zacalo to smtp

pechytce · Příspěvekod **pechytce** » 20 lis 2009 08:46

Soubor msmsgs.exe přijatý 2009.11.20 07:44:33 (UTC)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.41 2009.11.20 Trojan-Downloader.Win32.Unruy!IK
AhnLab-V3 5.0.0.2 2009.11.19 -
AntiVir 7.9.1.72 2009.11.19 TR/Click.Cycler.gq
Antiy-AVL 2.0.3.7 2009.11.20 Trojan/Win32.Cycler.gen
Authentium 5.2.0.5 2009.11.19 W32/Unruy.A.gen!Eldorado
Avast 4.8.1351.0 2009.11.19 Win32:Trojan-gen
AVG 8.5.0.425 2009.11.19 Generic15.AYOP
BitDefender 7.2 2009.11.20 Trojan.Generic.2674086
CAT-QuickHeal 10.00 2009.11.19 Win32.Trojan-Clicker.Cycler.gq.3
ClamAV 0.94.1 2009.11.20 -
Comodo 2983 2009.11.19 TrojWare.Win32.TrojanDownloader.Agent.~EDZ
DrWeb 5.0.0.12182 2009.11.19 -
eSafe 7.0.17.0 2009.11.19 -
eTrust-Vet 35.1.7132 2009.11.20 Win32/Cycler.A
F-Prot 4.5.1.85 2009.11.19 W32/Unruy.A.gen!Eldorado
F-Secure 9.0.15370.0 2009.11.17 -
Fortinet 3.120.0.0 2009.11.20 W32/Cycler.GQ!tr
GData 19 2009.11.20 Trojan.Generic.2674086
Ikarus T3.1.1.74.0 2009.11.20 Trojan-Downloader.Win32.Unruy
Jiangmin 11.0.800 2009.11.20 TrojanClicker.Cycler.d
K7AntiVirus 7.10.900 2009.11.19 Trojan.Win32.Malware.4
Kaspersky 7.0.0.125 2009.11.20 Trojan-Clicker.Win32.Cycler.gq
McAfee 5807 2009.11.19 Downloader-BPA.b
McAfee+Artemis 5807 2009.11.19 Downloader-BPA.b
McAfee-GW-Edition 6.8.5 2009.11.20 Heuristic.BehavesLike.Win32.Suspicious.L
Microsoft 1.5302 2009.11.20 TrojanDownloader:Win32/Unruy.C
NOD32 4623 2009.11.19 Win32/TrojanDownloader.Unruy.AT
Norman 6.03.02 2009.11.19 W32/DLoader.ABNJN
nProtect 2009.1.8.0 2009.11.20 -
Panda 10.0.2.2 2009.11.20 -
PCTools 7.0.3.5 2009.11.20 Downloader.Generic
Prevx 3.0 2009.11.20 -
Rising 22.22.04.03 2009.11.20 Trojan.DL.Win32.Unruy.b
Sophos 4.47.0 2009.11.20 Troj/Clickr-N
Sunbelt 3.2.1858.2 2009.11.19 Trojan.Win32.Generic!BT
Symantec 1.4.4.12 2009.11.20 Downloader
TheHacker 6.5.0.2.074 2009.11.19 -
TrendMicro 9.0.0.1003 2009.11.20 -
VBA32 3.12.12.0 2009.11.20 Trojan-Clicker.Win32.Cycler.gq
ViRobot 2009.11.20.2046 2009.11.20 Trojan.Win32.Clicker.39446
VirusBuster 5.0.21.0 2009.11.19 Trojan.CL.Cycler.A
Rozšiřující informace
File size: 97794 bytes
MD5...: cd2d7a39c07663fc08f94a8387f59ce0
SHA1..: 4fddd751df7150e3c78f02141aba1d644d14baaf
SHA256: de444ae1eb77cd34cd598d7a730a5cf201f6e15a41f0e0e22b65781cfc6f254c
ssdeep: 1536:o77/KSRNddvzL+nlAuRDDWTqRJWx02X0yYD4uM/BS2GI/TkU4tnurTuBcKg IRnSn:o77/KSRNddvzL+nlAuRDDWTqRJ80EbYK 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x3793 timedatestamp.....: 0x4afca942 (Fri Nov 13 00:33:06 2009) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2872 0x2a00 5.72 af005d893cedae30383258880ff35aa3 .rdata 0x4000 0x2d2 0x400 3.67 6f8be490d6654fa2ecd8dad5eeae3552 .data 0x5000 0x15534 0x6800 6.86 4bb2c299f7d93f8ca890edd9cf3978b0 ( 2 imports ) > KERNEL32.dll: GetFileAttributesExA, HeapDestroy, HeapFree, HeapCreate, Sleep, HeapAlloc, GetProcessHeap, CloseHandle, ReadFile, SetFilePointer, QueryPerformanceCounter, CreateFileA, ExitProcess, GetModuleFileNameA, GetProcAddress, LoadLibraryA, VirtualAlloc, VirtualFree, IsBadReadPtr, lstrcmpiA, FreeLibrary, GetStartupInfoA, GetModuleHandleA, HeapReAlloc, GetCommandLineA > USER32.dll: wvsprintfA ( 0 exports ) 
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned

