\windows\system32\0MFu4LuX.exe []

2008-10-22 c:\windows\Tasks\At6.job
- c:\windows\system32\0MFu4LuX.exe []

2008-10-22 c:\windows\Tasks\At7.job
- c:\windows\system32\0MFu4LuX.exe []

2008-10-22 c:\windows\Tasks\At8.job
- c:\windows\system32\0MFu4LuX.exe []

2008-12-08 c:\windows\Tasks\At9.job
- c:\windows\system32\0MFu4LuX.exe []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
Notify-urqNHARH - urqNHARH.dll


.
------- Doplňkový sken -------
.
uStart Page = about:blank
TCP: {9382F7C7-15C2-492F-A0DD-DA2421BCFE41} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\4wjgwm6w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 21:15:28
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\eLiska\MSSQL$ELISKACLIENT2003\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\ATK0100\ATKOSD.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
c:\program files\Sony Ericsson\Mobile\Mobile Phone Monitor\ToshibaBTServer.exe
.
**************************************************************************
.
Celkový čas: 2009-01-12 21:17:21 - počítač byl restartován [Uzivatel]
ComboFix-quarantined-files.txt 2009-01-12 20:17:17
ComboFix2.txt 2008-09-12 12:20:32

Před spuštěním: Volných bajtů: 42,090,131,456
Po spuštění: Volných bajtů: 42,095,759,360

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

292 --- E O F --- 2008-12-19 07:28:30

[jaro3]

Omlouvám se , ale budeme pokračovat zítra, vytvořím script.

[Dan_2009]

V poradku, ja jen ze se vse hodne zlepsilo.. lze jiz naisntalovat Malwarebytes' Anti-Malware, aktualizovat AVG i Spybot..

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\stu2.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\system32\0MFu4LuX.exe

Folder::
c:\program files\AskTBar

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\0CD8BF0539.sys
Vlož sem potom odkaz výsledku.

[Dan_2009]

Po přesunutí scriptu na ComboFix se program zeptal na aktualizaci a dal jsem OK. Pak se propgram restartoval, snad to ten script i tak vzalo.. tady je log:

ComboFix 09-01-13.04 - Uzivatel 2009-01-14 16:50:09.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.959.443 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uzivatel\Plocha\VerTer.exe
Použité ovládací přepínače :: c:\documents and settings\Uzivatel\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\system32\0MFu4LuX.exe
c:\windows\system32\stu2.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskTBar
c:\windows\system32\stu2.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-14 do 2009-01-14 )))))))))))))))))))))))))))))))
.

