spouštění security tool jako následek napadejí troyanem Vyřešeno

[jaro3]

To je Ok , když tam nejsou..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\restor32a.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"restor32a"=-


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\program files\Common Files\awog.db
c:\program files\U1 Setup.exe
Vlož sem pak odkazy výsledků.

[Reklama]

[jaja55]

ComboFix 09-10-27.08 - Prdka 28.10.2009 18:52.8.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.573 [GMT 1:00]
Spuštěný z: c:\documents and settings\Danielka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Danielka\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091028-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\restor32a.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikacˇ\tiryzu.vbs
c:\documents and settings\All Users\Data aplikacˇ\urunoxi.vbs
c:\documents and settings\Danielka\Data aplikacˇ\gyza.bat
c:\documents and settings\Danielka\Data aplikacˇ\imir.bat
c:\documents and settings\Danielka\Data aplikacˇ\ohuhatyxo.vbs
c:\documents and settings\Danielka\Data aplikacˇ\otagudov.inf
c:\documents and settings\Danielka\Data aplikacˇ\vafyfad.vbs
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\edenuzijov.bat
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\kydepavag.inf
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\ycidolejy.bat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-28 do 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-28 16:51 . 2009-10-28 16:51 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-28 16:25 . 2009-10-28 16:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-28 16:24 . 2009-02-04 17:24 -------- d-----w- c:\documents and settings\Administrator\Bluetooth Software
2009-10-28 16:24 . 2009-02-08 21:26 -------- d-----r- c:\documents and settings\Administrator\Dokumenty
2009-10-28 16:24 . 2009-02-04 17:37 -------- d--h--r- c:\documents and settings\Administrator\Data aplikací
2009-10-28 16:23 . 2009-02-08 20:47 -------- d-----r- c:\documents and settings\Administrator\Oblíbené položky
2009-10-28 16:23 . 2009-02-04 17:29 -------- d-----w- c:\documents and settings\Administrator\Plocha
2009-10-28 16:23 . 2009-02-04 15:00 -------- d--h--w- c:\documents and settings\Administrator\Okolní tiskárny
2009-10-28 16:23 . 2009-02-04 15:00 -------- d--h--w- c:\documents and settings\Administrator\Okolní síť
2009-10-28 16:23 . 2009-02-04 15:00 -------- d-----r- c:\documents and settings\Administrator\Nabídka Start
2009-10-28 16:23 . 2009-02-04 14:06 -------- d--h--w- c:\documents and settings\Administrator\Šablony
2009-10-28 16:23 . 2009-10-28 16:51 -------- d-----w- c:\documents and settings\Administrator
2009-10-28 15:17 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 15:17 . 2009-10-28 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 15:17 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 15:09 . 2009-10-28 15:09 -------- d-----w- C:\_OTM
2009-10-28 15:04 . 2009-06-10 06:42 389632 ----a-w- C:\OTM.exe
2009-10-28 13:42 . 2009-10-28 13:42 -------- d-----w- c:\program files\Trend Micro
2009-10-28 13:21 . 2008-04-14 12:00 152576 -c--a-w- c:\windows\system32\dllcache\bnts.dll
2009-10-28 13:16 . 2009-10-28 13:16 -------- d-----w- c:\program files\NKProds
2009-10-28 13:08 . 2009-10-28 13:12 -------- d-----w- c:\program files\Cookie Killer
2009-10-28 13:01 . 2009-10-28 13:01 -------- d-----w- c:\program files\Duplicate Cleaner
2009-10-28 10:47 . 2009-10-28 10:47 -------- d-----w- c:\program files\CCleaner
2009-10-28 10:35 . 2009-08-17 17:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-28 10:35 . 2009-08-17 17:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-28 10:34 . 2009-08-17 17:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-28 10:34 . 2009-08-17 17:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-28 10:34 . 2009-08-17 17:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-28 10:34 . 2009-08-17 17:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-28 10:34 . 2009-08-17 17:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-28 10:34 . 2009-08-17 17:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-28 10:34 . 2009-08-17 17:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-28 10:34 . 2009-10-28 10:34 -------- d-----w- c:\program files\Alwil Software
2009-10-27 20:48 . 2009-10-27 20:48 -------- d-----w- c:\program files\ESET
2009-10-27 16:55 . 2009-10-27 16:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-27 16:28 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-27 16:28 . 2009-10-27 16:28 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 16:22 . 2009-10-27 19:54 -------- d-----w- c:\program files\Google
2009-10-23 12:47 . 2009-10-23 12:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-23 11:16 . 2009-10-28 10:16 -------- d-----w- c:\program files\Avast4
2009-10-10 18:19 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-10 18:19 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-10 18:19 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-10 18:19 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-10 18:19 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-03 17:16 . 2009-10-03 17:16 -------- d-----w- c:\windows\Hewlett-Packard