Reklama

pechytce · Příspěvekod **pechytce** » 20 lis 2009 08:48

Soubor wcescomm.exe přijatý 2009.11.20 07:47:06 (UTC)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.41 2009.11.20 Trojan-Downloader.Win32.Unruy!IK
AhnLab-V3 5.0.0.2 2009.11.19 -
AntiVir 7.9.1.72 2009.11.19 TR/Click.Cycler.gq
Antiy-AVL 2.0.3.7 2009.11.20 Trojan/Win32.Cycler.gen
Authentium 5.2.0.5 2009.11.19 W32/Unruy.A.gen!Eldorado
Avast 4.8.1351.0 2009.11.19 Win32:Trojan-gen
AVG 8.5.0.425 2009.11.19 Generic15.AYOP
BitDefender 7.2 2009.11.20 Trojan.Generic.2674086
CAT-QuickHeal 10.00 2009.11.19 Win32.Trojan-Clicker.Cycler.gq.3
ClamAV 0.94.1 2009.11.20 -
Comodo 2983 2009.11.19 TrojWare.Win32.TrojanDownloader.Agent.~EDZ
DrWeb 5.0.0.12182 2009.11.19 -
eSafe 7.0.17.0 2009.11.19 -
eTrust-Vet 35.1.7132 2009.11.20 Win32/Cycler.A
F-Prot 4.5.1.85 2009.11.19 W32/Unruy.A.gen!Eldorado
F-Secure 9.0.15370.0 2009.11.17 -
Fortinet 3.120.0.0 2009.11.20 W32/Cycler.GQ!tr
GData 19 2009.11.20 Trojan.Generic.2674086
Ikarus T3.1.1.74.0 2009.11.20 Trojan-Downloader.Win32.Unruy
Jiangmin 11.0.800 2009.11.20 TrojanClicker.Cycler.d
K7AntiVirus 7.10.900 2009.11.19 Trojan.Win32.Malware.4
Kaspersky 7.0.0.125 2009.11.20 Trojan-Clicker.Win32.Cycler.gq
McAfee 5807 2009.11.19 Downloader-BPA.b
McAfee+Artemis 5807 2009.11.19 Downloader-BPA.b
McAfee-GW-Edition 6.8.5 2009.11.20 Heuristic.BehavesLike.Win32.Suspicious.H
Microsoft 1.5302 2009.11.20 TrojanDownloader:Win32/Unruy.C
NOD32 4623 2009.11.19 Win32/TrojanDownloader.Unruy.AT
Norman 6.03.02 2009.11.19 W32/DLoader.ABNJN
nProtect 2009.1.8.0 2009.11.20 -
Panda 10.0.2.2 2009.11.20 -
PCTools 7.0.3.5 2009.11.20 Downloader.Generic
Prevx 3.0 2009.11.20 -
Rising 22.22.04.03 2009.11.20 Trojan.DL.Win32.Unruy.b
Sophos 4.47.0 2009.11.20 Troj/Clickr-N
Sunbelt 3.2.1858.2 2009.11.19 -
Symantec 1.4.4.12 2009.11.20 Downloader
TheHacker 6.5.0.2.074 2009.11.19 -
TrendMicro 9.0.0.1003 2009.11.20 -
VBA32 3.12.12.0 2009.11.20 Trojan-Clicker.Win32.Cycler.gq
ViRobot 2009.11.20.2046 2009.11.20 Trojan.Win32.Clicker.39446
VirusBuster 5.0.21.0 2009.11.19 Trojan.CL.Cycler.A
Rozšiřující informace
File size: 88426 bytes
MD5...: 45a804ef40e3d9186769d881086b3b7e
SHA1..: 3ab247e69c0b37ebb88af44434a0381a89756776
SHA256: b1ced97378480aa79f7509c914102fede16f31e87d368792a60221cad4438415
ssdeep: 1536:o77/KSRNddvzL+nlAuRDDWTqRJWx02X0yYD4uM/BS2qbItINB+J5ADVh7w+ RPcpw:o77/KSRNddvzL+nlAuRDDWTqRJ80EbYf 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x3793 timedatestamp.....: 0x4afca942 (Fri Nov 13 00:33:06 2009) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2872 0x2a00 5.72 af005d893cedae30383258880ff35aa3 .rdata 0x4000 0x2d2 0x400 3.67 6f8be490d6654fa2ecd8dad5eeae3552 .data 0x5000 0x15534 0x6800 6.86 4bb2c299f7d93f8ca890edd9cf3978b0 ( 2 imports ) > KERNEL32.dll: GetFileAttributesExA, HeapDestroy, HeapFree, HeapCreate, Sleep, HeapAlloc, GetProcessHeap, CloseHandle, ReadFile, SetFilePointer, QueryPerformanceCounter, CreateFileA, ExitProcess, GetModuleFileNameA, GetProcAddress, LoadLibraryA, VirtualAlloc, VirtualFree, IsBadReadPtr, lstrcmpiA, FreeLibrary, GetStartupInfoA, GetModuleHandleA, HeapReAlloc, GetCommandLineA > USER32.dll: wvsprintfA ( 0 exports ) 
RDS...: NSRL Reference Data Set -
pdfid.: -
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
trid..: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

