Prosím o kontrolu logu

[beckal]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:20, on 5.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vsnp2uvc.exe
C:\WINDOWS\tsnp2uvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\DOCUME~1\LUDK~1\LOCALS~1\Temp\xxx864.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\DOCUME~1\LUDK~1\LOCALS~1\Temp\~tmph.exe
C:\WINDOWS\system32\nqC07n6K.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [tsnp2uvc] C:\WINDOWS\tsnp2uvc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\LUDK~1\LOCALS~1\Temp\xxx864.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2730289546
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 7633 bytes

[Reklama]

[jaro3]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[beckal]

Malwarebytes' Anti-Malware 1.30
Verze databáze: 1367
Windows 5.1.2600 Service Pack 3

5.11.2008 15:53:43
mbam-log-2008-11-05 (15-53-33).txt

Typ skenu: Rychlý sken
Objektu skenováno: 50101
Uplynulý cas: 2 minute(s), 57 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\system32\systems.txt (Trojan.FakeAlert) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log .
Poté:
Vypni rez. ochranu u Avastu.
Stáhni si ComboFix (by sUBs)

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[beckal]

ComboFix 08-11-04.02 - LUDĚK 2008-11-05 17:09:29.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.629 [GMT 1:00]
Spuštěný z: c:\documents and settings\LUDĚK\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-10-05 do 2008-11-05 )))))))))))))))))))))))))))))))
.

2008-11-05 15:48 . 2008-11-05 15:48 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-05 15:48 . 2008-11-05 15:48 <DIR> d-------- c:\documents and settings\LUDĚK\Data aplikací\Malwarebytes
2008-11-05 15:48 . 2008-11-05 15:48 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-11-05 15:48 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-05 15:48 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-05 15:15 . 2008-11-05 15:15 <DIR> d-------- c:\program files\Trend Micro
2008-11-05 06:29 . 2008-11-05 06:29 59,904 --a------ c:\windows\system32\nqC07n6K.exe
2008-11-04 16:54 . 2008-11-04 16:54 18,100 --a------ c:\windows\system32\mupafak.dl
2008-11-04 16:54 . 2008-11-04 16:54 10,115 --a------ c:\windows\system32\udoked.db
2008-11-04 16:28 . 2008-11-04 16:28 <DIR> d-------- c:\program files\Lavasoft
2008-11-04 16:28 . 2008-11-04 16:28 <DIR> d-------- c:\documents and settings\LUDĚK\Data aplikací\Lavasoft
2008-10-26 10:46 . 2008-10-26 10:46 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-10-26 10:36 . 2008-10-26 10:36 <DIR> d-------- c:\documents and settings\LUDĚK\Data aplikací\DAEMON Tools
2008-10-26 10:36 . 2008-10-26 10:36 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-10-07 19:26 . 2008-10-07 19:26 <DIR> d-------- c:\program files\ICQ6Toolbar
2008-10-07 19:26 . 2008-10-07 19:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ICQ
2008-10-07 19:24 . 2008-10-07 19:26 <DIR> d-------- c:\program files\ICQ6

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 15:54 10,613 ----a-w c:\program files\Common Files\ugawaruxu.ban
2008-11-01 16:53 --------- d-----w c:\documents and settings\LUDĚK\Data aplikací\Skype
2008-11-01 16:52 --------- d-----w c:\documents and settings\LUDĚK\Data aplikací\skypePM
2008-10-26 10:34 --------- d-----w c:\documents and settings\LUDĚK\Data aplikací\uTorrent
2008-10-02 17:57 --------- d-----w c:\documents and settings\LUDĚK\Data aplikací\ICQ
2008-08-15 18:30 704,793 ----a-w c:\windows\unins000.exe
2008-03-29 22:05 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2007-03-22 21:40 87,608 ----a-w c:\documents and settings\LUDĚK\Data aplikací\ezpinst.exe
2007-03-22 21:40 47,360 ----a-w c:\documents and settings\LUDĚK\Data aplikací\pcouffin.sys
2008-05-08 11:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050820080509\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-05_15.39.10,68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-05 16:07:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5f4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 335872]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-05-15 675840]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2007-04-24 237568]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_Breakthrough.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\MSI\\MyGuard Live\\MyGuard Live.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys [2005-02-27 5184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;c:\windows\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;c:\windows\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2004-05-17 17536]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [ ]
S3 usbscan;Ovladač skeneru USB;c:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
.
Obsah adresáře 'Naplánované úlohy'