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 17:01 . 2009-02-04 14:53 83098 ----a-w- c:\windows\system32\perfc005.dat
2009-10-28 17:01 . 2009-02-04 14:53 438402 ----a-w- c:\windows\system32\perfh005.dat
2009-10-27 16:21 . 2009-04-25 23:20 -------- d-----w- c:\program files\Lavasoft
2009-10-27 16:11 . 2009-04-25 23:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-23 13:36 . 2009-10-23 13:36 18557 ----a-w- c:\program files\Common Files\cude.lib
2009-10-23 13:36 . 2009-10-23 13:36 15059 ----a-w- c:\program files\Common Files\awog.db
2009-10-03 17:16 . 2009-05-05 17:47 -------- d-----w- c:\program files\HP
2009-09-11 14:19 . 2009-02-04 14:53 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2009-02-04 14:53 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:58 . 2009-02-04 14:53 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2009-02-04 14:53 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2009-02-04 14:07 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-02-04 14:07 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-02-04 14:07 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-02-04 14:07 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2009-02-04 14:53 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-02-04 14:07 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-02-04 14:07 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2009-02-04 14:53 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2008-04-14 08:06 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2008-04-14 08:06 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2008-05-07 08:34 . 2009-02-04 17:29 15523560 ----a-w- c:\program files\U1 Setup.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-10-28_17.11.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-28 17:59 . 2009-10-28 17:59 22263 c:\windows\temp\Turkish.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 16962 c:\windows\temp\TradChin.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 21987 c:\windows\temp\Thai.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 24099 c:\windows\temp\SWEDISH.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 27764 c:\windows\temp\Spanish.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 16420 c:\windows\temp\SimChin.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 26136 c:\windows\temp\Russian.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 26271 c:\windows\temp\Portuguese.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 25082 c:\windows\temp\Portuguese(Brazil).bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 24232 c:\windows\temp\Polish.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 16384 c:\windows\temp\Perflib_Perfdata_5b8.dat
+ 2009-10-28 17:59 . 2009-10-28 17:59 21975 c:\windows\temp\Norwegian.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 20145 c:\windows\temp\Korean.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 24340 c:\windows\temp\Japanese.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 27465 c:\windows\temp\Italian.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 26094 c:\windows\temp\Hungarian.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 19564 c:\windows\temp\Hebrew.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 25093 c:\windows\temp\Greek.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 25764 c:\windows\temp\German.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 27246 c:\windows\temp\French.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 22868 c:\windows\temp\Finnish.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 21944 c:\windows\temp\English.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 25758 c:\windows\temp\Dutch.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 22794 c:\windows\temp\Danish.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 24321 c:\windows\temp\Czech.bin
+ 2009-10-28 17:59 . 2009-10-28 17:59 53248 c:\windows\temp\catchme.dll
- 2009-10-28 17:10 . 2009-10-28 17:10 53248 c:\windows\temp\catchme.dll
+ 2009-10-28 17:59 . 2009-10-28 17:59 20991 c:\windows\temp\Arabic.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-12 21898024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-18 16855040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-2-4 376832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [27.10.2009 17:28 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.10.2009 11:34 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.10.2009 11:34 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4.2.2009 18:54 55136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1179232]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [4.2.2009 18:22 10752]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [4.2.2009 10:41 38400]
S2 gupdate1ca5721be0c60e0;Google Update Service (gupdate1ca5721be0c60e0);c:\program files\Google\Update\GoogleUpdate.exe [27.10.2009 17:22 133104]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [27.4.2009 18:41 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [27.4.2009 18:41 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [27.4.2009 18:41 38784]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [8.12.2008 17:01 533344]
S3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [13.1.2009 12:31 25216]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-07-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]

2009-10-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:27]

2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]