pechytce · Příspěvekod **pechytce** » 20 lis 2009 08:52

Soubor skype.exe přijatý 2009.11.20 07:49:33 (UTC)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.41 2009.11.20 Trojan-Downloader.Win32.Unruy!IK
AhnLab-V3 5.0.0.2 2009.11.19 -
AntiVir 7.9.1.72 2009.11.19 TR/Click.Cycler.gq
Antiy-AVL 2.0.3.7 2009.11.20 Trojan/Win32.Cycler.gen
Authentium 5.2.0.5 2009.11.19 W32/Unruy.A.gen!Eldorado
Avast 4.8.1351.0 2009.11.19 Win32:Trojan-gen
AVG 8.5.0.425 2009.11.19 Generic15.AYOP
BitDefender 7.2 2009.11.20 Trojan.Generic.2674086
CAT-QuickHeal 10.00 2009.11.19 Win32.Trojan-Clicker.Cycler.gq.3
ClamAV 0.94.1 2009.11.20 -
Comodo 2983 2009.11.19 TrojWare.Win32.TrojanDownloader.Agent.~EDZ
DrWeb 5.0.0.12182 2009.11.19 -
eSafe 7.0.17.0 2009.11.19 -
eTrust-Vet 35.1.7132 2009.11.20 Win32/Cycler.A
F-Prot 4.5.1.85 2009.11.19 W32/Unruy.A.gen!Eldorado
F-Secure 9.0.15370.0 2009.11.17 -
Fortinet 3.120.0.0 2009.11.20 W32/Cycler.GQ!tr
GData 19 2009.11.20 Trojan.Generic.2674086
Ikarus T3.1.1.74.0 2009.11.20 Trojan-Downloader.Win32.Unruy
Jiangmin 11.0.800 2009.11.20 TrojanClicker.Cycler.d
K7AntiVirus 7.10.900 2009.11.19 Trojan.Win32.Malware.4
Kaspersky 7.0.0.125 2009.11.20 Trojan-Clicker.Win32.Cycler.gq
McAfee 5807 2009.11.19 Downloader-BPA.b
McAfee+Artemis 5807 2009.11.19 Downloader-BPA.b
McAfee-GW-Edition 6.8.5 2009.11.20 Heuristic.BehavesLike.Win32.Suspicious.L
Microsoft 1.5302 2009.11.20 TrojanDownloader:Win32/Unruy.C
NOD32 4623 2009.11.19 Win32/TrojanDownloader.Unruy.AT
Norman 6.03.02 2009.11.19 W32/DLoader.ABNJN
nProtect 2009.1.8.0 2009.11.20 -
Panda 10.0.2.2 2009.11.20 -
PCTools 7.0.3.5 2009.11.20 Downloader.Generic
Prevx 3.0 2009.11.20 -
Rising 22.22.04.03 2009.11.20 Trojan.DL.Win32.Unruy.b
Sophos 4.47.0 2009.11.20 Troj/Clickr-N
Sunbelt 3.2.1858.2 2009.11.19 -
Symantec 1.4.4.12 2009.11.20 Downloader
TheHacker 6.5.0.2.074 2009.11.19 -
TrendMicro 9.0.0.1003 2009.11.20 -
VBA32 3.12.12.0 2009.11.20 Trojan-Clicker.Win32.Cycler.gq
ViRobot 2009.11.20.2046 2009.11.20 Trojan.Win32.Clicker.39446
VirusBuster 5.0.21.0 2009.11.19 Trojan.CL.Cycler.A
Rozšiřující informace
File size: 100574 bytes
MD5   : 98d34ce84b4470dae80e8d530dc749b5
SHA1  : 36b0b134667b82bb1fa04789e5fc39c3a39b8121
SHA256: 1be1187a43be64558eb2d0c88f44ce5c3f6c94ca6f3da486f896994bb28763d9
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x3793 timedatestamp.....: 0x4AFCA942 (Fri Nov 13 01:33:06 2009) machinetype.......: 0x14C (Intel I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2872 0x2A00 5.72 af005d893cedae30383258880ff35aa3 .rdata 0x4000 0x2D2 0x400 3.67 6f8be490d6654fa2ecd8dad5eeae3552 .data 0x5000 0x15534 0x6800 6.86 4bb2c299f7d93f8ca890edd9cf3978b0 ( 2 imports ) > kernel32.dll: GetFileAttributesExA, HeapDestroy, HeapFree, HeapCreate, Sleep, HeapAlloc, GetProcessHeap, CloseHandle, ReadFile, SetFilePointer, QueryPerformanceCounter, CreateFileA, ExitProcess, GetModuleFileNameA, GetProcAddress, LoadLibraryA, VirtualAlloc, VirtualFree, IsBadReadPtr, lstrcmpiA, FreeLibrary, GetStartupInfoA, GetModuleHandleA, HeapReAlloc, GetCommandLineA > user32.dll: wvsprintfA ( 0 exports ) 
TrID  : File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 3072:o77/KSRNddvzL+nlAuRDDWTqRJ80EbYspbt/w15urCNRqk1avHn:caQbtI15urCf18Hn
PEiD  : -
RDS   : NSRL Reference Data Set -

tak to je zatim vsee , jdu na to combo :-)

Příspěvekod **jaro3** » 20 lis 2009 09:02

Ježiš...

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

pak Combofix, pokud ho už máš, tak potom MbAM..

pechytce · Příspěvekod **pechytce** » 20 lis 2009 09:25

tady je combo , ten druhej ted jede

pechytce · Příspěvekod **pechytce** » 20 lis 2009 09:25

tady je combo , ten druhej ted jede
ComboFix 09-11-19.05 - DP 20.11.2009 9:00.3.1 - x86
Spuštěný z: c:\documents and settings\DP\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\DP\Dokumenty\cc_20090819_093822.reg
c:\documents and settings\DP\soundman .exe
c:\documents and settings\DP\soundman.exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\Ijl11.dll
c:\windows\system32\soundman .exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-20 do 2009-11-20 )))))))))))))))))))))))))))))))
.