2009-01-12 23:33 . 2009-01-12 23:33 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-12 23:33 . 2009-01-12 23:33 <DIR> d-------- c:\program files\Ad-Aware
2009-01-12 23:33 . 2009-01-12 23:34 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Lavasoft
2009-01-12 22:29 . 2009-01-12 22:29 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-12 22:29 . 2009-01-12 22:29 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\Malwarebytes
2009-01-12 22:29 . 2009-01-12 22:29 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-01-12 22:29 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-12 22:29 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-12 22:22 . 2009-01-12 22:22 <DIR> d-------- c:\program files\GomPlayer
2009-01-12 22:22 . 2009-01-12 22:22 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\GRETECH
2009-01-12 21:53 . 2009-01-14 16:45 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-12 21:40 . 2009-01-14 14:28 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-12 21:36 . 2009-01-14 14:30 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-12 21:36 . 2009-01-12 21:36 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-12 21:36 . 2009-01-12 21:36 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-12 21:36 . 2009-01-12 21:36 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-12 20:24 . 2009-01-12 20:24 <DIR> d-------- c:\program files\Total Commander
2009-01-12 20:24 . 2009-01-12 23:50 1,988 --a------ c:\windows\wincmd.ini
2009-01-12 20:24 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF
2009-01-12 20:24 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF
2009-01-12 20:24 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF
2009-01-12 20:24 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF
2009-01-12 20:24 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF
2009-01-12 20:24 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF
2009-01-12 20:24 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF
2009-01-12 19:23 . 2009-01-12 19:23 <DIR> d-------- c:\program files\AVG
2009-01-12 19:15 . 2009-01-12 19:15 <DIR> d-------- c:\documents and settings\Administrator\Data aplikací\Sony Ericsson
2009-01-11 17:13 . 2009-01-11 17:13 <DIR> d-------- c:\program files\CCleaner
2009-01-11 16:51 . 2009-01-11 16:51 <DIR> d-------- c:\program files\CDBurnerXP
2009-01-11 16:51 . 2009-01-11 16:51 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\Canneverbe_Limited
2009-01-11 15:49 . 2008-08-04 12:14 <DIR> d-------- c:\documents and settings\Administrator\Plocha
2009-01-11 15:49 . 2008-08-04 12:14 <DIR> d--h----- c:\documents and settings\Administrator\Okolní tiskárny
2009-01-11 15:49 . 2008-08-04 12:14 <DIR> d--h----- c:\documents and settings\Administrator\Okolní síť
2009-01-11 15:49 . 2008-08-04 12:14 <DIR> d-------- c:\documents and settings\Administrator\Oblíbené položky
2009-01-11 15:49 . 2008-08-04 10:28 <DIR> d--h----- c:\documents and settings\Administrator\Šablony
2009-01-11 15:49 . 2008-08-04 12:14 <DIR> dr------- c:\documents and settings\Administrator\Nabídka Start
2009-01-11 15:49 . 2008-08-04 12:14 <DIR> d-------- c:\documents and settings\Administrator\Dokumenty
2009-01-11 15:49 . 2009-01-12 19:15 <DIR> dr-h----- c:\documents and settings\Administrator\Data aplikací
2009-01-11 15:49 . 2009-01-12 21:37 <DIR> d-------- c:\documents and settings\Administrator
2009-01-03 13:09 . 2009-01-03 13:09 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\Nero
2008-12-28 11:10 . 2008-12-28 11:10 <DIR> d-------- c:\program files\ICQ6Toolbar
2008-12-28 11:10 . 2008-12-28 11:10 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ICQ
2008-12-18 15:42 . 2008-12-18 15:42 0 --a------ c:\windows\mngui.INI
2008-12-18 15:40 . 2008-12-18 15:40 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\Teleca
2008-12-18 15:27 . 2008-12-18 15:27 <DIR> d-------- c:\program files\Common Files\Teleca Shared
2008-12-18 15:27 . 2008-12-18 15:27 <DIR> d-------- c:\program files\Common Files\Sony Ericsson Shared
2008-12-18 15:27 . 2008-12-18 15:27 <DIR> d-------- c:\documents and settings\Uzivatel\Data aplikací\Sony Ericsson
2008-12-18 15:26 . 2008-12-18 15:26 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-18 15:25 . 2008-12-18 15:25 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Teleca
2008-12-17 22:13 . 2008-12-17 22:13 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Avanquest Bluetooth SDK
2008-12-17 22:11 . 2008-05-16 12:33 120,744 --a------ c:\windows\system32\drivers\s0016mdm.sys
2008-12-17 22:11 . 2008-05-16 12:33 115,752 --a------ c:\windows\system32\drivers\s0016unic.sys
2008-12-17 22:11 . 2008-05-16 12:33 114,216 --a------ c:\windows\system32\drivers\s0016mgmt.sys
2008-12-17 22:11 . 2008-05-16 12:33 110,632 --a------ c:\windows\system32\drivers\s0016obex.sys
2008-12-17 22:11 . 2008-05-16 12:33 89,256 --a------ c:\windows\system32\drivers\s0016bus.sys
2008-12-17 22:11 . 2008-05-16 12:33 25,512 --a------ c:\windows\system32\drivers\s0016nd5.sys
2008-12-17 22:11 . 2008-05-16 12:33 15,016 --a------ c:\windows\system32\drivers\s0016mdfl.sys
2008-12-17 22:11 . 2008-05-16 12:33 12,200 --a------ c:\windows\system32\drivers\s0016whnt.sys
2008-12-17 22:11 . 2008-05-16 12:33 12,200 --a------ c:\windows\system32\drivers\s0016wh.sys
2008-12-17 22:11 . 2008-05-16 12:33 12,200 --a------ c:\windows\system32\drivers\s0016cmnt.sys
2008-12-17 22:11 . 2008-05-16 12:33 12,200 --a------ c:\windows\system32\drivers\s0016cm.sys