2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 18:59
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\windows\TEMP\_av_proI.tm~a03596\setup.lok 0 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2120)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wbem\unsecapp.exe
c:\combofix\CF18959.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Celkový čas: 2009-10-28 19:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-28 18:03
ComboFix2.txt 2009-10-28 17:12

Před spuštěním: Volných bajtů: 72 334 856 192
Po spuštění: Volných bajtů: 72 297 164 800

- - End Of File - - 6D2B68FD50745FB5E50AA0BAB8D179D8

[jaja55]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:05:38, on 28.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-be ... canner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate1ca5721be0c60e0) (gupdate1ca5721be0c60e0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8010 bytes

[jaja55]

Posílám odkazy
http://www.virustotal.com/cs/analisis/5 ... 1256752031

http://www.virustotal.com/cs/analisis/4 ... 1248991538

[jaro3]

Spusť F-Secure Online Scanner z odkazu.
http://support.f-secure.com/enu/home/ols.shtml

Tento skener je možno použít jen v prohlížeči Internet Explorer! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci. Akceptuj licenci. Po instalaci ActiveX, klikni na Full System Scan. Když stahování skončeno, automaticky začne sken . Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken klikni na tlačítko Automatic clearing (recommended). Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .

stáhni SuperAntiSpyware
aktualizuj databázi , proveď sken a následně nákazy smaž

Pak znovu spusť Combofix...

[jaja55]

Scanning Report
Wednesday, October 28, 2009 20:13:52 - 20:37:34
Computer name: PRDKA
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\


--------------------------------------------------------------------------------

2 malware found
TrackingCookie.Doubleclick (spyware)
System (Disinfected)
BehavesLike:Trojan.UserStartup (virus)
C:\DOCUMENTS AND SETTINGS\DANIELKA\DATA APLIKACÍ\UFAST DOWNLOAD MANAGER\PROPETYUFASTMANAGER.EXE (Not cleaned & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 31103
System: 3117
Not scanned: 6
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
Not cleaned: 1
Submitted: 1
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

--------------------------------------------------------------------------------

Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics

[jaja55]

ještě Combofix
ComboFix 09-10-27.08 - Prdka 28.10.2009 21:02.9.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.501 [GMT 1:00]
Spuštěný z: c:\documents and settings\Danielka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091028-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikacˇ\tiryzu.vbs
c:\documents and settings\All Users\Data aplikacˇ\urunoxi.vbs
c:\documents and settings\Danielka\Data aplikacˇ\gyza.bat
c:\documents and settings\Danielka\Data aplikacˇ\imir.bat
c:\documents and settings\Danielka\Data aplikacˇ\ohuhatyxo.vbs
c:\documents and settings\Danielka\Data aplikacˇ\otagudov.inf
c:\documents and settings\Danielka\Data aplikacˇ\vafyfad.vbs
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\edenuzijov.bat
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\kydepavag.inf
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\ycidolejy.bat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-28 do 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-28 19:42 . 2009-10-28 19:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-28 16:51 . 2009-10-28 16:51 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-28 16:25 . 2009-10-28 16:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-28 16:24 . 2009-02-04 17:24 -------- d-----w- c:\documents and settings\Administrator\Bluetooth Software
2009-10-28 16:24 . 2009-02-08 21:26 -------- d-----r- c:\documents and settings\Administrator\Dokumenty
2009-10-28 16:24 . 2009-02-04 17:37 -------- d--h--r- c:\documents and settings\Administrator\Data aplikací
2009-10-28 16:23 . 2009-02-08 20:47 -------- d-----r- c:\documents and settings\Administrator\Oblíbené položky
2009-10-28 16:23 . 2009-02-04 17:29 -------- d-----w- c:\documents and settings\Administrator\Plocha
2009-10-28 16:23 . 2009-02-04 15:00 -------- d--h--w- c:\documents and settings\Administrator\Okolní tiskárny
2009-10-28 16:23 . 2009-02-04 15:00 -------- d--h--w- c:\documents and settings\Administrator\Okolní síť
2009-10-28 16:23 . 2009-02-04 15:00 -------- d-----r- c:\documents and settings\Administrator\Nabídka Start
2009-10-28 16:23 . 2009-02-04 14:06 -------- d--h--w- c:\documents and settings\Administrator\Šablony
2009-10-28 16:23 . 2009-10-28 16:51 -------- d-----w- c:\documents and settings\Administrator
2009-10-28 15:17 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 15:17 . 2009-10-28 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 15:17 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 15:09 . 2009-10-28 15:09 -------- d-----w- C:\_OTM
2009-10-28 15:04 . 2009-06-10 06:42 389632 ----a-w- C:\OTM.exe
2009-10-28 13:42 . 2009-10-28 13:42 -------- d-----w- c:\program files\Trend Micro
2009-10-28 13:21 . 2008-04-14 12:00 152576 -c--a-w- c:\windows\system32\dllcache\bnts.dll
2009-10-28 13:16 . 2009-10-28 13:16 -------- d-----w- c:\program files\NKProds
2009-10-28 13:08 . 2009-10-28 13:12 -------- d-----w- c:\program files\Cookie Killer
2009-10-28 10:47 . 2009-10-28 10:47 -------- d-----w- c:\program files\CCleaner
2009-10-28 10:35 . 2009-08-17 17:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-28 10:35 . 2009-08-17 17:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-28 10:34 . 2009-08-17 17:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-28 10:34 . 2009-08-17 17:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-28 10:34 . 2009-08-17 17:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-28 10:34 . 2009-08-17 17:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-28 10:34 . 2009-08-17 17:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-28 10:34 . 2009-08-17 17:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-28 10:34 . 2009-08-17 17:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-28 10:34 . 2009-10-28 10:34 -------- d-----w- c:\program files\Alwil Software
2009-10-27 20:48 . 2009-10-27 20:48 -------- d-----w- c:\program files\ESET
2009-10-27 16:28 . 2009-10-27 16:28 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 16:22 . 2009-10-27 19:54 -------- d-----w- c:\program files\Google
2009-10-23 12:47 . 2009-10-23 12:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-23 11:16 . 2009-10-28 10:16 -------- d-----w- c:\program files\Avast4
2009-10-10 18:19 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-10 18:19 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-10 18:19 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-10 18:19 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-10 18:19 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-03 17:16 . 2009-10-03 17:16 -------- d-----w- c:\windows\Hewlett-Packard