2009-11-20 08:00 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-20 08:00 . 2003-09-05 02:25 77056 ----a-w- c:\windows\system32\drivers\viasraid.sys
2009-11-20 08:00 . 2003-09-05 02:25 77056 ----a-r- c:\windows\system32\drivers\viasraid_2.sys
2009-11-20 07:22 . 2009-11-20 07:22 129874 ----a-w- c:\windows\system32\idkaun.exe
2009-11-19 17:53 . 2009-11-19 17:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-11-19 07:06 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-19 07:06 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-18 08:52 . 2009-11-02 19:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-18 08:44 . 2009-11-19 17:45 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-11-11 12:26 . 2009-11-11 12:26 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2009-11-11 12:26 . 2009-11-11 12:26 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
2009-11-10 08:04 . 2009-11-18 14:31 96938 ----a-w- c:\windows\system32\soundman.exe
2009-11-08 06:41 . 2009-11-08 06:41 -------- d-----w- c:\program files\NOS
2009-11-04 17:12 . 2002-01-05 14:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-11-04 17:12 . 2009-11-19 17:35 -------- d-----w- c:\program files\AVS4YOU

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 07:29 . 2009-06-18 05:52 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Preview
2009-11-20 07:22 . 2009-05-29 09:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 07:22 . 2007-08-08 19:45 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-19 17:54 . 2008-04-11 05:17 -------- d-----w- c:\program files\FreeCommander
2009-11-19 17:17 . 2009-09-07 06:12 -------- d-----w- c:\program files\Capture-A-ScreenShot
2009-11-18 12:21 . 2007-08-14 19:25 -------- d-----w- c:\program files\ICQToolbar
2009-11-18 09:59 . 2007-09-09 17:25 -------- d-----w- c:\program files\ESET
2009-11-11 12:26 . 2008-03-17 14:35 -------- d-----w- c:\program files\Google
2009-11-04 17:13 . 2007-10-23 07:00 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-10-26 08:59 . 2001-10-25 16:00 77850 ----a-w- c:\windows\system32\perfc005.dat
2009-10-26 08:59 . 2001-10-25 16:00 428744 ----a-w- c:\windows\system32\perfh005.dat
2009-10-24 16:05 . 2008-07-04 07:49 -------- d-----w- c:\program files\OpenOffice.org 2.4
2009-10-21 11:06 . 2007-08-08 17:22 -------- d-----w- c:\program files\DrillBook
2009-09-11 14:19 . 2004-08-17 15:49 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 13:54 . 2009-05-29 09:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-05-29 09:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:05 . 2004-08-17 15:49 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:58 . 2004-08-17 15:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2004-08-17 15:49 247326 ----a-w- c:\windows\system32\strmdll.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2009-11-20 97794]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm .exe" [2009-11-20 98554]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-11-20 100574]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-10-05 520024]
"idkaun"="c:\windows\system32\idkaun.exe" [2009-11-20 129874]
"Adobe_Reader"="c:\program files\Adobe\acrotray.exe" [2009-11-20 125734]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-11-20 126194]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\system32\soundman.exe [2009-11-18 96938]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2007-8-8 565248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Phone\\skype .exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12.4.2009 7:21 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.8.2007 17:54 685816]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [20.11.2009 9:00 77056]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 13:23 727720]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [17.8.2004 16:49 14336]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - CLASSPNP_2
*Deregistered* - CLASSPNP_2

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'

2009-11-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 06:21]

2009-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-11-20 c:\windows\Tasks\At1.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At10.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At11.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At12.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At13.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At14.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At15.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At16.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At17.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At18.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At19.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At2.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At20.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At21.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At22.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At23.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At24.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At3.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At4.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At5.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At6.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At7.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At8.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]

2009-11-20 c:\windows\Tasks\At9.job
- c:\program files\Adobe\acrotray.exe [2009-11-20 07:22]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\DP\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
Notify-WgaLogon - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-20 09:13
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x81B6E1E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf9a76f28
\Driver\ACPI -> ACPI.sys @ 0xf98e7cb8
\Driver\atapi -> atapi.sys @ 0xf987cb40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf9772bb0
PacketIndicateHandler -> NDIS.sys @ 0xf977fa21
SendHandler -> NDIS.sys @ 0xf975d87b
user & kernel MBR OK

**************************************************************************
.
Celkový čas: 2009-11-20 09:19
ComboFix-quarantined-files.txt 2009-11-20 08:19
ComboFix2.txt 2008-06-25 11:32

Před spuštěním: 232 800 256
Po spuštění: 345 251 840

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 53576A188F3FBB5C5D1AD3DEB5A92438

pechytce · Příspěvekod **pechytce** » 20 lis 2009 09:39

Malwarebytes' Anti-Malware 1.41
Verze databáze: 3201
Windows 5.1.2600 Service Pack 3

20.11.2009 9:37:51
mbam-log-2009-11-20 (09-37-51).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 107200
Uplynulý čas: 5 minute(s), 6 second(s)

Infikované procesy v paměti: 4
Infikované moduly v paměti: 0
Infikované klíče registru: 19
Infikované hodnoty registru: 5
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 11

Infikované procesy v paměti:
C:\Program Files\Adobe\acrotray.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\Adobe\acrotray.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\Adobe\acrotray .exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\Adobe\acrotray .exe (Trojan.Downloader) -> Unloaded process successfully.

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\TypeLib\{218cb45f-20b6-11d2-8e17-0000f803a446} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{06f6ea9d-88b0-45a9-9f26-ce0898d9ea1c} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{218cb451-20b6-11d2-8e17-0000f803a446} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{218cb453-20b6-11d2-8e17-0000f803a446} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{218cb454-20b6-11d2-8e17-0000f803a446} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{218cb455-20b6-11d2-8e17-0000f803a446} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{218cb456-20b6-11d2-8e17-0000f803a446} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{28e28123-7dc5-45d3-860e-8ee1c3681bd5} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{35edd1cc-1a8c-11d2-b49d-00c04fb90376} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{35edd1cd-1a8c-11d2-b49d-00c04fb90376} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{659ecad8-a5c0-11d2-a440-00c04f795683} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{659ecad9-a5c0-11d2-a440-00c04f795683} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6fd143e6-20a5-11d2-91ad-0000f81fefc9} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{82e11592-20f5-11d2-91ad-0000f81fefc9} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{97c3808a-eca1-4ca6-8d09-122a3cc54b3b} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c9a6a6b6-9bc1-43a5-b06b-e58874eebc96} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cb643558-61cd-42b2-a9a5-496a7884ad61} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f3a614dd-abe0-11d2-a441-00c04f795683} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ff55d627-cf5b-40de-850f-62d20bc241c8} (Trojan.Downloader) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adobe_reader (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msmsgs (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\h/pc connection agent (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\skype (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\idkaun (Trojan.Downloader) -> Quarantined and deleted successfully.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Program Files\Adobe\acrotray.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\acrotray .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Messenger\msmsgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft ActiveSync\wcescomm .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Skype\Phone\skype.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\soundman.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\idkaun.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\DP\Plocha\soundman.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\idkaun .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\idkaun.exe.delme53 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\idkaun.exe.delme863 (Trojan.Downloader) -> Quarantined and deleted successfully.