2008-12-17 22:11 . 2008-05-16 12:33 10,792 --a------ c:\windows\system32\drivers\s0016cr.sys
2008-12-17 22:10 . 2008-12-17 22:11 <DIR> d----c--- c:\windows\system32\DRVSTORE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 14:25 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-12 20:36 --------- d-----w c:\documents and settings\All Users\Data aplikací\avg8
2009-01-11 15:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-11 15:20 --------- d-----w c:\program files\CyberLink
2009-01-11 15:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2009-01-08 08:42 --------- d-----w c:\documents and settings\Uzivatel\Data aplikací\OpenOffice.org2
2009-01-06 08:55 --------- d-----w c:\program files\eLiska
2009-01-03 10:59 --------- d-----w c:\program files\Common Files\Ahead
2009-01-03 10:12 --------- d-----w c:\documents and settings\Uzivatel\Data aplikací\Ahead
2008-12-18 14:27 --------- d-----w c:\program files\Sony Ericsson
2008-12-17 21:10 --------- d-----w c:\documents and settings\All Users\Data aplikací\Sony Ericsson
2008-12-17 20:51 --------- d-----w c:\program files\O2 Pruvodce pripojenim
2008-12-02 11:37 --------- d-----w c:\documents and settings\All Users\Data aplikací\LightScribe
2008-11-17 22:30 --------- d-----w c:\documents and settings\Uzivatel\Data aplikací\Skype
2008-11-17 20:33 --------- d-----w c:\documents and settings\Uzivatel\Data aplikací\skypePM
2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-08-04 16:09 56 --sh--r c:\windows\system32\0CD8BF0539.sys
2008-08-04 16:09 2,098 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2009-01-12_21.16.28.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-12 18:23:16 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2009-01-12 20:36:40 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2008-04-29 09:19:50 12,960 ----a-w c:\windows\system32\drivers\Awrtpd.sys
+ 2008-04-29 09:19:54 15,648 ----a-w c:\windows\system32\drivers\Awrtrd.sys
+ 2008-04-29 09:20:00 15,648 ----a-w c:\windows\system32\drivers\NSDriver.sys
+ 2008-05-16 09:58:04 12,632 ----a-w c:\windows\system32\lsdelete.exe
+ 2009-01-14 13:28:56 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_8c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ConfTelefonica.exe"="c:\program files\O2 Pruvodce pripojenim\ConfTelefonica.exe" [2006-11-13 905216]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-06-08 53248]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-05-30 811008]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-12 1261336]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-05-24 49152]
MultiFrame.lnk - c:\program files\ASUS\Asus MultiFrame\MultiFrame.exe [2008-08-04 491520]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= msaud32_divx.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.ffds"= c:\program files\ffdshow\ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-12 97928]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\ATK0100\ASNDIS5.sys [2008-08-04 16269]
R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Adapter;c:\windows\system32\drivers\atl02_xp.sys [2008-08-04 27776]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-03-02 69120]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [2008-08-04 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2008-08-04 7808]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-12 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-12 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-12 76040]
R4 MSSQL$ELISKACLIENT2003;MSSQL$ELISKACLIENT2003;c:\program files\eLiska\MSSQL$ELISKACLIENT2003\Binn\sqlservr.exe -sELISKACLIENT2003 --> c:\program files\eLiska\MSSQL$ELISKACLIENT2003\Binn\sqlservr.exe -sELISKACLIENT2003 [?]
S3 k310bus;Sony Ericsson K310 Driver driver (WDM);c:\windows\system32\drivers\k310bus.sys [2008-01-09 60800]
S3 k310mdfl;Sony Ericsson K310 USB WMC Modem Filter;c:\windows\system32\drivers\k310mdfl.sys [2008-01-09 9264]
S3 k310mdm;Sony Ericsson K310 USB WMC Modem Driver;c:\windows\system32\drivers\k310mdm.sys [2008-01-09 96352]
S3 k310mgmt;Sony Ericsson K310 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k310mgmt.sys [2008-01-09 87824]
S3 k310obex;Sony Ericsson K310 USB WMC OBEX Interface;c:\windows\system32\drivers\k310obex.sys [2008-01-09 85696]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2008-12-17 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2008-12-17 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2008-12-17 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2008-12-17 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2008-12-17 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2008-12-17 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2008-12-17 115752]
S3 SQLAgent$ELISKACLIENT2003;SQLAgent$ELISKACLIENT2003;c:\program files\eLiska\MSSQL$ELISKACLIENT2003\Binn\sqlagent.EXE -i ELISKACLIENT2003 --> c:\program files\eLiska\MSSQL$ELISKACLIENT2003\Binn\sqlagent.EXE -i ELISKACLIENT2003 [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
TCP: {9382F7C7-15C2-492F-A0DD-DA2421BCFE41} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\documents and settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\4wjgwm6w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 16:51:48
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\avgrsstx.dll
.
Celkový čas: 2009-01-14 16:53:06
ComboFix-quarantined-files.txt 2009-01-14 15:53:03
ComboFix2.txt 2009-01-12 20:17:23
ComboFix3.txt 2008-09-12 12:20:32