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 20:02 . 2009-02-04 14:53 438402 ----a-w- c:\windows\system32\perfh005.dat
2009-10-28 20:02 . 2009-02-04 14:53 83098 ----a-w- c:\windows\system32\perfc005.dat
2009-10-28 19:49 . 2009-04-25 23:20 -------- d-----w- c:\program files\Lavasoft
2009-10-28 19:41 . 2009-04-25 23:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-23 13:36 . 2009-10-23 13:36 18557 ----a-w- c:\program files\Common Files\cude.lib
2009-10-23 13:36 . 2009-10-23 13:36 15059 ----a-w- c:\program files\Common Files\awog.db
2009-10-03 17:16 . 2009-05-05 17:47 -------- d-----w- c:\program files\HP
2009-09-11 14:19 . 2009-02-04 14:53 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2009-02-04 14:53 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:58 . 2009-02-04 14:53 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2009-02-04 14:53 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2009-02-04 14:07 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-02-04 14:07 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-02-04 14:07 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-02-04 14:07 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2009-02-04 14:53 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-02-04 14:07 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-02-04 14:07 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2009-02-04 14:53 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2008-04-14 08:06 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2008-04-14 08:06 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2008-05-07 08:34 . 2009-02-04 17:29 15523560 ----a-w- c:\program files\U1 Setup.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-10-28_17.11.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-28 19:58 . 2009-10-28 19:58 16384 c:\windows\temp\Perflib_Perfdata_54c.dat
+ 2009-10-28 20:10 . 2009-10-28 20:10 53248 c:\windows\temp\catchme.dll
- 2009-10-28 17:10 . 2009-10-28 17:10 53248 c:\windows\temp\catchme.dll
+ 2009-02-04 14:53 . 2009-10-28 20:02 71708 c:\windows\system32\perfc009.dat
- 2009-02-04 14:53 . 2009-10-28 17:01 71708 c:\windows\system32\perfc009.dat
+ 2009-10-28 19:42 . 2009-10-28 19:42 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-10-28 19:42 . 2009-10-28 19:42 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-10-28 19:42 . 2009-10-28 19:42 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
- 2009-02-04 14:53 . 2009-10-28 17:01 441772 c:\windows\system32\perfh009.dat
+ 2009-02-04 14:53 . 2009-10-28 20:02 441772 c:\windows\system32\perfh009.dat
+ 2009-10-19 16:27 . 2009-10-19 16:27 401008 c:\windows\Downloaded Program Files\fslauncher.dll
+ 2009-10-28 19:42 . 2009-10-28 19:42 1583616 c:\windows\Installer\5ed144.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-12 21898024]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-18 16855040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-2-4 376832]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.10.2009 11:34 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12.10.2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 21:24 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.10.2009 11:34 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4.2.2009 18:54 55136]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [4.2.2009 18:22 10752]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [4.2.2009 10:41 38400]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 21:24 7408]
S2 gupdate1ca5721be0c60e0;Google Update Service (gupdate1ca5721be0c60e0);c:\program files\Google\Update\GoogleUpdate.exe [27.10.2009 17:22 133104]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [27.4.2009 18:41 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [27.4.2009 18:41 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [27.4.2009 18:41 38784]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [8.12.2008 17:01 533344]
S3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [13.1.2009 12:31 25216]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-07-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]