Příspěvekod **jaro3** » 20 lis 2009 11:14

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\idkaun.exe

Folder::
c:\program files\NOS

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"idkaun"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\drivers\viasraid_2.sys
c:\windows\system32\idkaun.exe
c:\windows\system32\soundman.exe
c:\program files\Adobe\acrotray.exe
Vlož sem pak odkazy výsledků.

Edit: Máš tam dva antiviry a antispyware:
ESET Smart Security
Microsoft Security Essentials

Jeden bys měl odinstalovat..

pechytce · Příspěvekod **pechytce** » 20 lis 2009 18:29

ComboFix 09-11-19.06 - DP 20.11.2009 17:29.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.255.105 [GMT 1:00]
Spuštěný z: c:\documents and settings\DP\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\DP\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\windows\system32\idkaun.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\NOS
c:\program files\NOS\bin\getPlus_Helper.dll
c:\program files\NOS\bin\gp.ocx

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_getPlusHelper
-------\Service_getPlusHelper

((((((((((((((((((((((((( Soubory vytvořené od 2009-10-20 do 2009-11-20 )))))))))))))))))))))))))))))))
.

2009-11-20 08:00 . 2008-04-13 18:40 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-20 08:00 . 2003-09-05 02:25 77056 ----a-w- c:\windows\system32\drivers\viasraid.sys
2009-11-20 08:00 . 2003-09-05 02:25 77056 ----a-r- c:\windows\system32\drivers\viasraid_2.sys
2009-11-19 17:53 . 2009-11-19 17:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-11-19 07:06 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-19 07:06 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-18 08:52 . 2009-11-02 19:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-18 08:44 . 2009-11-19 17:45 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-11-11 12:26 . 2009-11-11 12:26 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2009-11-11 12:26 . 2009-11-11 12:26 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
2009-11-04 17:12 . 2002-01-05 14:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-11-04 17:12 . 2009-11-19 17:35 -------- d-----w- c:\program files\AVS4YOU

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 16:23 . 2009-06-18 05:52 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Preview
2009-11-20 09:29 . 2007-08-08 19:45 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-20 08:27 . 2009-05-29 09:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 08:25 . 2007-08-14 19:25 -------- d-----w- c:\program files\ICQToolbar
2009-11-19 17:54 . 2008-04-11 05:17 -------- d-----w- c:\program files\FreeCommander
2009-11-19 17:17 . 2009-09-07 06:12 -------- d-----w- c:\program files\Capture-A-ScreenShot
2009-11-18 09:59 . 2007-09-09 17:25 -------- d-----w- c:\program files\ESET
2009-11-11 12:26 . 2008-03-17 14:35 -------- d-----w- c:\program files\Google
2009-11-04 17:13 . 2007-10-23 07:00 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-10-26 08:59 . 2001-10-25 16:00 77850 ----a-w- c:\windows\system32\perfc005.dat
2009-10-26 08:59 . 2001-10-25 16:00 428744 ----a-w- c:\windows\system32\perfh005.dat
2009-10-24 16:05 . 2008-07-04 07:49 -------- d-----w- c:\program files\OpenOffice.org 2.4
2009-10-21 11:06 . 2007-08-08 17:22 -------- d-----w- c:\program files\DrillBook
2009-09-11 14:19 . 2004-08-17 15:49 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 13:54 . 2009-05-29 09:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-05-29 09:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:05 . 2004-08-17 15:49 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:58 . 2004-08-17 15:49 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2004-08-17 15:49 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-20_08.14.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-20 16:42 . 2009-11-20 16:42 16384 c:\windows\temp\Perflib_Perfdata_430.dat
+ 2003-08-18 13:26 . 2003-08-18 13:26 25872 c:\windows\system32\fm20enu.dll
- 2007-08-08 17:35 . 2009-11-19 17:24 90112 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 90112 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 45056 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 45056 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 22528 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 22528 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 30720 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 30720 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 16384 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 16384 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 34304 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 34304 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 81920 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 81920 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 3584 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 3584 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 8192 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 8192 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 2560 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 2560 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 114688 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 114688 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 167936 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 167936 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2003-09-25 11:07 . 2003-09-25 11:07 1139472 c:\windows\system32\FM20.DLL
+ 2004-02-24 12:04 . 2004-02-24 12:04 56057492 c:\windows\Installer\2a7333.msp
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-10-05 520024]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-10-08 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2007-8-8 565248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\skype .exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12.4.2009 7:21 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.8.2007 17:54 685816]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [20.11.2009 9:00 77056]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - CLASSPNP_2

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'

2009-11-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 06:21]

2009-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\DP\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-20 17:43
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x81B6D1E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf9a76f28
\Driver\ACPI -> ACPI.sys @ 0xf98e7cb8
\Driver\atapi -> atapi.sys @ 0xf987cb40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf9772bb0
PacketIndicateHandler -> NDIS.sys @ 0xf977fa21
SendHandler -> NDIS.sys @ 0xf975d87b
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3368)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware\AAWService.exe
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-11-20 17:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-11-20 16:51
ComboFix2.txt 2009-11-20 08:19
ComboFix3.txt 2008-06-25 11:32