2008-11-05 c:\windows\Tasks\At10.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At11.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At12.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At13.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At14.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At15.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At16.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At17.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At18.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At19.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At2.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At20.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At21.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At22.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At23.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At24.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At25.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At26.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At27.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At28.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At29.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At3.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At30.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At31.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At32.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At33.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At34.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At35.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At36.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At37.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At38.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At39.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At4.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At40.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At41.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At42.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At43.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At44.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At45.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At46.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At47.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At48.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At5.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At6.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At7.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At8.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At9.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]
.
.
------- Doplňkový sken -------
.
FireFox -: Profile - c:\documents and settings\LUDĚK\Data aplikací\Mozilla\Firefox\Profiles\atktlfjz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.seznam.cz/
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-05 17:11:07
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-11-05 17:12:45
ComboFix-quarantined-files.txt 2008-11-05 16:12:35
ComboFix2.txt 2008-11-05 14:39:38

Před spuštěním: 7 050 473 472
Po spuštění: 7,050,665,984

212 --- E O F --- 2008-07-28 19:23:03

[jaro3]

Toto otestuj na Virustotal
c:\windows\system32\nqC07n6K.exe
c:\windows\system32\mupafak.dl
c:\windows\system32\udoked.db
c:\program files\Common Files\ugawaruxu.ban
c:\documents and settings\LUDĚK\Data aplikací\ezpinst.exe
Vlož sem pak výsledky.

[beckal]

Soubor nqC07n6K.exe přijatý 2008.11.05 17:50:13 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 8/36 (22.23%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 38 a 55 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:


Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.11.5.3 2008.11.05 -
AntiVir 7.9.0.26 2008.11.05 TR/Spy.ZBot.gak
Authentium 5.1.0.4 2008.11.05 -
Avast 4.8.1248.0 2008.11.04 -
AVG 8.0.0.161 2008.11.05 -
BitDefender 7.2 2008.11.05 -
CAT-QuickHeal 9.50 2008.11.04 -
ClamAV 0.94.1 2008.11.05 -
DrWeb 4.44.0.09170 2008.11.05 -
eSafe 7.0.17.0 2008.11.05 -
eTrust-Vet 31.6.6190 2008.11.05 -
Ewido 4.0 2008.11.05 -
F-Prot 4.4.4.56 2008.11.05 -
F-Secure 8.0.14332.0 2008.11.05 Trojan-Spy.Win32.Zbot.gak
Fortinet 3.117.0.0 2008.11.05 -
GData 19 2008.11.05 -
Ikarus T3.1.1.45.0 2008.11.05 -
K7AntiVirus 7.10.517 2008.11.05 -
Kaspersky 7.0.0.125 2008.11.05 Trojan-Spy.Win32.Zbot.gak
McAfee 5424 2008.11.04 -
Microsoft 1.4005 2008.11.05 -
NOD32 3587 2008.11.05 Win32/TrojanClicker.Agent.NES
Norman 5.80.02 2008.11.05 -
Panda 9.0.0.4 2008.11.05 -
PCTools 4.4.2.0 2008.11.05 -
Prevx1 V2 2008.11.05 Malicious Software
Rising 21.02.22.00 2008.11.05 -
SecureWeb-Gateway 6.7.6 2008.11.05 Trojan.Spy.ZBot.gak
Sophos 4.35.0 2008.11.05 Mal/EncPk-CZ
Sunbelt 3.1.1783.2 2008.11.05 -
Symantec 10 2008.11.05 Trojan.Adclicker
TheHacker 6.3.1.1.140 2008.11.05 -
TrendMicro 8.700.0.1004 2008.11.05 -
VBA32 3.12.8.9 2008.11.05 -
ViRobot 2008.11.5.1453 2008.11.05 -
VirusBuster 4.5.11.0 2008.11.05 -
Rozšiřující informace
File size: 59904 bytes
MD5...: 827c5d93850836c0bb1517423a845fd3
SHA1..: b5f7a87ee7d4c718f5c8ce7112b1edb6edacd513
SHA256: bb72bd11c8e0d1280f068cfb23dcfee9342a75aae4d9dd8d6eba81dc52890616
SHA512: bdf3d3768b8eb891b5bec91e892891b5cb168a62584703a6c81614da5fc49b0f
1f31dea79729866e1a3d013e5a9217b4d69d6dbf4509c3d2d649220006123bbe
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4011c7
timedatestamp.....: 0x4847024d (Wed Jun 04 20:59:57 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xfb3 0x1000 3.15 2045dce047cd7a000a28cd5685ee32e1
.rdata 0x2000 0x1293 0x1400 5.18 58eee8a286576e1f372daa0c614ce738
.data 0x4000 0x18280 0xc000 7.50 d06620748105071896b93f70b3aeacd4
.reloc 0x1d000 0xeae 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x1e000 0x1d0 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b