2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]

2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 21:10
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Celkový čas: 2009-10-28 21:12
ComboFix-quarantined-files.txt 2009-10-28 20:12
ComboFix2.txt 2009-10-28 18:03
ComboFix3.txt 2009-10-28 17:12

Před spuštěním: Volných bajtů: 72 167 153 664
Po spuštění: Volných bajtů: 72 453 947 392

- - End Of File - - A3E497DE125E88408488877B239520D2

[jaro3]

Zazálohuj si všechny důležité soubory a složky.

Stáhni si program OTM (by OldTimer)
http://www.edisk.cz/stahni/07995/OTMove ... .39KB.html
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
C:\DOCUMENTS AND SETTINGS\DANIELKA\DATA APLIKACÍ\UFAST DOWNLOAD MANAGER\PROPETYUFASTMANAGER.EXE

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Stáhni si :
AVG Win32/Virut Stěhovací
http://www.avg.com/filedir/util/avg_rem ... mvirut.exe

Pak znovu Combofix.
Zítra se podívám.

[jaja55]

Udělám to vše zítra
Ale jinak super spolupráce. Zatím moc děkuji
Měj se

[jaja55]

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\DOCUMENTS AND SETTINGS\DANIELKA\DATA APLIKACÍ\UFAST DOWNLOAD MANAGER\PropetyuFastManager.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\WINDOWS\TEMP\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\Perflib_Perfdata_560.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF1461.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF14DA.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF1565.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\TEMP\~DF1570.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\9XVMR33G\adsCAKY7PP2.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\8L9SZ2US\adsCAI0YO25.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\8L9SZ2US\viewtopic[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_560.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF1461.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF14DA.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF1565.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF1570.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DFB733.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DFC401.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 10292009_095517

Files moved on Reboot...
File move failed. C:\WINDOWS\TEMP\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\TEMP\Perflib_Perfdata_560.dat not found!
File C:\WINDOWS\TEMP\~DF1461.tmp not found!
File C:\WINDOWS\TEMP\~DF14DA.tmp not found!
File C:\WINDOWS\TEMP\~DF1565.tmp not found!
File C:\WINDOWS\TEMP\~DF1570.tmp not found!
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\9XVMR33G\adsCAKY7PP2.htm moved successfully.
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\8L9SZ2US\adsCAI0YO25.htm moved successfully.
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\Content.IE5\8L9SZ2US\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Danielka\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File C:\WINDOWS\temp\~DFB733.tmp not found!
File C:\WINDOWS\temp\~DFC401.tmp not found!

Registry entries deleted on Reboot...

[jaja55]