Před spuštěním: 228 151 296
Po spuštění: 162 762 752

- - End Of File - - EAA610F0DC8A506384BAEC2FAABB8E7D

Soubor viasraid_2.sys přijatý 2009.11.20 17:15:08 (UTC)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.41 2009.11.20 -
AhnLab-V3 5.0.0.2 2009.11.19 -
AntiVir 7.9.1.72 2009.11.20 -
Antiy-AVL 2.0.3.7 2009.11.20 -
Authentium 5.2.0.5 2009.11.20 -
Avast 4.8.1351.0 2009.11.20 -
AVG 8.5.0.425 2009.11.20 -
BitDefender 7.2 2009.11.20 -
CAT-QuickHeal 10.00 2009.11.20 -
ClamAV 0.94.1 2009.11.20 -
Comodo 2983 2009.11.19 -
DrWeb 5.0.0.12182 2009.11.20 -
eSafe 7.0.17.0 2009.11.19 -
eTrust-Vet 35.1.7132 2009.11.20 -
F-Prot 4.5.1.85 2009.11.20 -
F-Secure 9.0.15370.0 2009.11.20 -
Fortinet 3.120.0.0 2009.11.20 -
GData 19 2009.11.20 -
Ikarus T3.1.1.74.0 2009.11.20 -
Jiangmin 11.0.800 2009.11.20 -
K7AntiVirus 7.10.901 2009.11.20 -
Kaspersky 7.0.0.125 2009.11.20 -
McAfee 5807 2009.11.19 -
McAfee+Artemis 5808 2009.11.20 -
McAfee-GW-Edition 6.8.5 2009.11.20 -
Microsoft 1.5302 2009.11.20 -
NOD32 4625 2009.11.20 -
Norman 6.03.02 2009.11.20 -
nProtect 2009.1.8.0 2009.11.20 -
Panda 10.0.2.2 2009.11.20 -
PCTools 7.0.3.5 2009.11.20 -
Prevx 3.0 2009.11.20 -
Rising 22.22.04.09 2009.11.20 -
Sophos 4.47.0 2009.11.20 -
Sunbelt 3.2.1858.2 2009.11.19 -
Symantec 1.4.4.12 2009.11.20 -
TheHacker 6.5.0.2.074 2009.11.19 -
TrendMicro 9.0.0.1003 2009.11.20 -
VBA32 3.12.12.0 2009.11.20 -
ViRobot 2009.11.20.2047 2009.11.20 -
VirusBuster 5.0.21.0 2009.11.19 -
Rozšiřující informace
File size: 77056 bytes
MD5...: 45469fa05947d75874316649a22878d4
SHA1..: 1f1a38cd5337f959f426bc4b6e94ba5387d1ebfe
SHA256: 5e0e801e599120d718e76173d7399be6a1e07b62f60fa6abab440c131716cdd9
ssdeep: 1536:e/ZxAAn/fuQ3zdAy4JPlkgRiKRUnadCXaq:+n/fu0CNJPlkgR9OnTaq 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xc048 timedatestamp.....: 0x3f56f496 (Thu Sep 04 08:15:18 2003) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x300 0xbe88 0xbf00 6.68 4b66a72c40fecdc07e791d02ed9c7908 .rdata 0xc200 0x93c 0x980 2.93 36fa71aea5a4a931b95a01d2bc20f03b .data 0xcb80 0x5280 0x5280 0.06 6dadb829dca1d560827def20691ee87a INIT 0x11e00 0x39c 0x400 4.72 88b4cfc9546b4cb163a4b34d3f2f5717 .rsrc 0x12200 0x448 0x480 3.25 41498cd4a804868d2a6ba69be70f0c0e .reloc 0x12680 0x64a 0x680 6.32 d6988c14e913350193b75efcc0fdb4b4 ( 2 imports ) > ntoskrnl.exe: ExFreePoolWithTag, ExAllocatePoolWithTag, MmFreeContiguousMemory, MmAllocateContiguousMemory, MmGetPhysicalAddress > SCSIPORT.SYS: ScsiPortWritePortUchar, ScsiPortInitialize, ScsiPortWritePortBufferUlong, ScsiPortReadPortBufferUlong, ScsiPortReadRegisterBufferUlong, ScsiPortWritePortUshort, ScsiPortReadPortUlong, ScsiPortWritePortUlong, ScsiPortGetBusData, ScsiPortGetDeviceBase, ScsiPortValidateRange, ScsiPortConvertUlongToPhysicalAddress, ScsiPortStallExecution, ScsiPortReadPortUchar, ScsiPortSetBusDataByOffset, ScsiPortNotification, ScsiPortLogError, ScsiPortMoveMemory, ScsiPortReadPortUshort, ScsiPortReadPortBufferUshort, ScsiPortGetPhysicalAddress, ScsiPortWritePortBufferUshort ( 0 exports ) 
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: Win64 Executable Generic (95.5%) Generic Win/DOS Executable (2.2%) DOS Executable Generic (2.2%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck: publisher....: VIA Technologies inc,.ltd copyright....: Copyright (C) VIA Technologies 1992-2002 product......: Raid controller 6420 driver description..: VIA SATA RAID DRIVER FOR WINXP original name: viasraid.sys internal name: viasraid.sys file version.: 5.1.2600.210 comments.....: signers......: - signing date.: - verified.....: Unsigned 

c:\windows\system32\idkaun.exe nebyl nalezen
c:\windows\system32\soundman.exe nebyl nalezen