( 9 imports )
> user32.dll: AppendMenuW, DrawTextA, CreateIcon, LoadMenuA, CopyRect, CloseWindow, IsWindow, InsertMenuA, CopyImage, GetWindowTextLengthA, IsMenu, DialogBoxParamA, DrawIcon, CopyIcon, EndDialog, GetMenu, CalcMenuBar, GetCursor, BlockInput, GetDlgItem
> kernel32.dll: GlobalFree, WriteFile, FindFirstFileA, GetCPInfo, GetConsoleMode, GetStdHandle, DeleteFileW, CreateThread, CopyFileExW, ReadFile, CreateProcessA, DeleteAtom, CopyFileW, GetFileSize, OpenFile, ExitThread, GetComputerNameA, ReadConsoleA, FindAtomA
> gdi32.dll: GetPixel, BeginPath, CopyMetaFileA, ExcludeClipRect, CreateSolidBrush, DeleteObject, CancelDC, ClearBrushAttributes, CloseMetaFile, DeleteDC, GetPixel, ExtTextOutA, GetDCOrgEx, RestoreDC, GetClipBox, AddFontResourceExA, AddFontResourceA, ClearBitmapAttributes, SetTextColor
> advapi32.dll: RegEnumKeyExA, RegEnumKeyExW, RegDeleteKeyA, RegDeleteValueW, RegCreateKeyExW, RegEnumKeyW, RegQueryInfoKeyA, RegQueryValueExW, RegReplaceKeyA, RegQueryValueA, RegQueryInfoKeyW, RegDeleteValueA, RegLoadKeyA, RegOpenKeyW, RegReplaceKeyW, RegCreateKeyExA, RegDeleteKeyW, RegEnumValueW, RegGetKeySecurity, RegFlushKey, RegEnumKeyA, RegQueryValueW, RegOpenKeyExA
> user32.dll: CalcMenuBar, BlockInput, LoadMenuA, CopyImage, GetFocus, LoadCursorA, CreateIcon, GetDlgItem, EndDialog, DrawIconEx, GetDC, GetMenu, DrawTextA, DialogBoxParamA, IsWindow, CopyRect, DialogBoxParamW, AlignRects
> user32.dll: InsertMenuA, CalcMenuBar, AppendMenuA, GetDC, GetFocus, IsWindow, IsMenu, DrawTextA, AppendMenuW, BlockInput, CreateIcon, LoadMenuA, CopyIcon, CloseWindow, GetWindowTextA, DrawIcon, LoadCursorA, EndDialog, GetWindowTextLengthA
> advapi32.dll: RegDeleteKeyW, RegCreateKeyW, RegLoadKeyW, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegLoadKeyA, RegFlushKey, RegQueryValueExW, RegQueryInfoKeyA, RegOpenKeyExW, RegGetKeySecurity, RegReplaceKeyA, RegQueryInfoKeyW, RegEnumKeyW, RegEnumValueA
> comctl32.dll: ImageList_BeginDrag, ImageList_DragLeave, ImageList_DragMove, ImageList_LoadImageW, InitCommonControls, ImageList_Read, ImageList_EndDrag, ImageList_LoadImageA, ImageList_Destroy, ImageList_LoadImage, ImageList_Draw, ImageList_AddIcon, ImageList_GetIcon, ImageList_DragEnter, ImageList_DragShowNolock, ImageList_Replace, ImageList_Create, ImageList_DrawIndirect, ImageList_DrawEx, ImageList_Remove, ImageList_ReplaceIcon, ImageList_GetDragImage
> comctl32.dll: ImageList_AddIcon, ImageList_EndDrag, ImageList_GetDragImage, ImageList_Merge, ImageList_Replace, ImageList_DragShowNolock, ImageList_AddMasked, ImageList_GetImageInfo, ImageList_GetIconSize, ImageList_DragEnter, ImageList_BeginDrag, ImageList_Destroy, ImageList_DragMove, ImageList_LoadImageA, ImageList_Create, ImageList_Draw, ImageList_GetImageRect, ImageList_Remove

( 0 exports )

ThreatExpert info: http://www.threatexpert.com/report.aspx ... 423a845fd3
Prevx info: http://info.prevx.com/aboutprogramtext. ... 003233230B

[beckal]

Všechny ostatní soubory jsou video, takže ok.

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\nqC07n6K.exe
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[beckal]

ComboFix 08-11-04.02 - LUDĚK 2008-11-05 19:03:46.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.642 [GMT 1:00]
Spuštěný z: c:\documents and settings\LUDĚK\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-10-05 do 2008-11-05 )))))))))))))))))))))))))))))))
.