posílám combofix
ComboFix 09-10-28.06 - Prdka 29.10.2009 10:23.10.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.468 [GMT 1:00]
Spuštěný z: c:\documents and settings\Danielka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091028-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikacˇ\tiryzu.vbs
c:\documents and settings\All Users\Data aplikacˇ\urunoxi.vbs
c:\documents and settings\Danielka\Data aplikacˇ\gyza.bat
c:\documents and settings\Danielka\Data aplikacˇ\imir.bat
c:\documents and settings\Danielka\Data aplikacˇ\ohuhatyxo.vbs
c:\documents and settings\Danielka\Data aplikacˇ\otagudov.inf
c:\documents and settings\Danielka\Data aplikacˇ\vafyfad.vbs
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\edenuzijov.bat
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\kydepavag.inf
c:\documents and settings\Danielka\Local Settings\Data aplikacˇ\ycidolejy.bat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-28 do 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-28 19:42 . 2009-10-28 19:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-28 16:51 . 2009-10-28 16:51 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-28 16:25 . 2009-10-28 16:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-28 16:24 . 2009-02-04 17:24 -------- d-----w- c:\documents and settings\Administrator\Bluetooth Software
2009-10-28 16:24 . 2009-02-08 21:26 -------- d-----r- c:\documents and settings\Administrator\Dokumenty
2009-10-28 16:24 . 2009-02-04 17:37 -------- d--h--r- c:\documents and settings\Administrator\Data aplikací
2009-10-28 16:23 . 2009-02-08 20:47 -------- d-----r- c:\documents and settings\Administrator\Oblíbené položky
2009-10-28 16:23 . 2009-02-04 17:29 -------- d-----w- c:\documents and settings\Administrator\Plocha
2009-10-28 16:23 . 2009-02-04 15:00 -------- d--h--w- c:\documents and settings\Administrator\Okolní tiskárny
2009-10-28 16:23 . 2009-02-04 15:00 -------- d--h--w- c:\documents and settings\Administrator\Okolní síť
2009-10-28 16:23 . 2009-02-04 15:00 -------- d-----r- c:\documents and settings\Administrator\Nabídka Start
2009-10-28 16:23 . 2009-02-04 14:06 -------- d--h--w- c:\documents and settings\Administrator\Šablony
2009-10-28 16:23 . 2009-10-28 16:51 -------- d-----w- c:\documents and settings\Administrator
2009-10-28 15:17 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 15:17 . 2009-10-28 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 15:17 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 15:09 . 2009-10-28 15:09 -------- d-----w- C:\_OTM
2009-10-28 15:04 . 2009-06-10 06:42 389632 ----a-w- C:\OTM.exe
2009-10-28 13:42 . 2009-10-28 13:42 -------- d-----w- c:\program files\Trend Micro
2009-10-28 13:21 . 2008-04-14 12:00 152576 -c--a-w- c:\windows\system32\dllcache\bnts.dll
2009-10-28 13:16 . 2009-10-28 13:16 -------- d-----w- c:\program files\NKProds
2009-10-28 13:08 . 2009-10-28 13:12 -------- d-----w- c:\program files\Cookie Killer
2009-10-28 10:47 . 2009-10-28 10:47 -------- d-----w- c:\program files\CCleaner
2009-10-28 10:35 . 2009-08-17 17:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-28 10:35 . 2009-08-17 17:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-28 10:34 . 2009-08-17 17:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-28 10:34 . 2009-08-17 17:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-28 10:34 . 2009-08-17 17:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-28 10:34 . 2009-08-17 17:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-28 10:34 . 2009-08-17 17:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-28 10:34 . 2009-08-17 17:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-28 10:34 . 2009-08-17 17:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-28 10:34 . 2009-10-28 10:34 -------- d-----w- c:\program files\Alwil Software
2009-10-27 20:48 . 2009-10-27 20:48 -------- d-----w- c:\program files\ESET
2009-10-27 16:28 . 2009-10-27 16:28 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 16:22 . 2009-10-27 19:54 -------- d-----w- c:\program files\Google
2009-10-23 12:47 . 2009-10-23 12:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-23 11:16 . 2009-10-28 10:16 -------- d-----w- c:\program files\Avast4
2009-10-10 18:19 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-10 18:19 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-10 18:19 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-10 18:19 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-10 18:19 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-10 18:19 . 2009-10-10 18:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-03 17:16 . 2009-10-03 17:16 -------- d-----w- c:\windows\Hewlett-Packard