Soubor acrotray.exe1321 přijatý 2009.11.20 17:20:37 (UTC)
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.41 2009.11.20 Trojan-Downloader.Win32.Unruy!IK
AhnLab-V3 5.0.0.2 2009.11.19 -
AntiVir 7.9.1.72 2009.11.20 TR/Agent.ANVH.24
Antiy-AVL 2.0.3.7 2009.11.20 Trojan/Win32.Cycler.gen
Authentium 5.2.0.5 2009.11.20 -
Avast 4.8.1351.0 2009.11.20 Win32:Agent-AHPW
AVG 8.5.0.425 2009.11.20 Downloader.Generic9.NXX
BitDefender 7.2 2009.11.20 Trojan.Agent.ANVH
CAT-QuickHeal 10.00 2009.11.20 -
ClamAV 0.94.1 2009.11.20 -
Comodo 2983 2009.11.19 -
DrWeb 0.00 2009.11.20 -
eSafe 7.0.17.0 2009.11.19 -
eTrust-Vet 35.1.7132 2009.11.20 -
F-Prot 4.5.1.85 2009.11.20 -
F-Secure 9.0.15370.0 2009.11.20 -
Fortinet 3.120.0.0 2009.11.20 -
GData 19 2009.11.20 Trojan.Agent.ANVH
Ikarus T3.1.1.74.0 2009.11.20 Trojan-Downloader.Win32.Unruy
Jiangmin 11.0.800 2009.11.20 TrojanClicker.Cycler.p
K7AntiVirus 7.10.901 2009.11.20 Trojan.Win32.Malware.4
Kaspersky 7.0.0.125 2009.11.20 Trojan-Clicker.Win32.Cycler.ewu
McAfee 5807 2009.11.19 Downloader-BYW
McAfee+Artemis 5808 2009.11.20 Downloader-BYW
McAfee-GW-Edition 6.8.5 2009.11.20 Heuristic.BehavesLike.Win32.Suspicious.H
Microsoft 1.5302 2009.11.20 TrojanDownloader:Win32/Unruy.C
NOD32 4625 2009.11.20 a variant of Win32/TrojanDownloader.Unruy.AS
Norman 6.03.02 2009.11.20 -
nProtect 2009.1.8.0 2009.11.20 Trojan/W32.Agent.37390
Panda 10.0.2.2 2009.11.20 Trj/CI.A
PCTools 7.0.3.5 2009.11.20 Trojan.Generic
Prevx 3.0 2009.11.20 Medium Risk Malware
Rising 22.22.04.09 2009.11.20 -
Sophos 4.47.0 2009.11.20 Mal/Mdrop-T
Sunbelt 3.2.1858.2 2009.11.19 Trojan.Win32.Generic!BT
Symantec 1.4.4.12 2009.11.20 Trojan Horse
TheHacker 6.5.0.2.074 2009.11.19 Trojan/Agent.gen
TrendMicro 9.0.0.1003 2009.11.20 -
VBA32 3.12.12.0 2009.11.20 -
ViRobot 2009.11.20.2047 2009.11.20 -
VirusBuster 5.0.21.0 2009.11.19 Trojan.CL.Cycler.Gen
Rozšiřující informace
File size: 37390 bytes
MD5   : 47a70972e2f16eeddc844d594ab4c543
SHA1  : 0578ab0a7b3590659952ec239eccdf32a4422f59
SHA256: 36ac239c84fb909d939981c38a162de0576649c587385b9af78ab7b5bd61489e
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x37D7 timedatestamp.....: 0x4AF8F551 (Tue Nov 10 06:08:33 2009) machinetype.......: 0x14C (Intel I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x28B6 0x2A00 5.72 825461214bb5fea37ff10fd417a69a87 .rdata 0x4000 0x294 0x400 3.46 9521b29606a8f5674a826051d05c7018 .data 0x5000 0x14DEC 0x6000 6.84 6e6c01ab617cb72754875d83f1d89459 ( 1 imports ) > kernel32.dll: GetFileAttributesExA, HeapDestroy, HeapFree, HeapCreate, HeapAlloc, GetProcessHeap, CloseHandle, Sleep, ReadFile, SetFilePointer, CreateFileA, ExitProcess, GetModuleFileNameA, QueryPerformanceCounter, GetProcAddress, LoadLibraryA, VirtualAlloc, VirtualFree, IsBadReadPtr, lstrcmpiA, FreeLibrary, HeapReAlloc, GetModuleHandleA, GetStartupInfoA, GetCommandLineA ( 0 exports ) 
TrID  : File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 768:X/9RM3J8SdbnSXWHqeEMzfOyzp5G7Yf1L3NO9WsZX6SFvGJEM3Jz5bOR46aPX:P9RM3JF7SXWHqeEMzfOyN5G7Yfd3+3X8
Prevx Info: <a href="http://info.prevx.com/aboutprogramtext.asp?PX5=08CF56CB0E1E2C7092EC0006FB89A1003CB11EEF" target="_blank">http://info.prevx.com/aboutprogramtext.asp?PX5=08CF56CB0E1E2C7092EC0006FB89A1003CB11EEF</a>
PEiD  : -
RDS   : NSRL Reference Data Set -

K tem dvema virum , j a vidim v pc jen ten eset a to jeste ke vsemu jen v program files a kdyz ho chci smaznout napise mi to hlasku viz http://hcteplice.cz/capture1.jpg , vubec nevim jak na nej

Příspěvekod **jaro3** » 20 lis 2009 20:37

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\Installer\2a7333.msp
c:\program files\Adobe\acrotray.exe

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Odinstaluj spíše:
Microsoft Security Essentials

pechytce · Příspěvekod **pechytce** » 21 lis 2009 20:05

ComboFix 09-11-20.05 - DP 21.11.2009 19:35.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.255.91 [GMT 1:00]
Spuštěný z: c:\documents and settings\DP\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\DP\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\program files\Adobe\acrotray.exe"
"c:\windows\Installer\2a7333.msp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\2a7333.msp

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-21 do 2009-11-21 )))))))))))))))))))))))))))))))
.