Před spuštěním: Volných bajtů: 41 953 505 280
Po spuštění: Volných bajtů: 41,942,052,864

278 --- E O F --- 2008-12-19 07:28:30

[Dan_2009]

prikladam VirusTotal:

Soubor 0CD8BF0539.sys přijatý 2009.01.14 17:01:35 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/39 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 38 a 55 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.73 2009.01.14 -
AhnLab-V3 2009.1.15.0 2009.01.14 -
AntiVir 7.9.0.54 2009.01.14 -
Authentium 5.1.0.4 2009.01.14 -
Avast 4.8.1281.0 2009.01.13 -
AVG 8.0.0.229 2009.01.14 -
BitDefender 7.2 2009.01.14 -
CAT-QuickHeal 10.00 2009.01.14 -
ClamAV 0.94.1 2009.01.14 -
Comodo 931 2009.01.14 -
DrWeb 4.44.0.09170 2009.01.14 -
eSafe 7.0.17.0 2009.01.14 -
eTrust-Vet 31.6.6307 2009.01.14 -
F-Prot 4.4.4.56 2009.01.14 -
F-Secure 8.0.14470.0 2009.01.14 -
Fortinet 3.117.0.0 2009.01.14 -
GData 19 2009.01.14 -
Ikarus T3.1.1.45.0 2009.01.14 -
K7AntiVirus 7.10.584 2009.01.09 -
Kaspersky 7.0.0.125 2009.01.14 -
McAfee 5494 2009.01.13 -
McAfee+Artemis 5494 2009.01.13 -
Microsoft 1.4205 2009.01.14 -
NOD32 3764 2009.01.14 -
Norman 5.93.01 2009.01.13 -
nProtect 2009.1.8.0 2009.01.14 -
Panda 9.5.1.2 2009.01.13 -
PCTools 4.4.2.0 2009.01.14 -
Prevx1 V2 2009.01.14 -
Rising 21.12.22.00 2009.01.14 -
SecureWeb-Gateway 6.7.6 2009.01.14 -
Sophos 4.37.0 2009.01.14 -
Sunbelt 3.2.1831.2 2009.01.09 -
Symantec 10 2009.01.14 -
TheHacker 6.3.1.4.219 2009.01.14 -
TrendMicro 8.700.0.1004 2009.01.14 -
VBA32 3.12.8.10 2009.01.13 -
ViRobot 2009.1.14.1559 2009.01.14 -
VirusBuster 4.5.11.0 2009.01.14 -
Rozšiřující informace
File size: 56 bytes
MD5...: 921acfb97f918daa377218207311eb01
SHA1..: 0301b961b85fbe00cba5c7605324d55c61847818
SHA256: d66c43f055ed02eab8b067ab42afb17b3bd24ab0b97756626b6c2b34ca4c287a
SHA512: 04c38f8eb0c0f2519ef957438e31f52e24cad10c7e46a9aa0b9a591d30d64816
5f38aa3679fffcdc3936989ba4ba8370685a70598a9ddbd5b08772f174359490
ssdeep: 3:/ldEVv6aX:Qh
PEiD..: -
TrID..: File type identification
MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -

[Dan_2009]

a jeste HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07, on 14.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\eLiska\MSSQL$ELISKACLIENT2003\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\ToshibaBTServer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\O2 Pruvodce pripojenim\ConfTelefonica.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
G:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ConfTelefonica.exe] C:\Program Files\O2 Pruvodce pripojenim\ConfTelefonica.exe /run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: MultiFrame.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1221135531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9382F7C7-15C2-492F-A0DD-DA2421BCFE41}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7110 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: (no name) - - (no file)

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a RegCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Nainstaluj si javu:
Java SE Runtime Environment 6u11
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u11-windows-i586-p.exe
Pokud nejsou problémy, je to vše.