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 09:00 . 2009-02-04 14:53 83098 ----a-w- c:\windows\system32\perfc005.dat
2009-10-29 09:00 . 2009-02-04 14:53 438402 ----a-w- c:\windows\system32\perfh005.dat
2009-10-28 19:49 . 2009-04-25 23:20 -------- d-----w- c:\program files\Lavasoft
2009-10-28 19:41 . 2009-04-25 23:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-23 13:36 . 2009-10-23 13:36 18557 ----a-w- c:\program files\Common Files\cude.lib
2009-10-23 13:36 . 2009-10-23 13:36 15059 ----a-w- c:\program files\Common Files\awog.db
2009-10-03 17:16 . 2009-05-05 17:47 -------- d-----w- c:\program files\HP
2009-09-11 14:19 . 2009-02-04 14:53 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2009-02-04 14:53 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:58 . 2009-02-04 14:53 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2009-02-04 14:53 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2009-02-04 14:07 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-02-04 14:07 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-02-04 14:07 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-02-04 14:07 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2009-02-04 14:53 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-02-04 14:07 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-02-04 14:07 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2009-02-04 14:53 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2008-04-14 08:06 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2008-04-14 08:06 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2008-05-07 08:34 . 2009-02-04 17:29 15523560 ----a-w- c:\program files\U1 Setup.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-10-28_17.11.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-29 08:56 . 2009-10-29 08:56 16384 c:\windows\temp\Perflib_Perfdata_574.dat
+ 2009-10-29 09:30 . 2009-10-29 09:30 53248 c:\windows\temp\catchme.dll
- 2009-10-28 17:10 . 2009-10-28 17:10 53248 c:\windows\temp\catchme.dll
+ 2009-02-04 14:53 . 2009-10-29 09:00 71708 c:\windows\system32\perfc009.dat
- 2009-02-04 14:53 . 2009-10-28 17:01 71708 c:\windows\system32\perfc009.dat
+ 2009-10-28 19:42 . 2009-10-28 19:42 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-10-28 19:42 . 2009-10-28 19:42 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-10-28 19:42 . 2009-10-28 19:42 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
- 2009-02-04 14:53 . 2009-10-28 17:01 441772 c:\windows\system32\perfh009.dat
+ 2009-02-04 14:53 . 2009-10-29 09:00 441772 c:\windows\system32\perfh009.dat
+ 2009-10-19 16:27 . 2009-10-19 16:27 401008 c:\windows\Downloaded Program Files\fslauncher.dll
+ 2009-10-28 19:42 . 2009-10-28 19:42 1583616 c:\windows\Installer\5ed144.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-12 21898024]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-18 16855040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-2-4 376832]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28.10.2009 11:34 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12.10.2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 21:24 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.10.2009 11:34 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4.2.2009 18:54 55136]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [4.2.2009 18:22 10752]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [4.2.2009 10:41 38400]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 21:24 7408]
S2 gupdate1ca5721be0c60e0;Google Update Service (gupdate1ca5721be0c60e0);c:\program files\Google\Update\GoogleUpdate.exe [27.10.2009 17:22 133104]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [27.4.2009 18:41 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [27.4.2009 18:41 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [27.4.2009 18:41 38784]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [8.12.2008 17:01 533344]
S3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [13.1.2009 12:31 25216]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - PCIIDEX_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-07-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]

2009-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]

2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 16:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 10:30
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Celkový čas: 2009-10-29 10:32
ComboFix-quarantined-files.txt 2009-10-29 09:32
ComboFix2.txt 2009-10-28 20:12
ComboFix3.txt 2009-10-28 18:03
ComboFix4.txt 2009-10-28 17:12

Před spuštěním: Volných bajtů: 72 452 055 040
Po spuštění: Volných bajtů: 72 416 698 368

- - End Of File - - 0DE0068EFD9AFC0C6BBF52D176DA0BC4

[jaro3]

Proveď kontrolu a vlož sem log z Kaspersky Online Scanner!

-Ve vistě musíš prohlížeč otevřít jako administrátor. K užití skeneru je třeba stáhnout a nainstalovat programové soubory a databázi.
-V Linuxu skener neskenuje RAM, boot. sektor a MBR, takže nemůže detekovat nákazy v těchto místech.
-Skener detekuje nákazy, které jsou již v PC, takže se potom dají manuálně smazat.
-Před skenem je vhodné vypnout rez. ochranu antiviru a antispywaru.
Klikni na Accept, k potvrzení podmínek.
Pokud se Ti objeví okno zabezpečení prostředí java- dej přijmout.
- Začne se stahovat databáze a program.
- Po jeho skončení klikni vlevo na pod Scan na My computer
Začne sken Tvého PC.
Sken může trvat i několik hodin.. Po ukončení skenu klikni na Scan Report.
Poté zvol Save a název zvol: KAV.
Obsah mi sem prosím zkopíruj.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\program files\U1 Setup.exe
c:\windows\temp\Perflib_Perfdata_574.dat


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\Installer\5ed144.msi
Vlož sem pak odkaz výsledku.