2008-11-05 18:00 . 2008-11-05 18:00 <DIR> dr------- c:\documents and settings\NetworkService\Oblíbené položky
2008-11-05 15:48 . 2008-11-05 15:48 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-05 15:48 . 2008-11-05 15:48 <DIR> d-------- c:\documents and settings\LUDĚK\Data aplikací\Malwarebytes
2008-11-05 15:48 . 2008-11-05 15:48 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2008-11-05 15:48 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-05 15:48 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-05 15:15 . 2008-11-05 15:15 <DIR> d-------- c:\program files\Trend Micro
2008-11-05 06:29 . 2008-11-05 06:29 59,904 --a------ c:\windows\system32\nqC07n6K.exe
2008-11-04 16:54 . 2008-11-04 16:54 18,100 --a------ c:\windows\system32\mupafak.dl
2008-11-04 16:54 . 2008-11-04 16:54 10,115 --a------ c:\windows\system32\udoked.db
2008-11-04 16:28 . 2008-11-04 16:28 <DIR> d-------- c:\program files\Lavasoft
2008-11-04 16:28 . 2008-11-04 16:28 <DIR> d-------- c:\documents and settings\LUDĚK\Data aplikací\Lavasoft
2008-10-26 10:46 . 2008-10-26 10:46 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-10-26 10:36 . 2008-10-26 10:36 <DIR> d-------- c:\documents and settings\LUDĚK\Data aplikací\DAEMON Tools
2008-10-26 10:36 . 2008-10-26 10:36 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-10-07 19:26 . 2008-10-07 19:26 <DIR> d-------- c:\program files\ICQ6Toolbar
2008-10-07 19:26 . 2008-10-07 19:26 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\ICQ
2008-10-07 19:24 . 2008-10-07 19:26 <DIR> d-------- c:\program files\ICQ6

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 15:54 10,613 ----a-w c:\program files\Common Files\ugawaruxu.ban
2008-11-01 16:53 --------- d-----w c:\documents and settings\LUDĚK\Data aplikací\Skype
2008-11-01 16:52 --------- d-----w c:\documents and settings\LUDĚK\Data aplikací\skypePM
2008-10-26 10:34 --------- d-----w c:\documents and settings\LUDĚK\Data aplikací\uTorrent
2008-10-02 17:57 --------- d-----w c:\documents and settings\LUDĚK\Data aplikací\ICQ
2008-08-15 18:30 704,793 ----a-w c:\windows\unins000.exe
2008-03-29 22:05 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2007-03-22 21:40 87,608 ----a-w c:\documents and settings\LUDĚK\Data aplikací\ezpinst.exe
2007-03-22 21:40 47,360 ----a-w c:\documents and settings\LUDĚK\Data aplikací\pcouffin.sys
2008-05-08 11:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050820080509\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-05_15.39.10,68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-05 16:07:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5f4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 335872]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-05-15 675840]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2007-04-24 237568]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_Breakthrough.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\MSI\\MyGuard Live\\MyGuard Live.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys [2005-02-27 5184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2008-04-13 69120]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;c:\windows\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;c:\windows\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2004-05-17 17536]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [ ]
S3 usbscan;Ovladač skeneru USB;c:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
.
Obsah adresáře 'Naplánované úlohy'

2008-11-05 c:\windows\Tasks\At10.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At11.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At12.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At13.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At14.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At15.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At16.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At17.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At18.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At19.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At2.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At20.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At21.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At22.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At23.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At24.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At25.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At26.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At27.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At28.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At29.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At3.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At30.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At31.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At32.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At33.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At34.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At35.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At36.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At37.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At38.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At39.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At4.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At40.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At41.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At42.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At43.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At44.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At45.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At46.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At47.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At48.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At5.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At6.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-04 c:\windows\Tasks\At7.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At8.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]

2008-11-05 c:\windows\Tasks\At9.job
- c:\windows\system32\nqC07n6K.exe [2008-11-05 06:29]
.
.
------- Doplňkový sken -------
.
FireFox -: Profile - c:\documents and settings\LUDĚK\Data aplikací\Mozilla\Firefox\Profiles\atktlfjz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.seznam.cz/
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-05 19:04:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-11-05 19:06:10
ComboFix-quarantined-files.txt 2008-11-05 18:05:55
ComboFix2.txt 2008-11-05 17:49:34
ComboFix3.txt 2008-11-05 16:12:46
ComboFix4.txt 2008-11-05 14:39:38

Před spuštěním: 7 043 993 600
Po spuštění: 7,036,936,192

215 --- E O F --- 2008-07-28 19:23:03

[beckal]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:03, on 5.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\tsnp2uvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\nqC07n6K.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [tsnp2uvc] C:\WINDOWS\tsnp2uvc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2730289546
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 6863 bytes

[jaro3]

Ten script proveden byl? , nevidím v záhlaví CFScipt?