2009-11-20 08:00 . 2008-04-13 18:40 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-11-20 08:00 . 2003-09-05 02:25 77056 ----a-w- c:\windows\system32\drivers\viasraid.sys
2009-11-20 08:00 . 2003-09-05 02:25 77056 ----a-r- c:\windows\system32\drivers\viasraid_2.sys
2009-11-19 17:53 . 2009-11-19 17:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-11-19 07:06 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-19 07:06 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-18 08:52 . 2009-11-02 19:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-18 08:44 . 2009-11-19 17:45 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-11-11 12:26 . 2009-11-11 12:26 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2009-11-11 12:26 . 2009-11-11 12:26 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
2009-11-04 17:12 . 2002-01-05 14:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-11-04 17:12 . 2009-11-19 17:35 -------- d-----w- c:\program files\AVS4YOU

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 17:22 . 2009-06-18 05:52 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Preview
2009-11-20 17:05 . 2009-09-07 06:12 -------- d-----w- c:\program files\Capture-A-ScreenShot
2009-11-20 09:29 . 2007-08-08 19:45 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-20 08:27 . 2009-05-29 09:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 08:25 . 2007-08-14 19:25 -------- d-----w- c:\program files\ICQToolbar
2009-11-19 17:54 . 2008-04-11 05:17 -------- d-----w- c:\program files\FreeCommander
2009-11-18 09:59 . 2007-09-09 17:25 -------- d-----w- c:\program files\ESET
2009-11-11 12:26 . 2008-03-17 14:35 -------- d-----w- c:\program files\Google
2009-11-04 17:13 . 2007-10-23 07:00 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-10-26 08:59 . 2001-10-25 16:00 77850 ----a-w- c:\windows\system32\perfc005.dat
2009-10-26 08:59 . 2001-10-25 16:00 428744 ----a-w- c:\windows\system32\perfh005.dat
2009-10-24 16:05 . 2008-07-04 07:49 -------- d-----w- c:\program files\OpenOffice.org 2.4
2009-10-21 11:06 . 2007-08-08 17:22 -------- d-----w- c:\program files\DrillBook
2009-09-11 14:19 . 2004-08-17 15:49 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 13:54 . 2009-05-29 09:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-05-29 09:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:05 . 2004-08-17 15:49 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:58 . 2004-08-17 15:49 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2004-08-17 15:49 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-20_08.14.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-21 18:46 . 2009-11-21 18:46 16384 c:\windows\temp\Perflib_Perfdata_42c.dat
+ 2003-08-18 13:26 . 2003-08-18 13:26 25872 c:\windows\system32\fm20enu.dll
- 2007-08-08 17:35 . 2009-11-19 17:24 90112 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 90112 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 45056 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 45056 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 22528 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 22528 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 30720 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 30720 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 16384 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 16384 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 34304 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 34304 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 81920 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 81920 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 3584 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 3584 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 8192 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 8192 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 2560 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 2560 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2009-10-14 08:32 . 2009-10-14 08:32 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2009-11-20 16:59 . 2009-11-20 16:59 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 114688 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 114688 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2007-08-08 17:35 . 2009-11-19 17:24 167936 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2007-08-08 17:35 . 2009-11-20 09:29 167936 c:\windows\Installer\{90280405-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2003-09-25 11:07 . 2003-09-25 11:07 1139472 c:\windows\system32\FM20.DLL
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-10-05 520024]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-10-08 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2007-8-8 565248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\skype .exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-27 64160]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-08-14 685816]
S0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2003-09-05 77056]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-05 1028432]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - CLASSPNP_2

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'

2009-11-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 06:21]

2009-11-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\DP\Data aplikací\Mozilla\Firefox\Profiles\fvpiafb8.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox 3.5 Preview\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox 3.5 Preview\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 19:47
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x81B6D1E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf9a76f28
\Driver\ACPI -> ACPI.sys @ 0xf98e7cb8
\Driver\atapi -> atapi.sys @ 0xf987cb40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf9772bb0
PacketIndicateHandler -> NDIS.sys @ 0xf977fa21
SendHandler -> NDIS.sys @ 0xf975d87b
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2576)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-11-21 19:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-11-21 18:58
ComboFix2.txt 2009-11-20 16:51
ComboFix3.txt 2009-11-20 08:19
ComboFix4.txt 2008-06-25 11:32

Před spuštěním: 71 389 184
Po spuštění: 64 032 768

- - End Of File - - 626FEEB66907A5BA4466C50C843FEDD2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04, on 21.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 3.5 Preview\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)

--
End of file - 6068 bytes
dekuji...

Příspěvekod **jaro3** » 21 lis 2009 21:16

Když budeš chtít odinstalovat ( ne mazat!) Eset Smart Security , tak musíš nejprve vypnout rez. ochrany i firewall.

Toto otestuj na Virustotal
c:\windows\system32\drivers\atapi.sys
Vlož sem pak odkazy výsledků.

Stáhni si MBR Rootkit Detektor
- ulož si ho přímo na disk C a spusť ho
- za chvíli se ti vytvoří jeho log (mbr.log) vlož sem celý jeho obsah.

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si program OTM (by OldTimer)
http://www.edisk.cz/stahni/07995/OTMove ... .39KB.html
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
c:\program files\Adobe\acrotray.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

zacalo to smtp Vyřešeno

Re: zacalo to smtp

Re: zacalo to smtp

Re: zacalo to smtp

Re: zacalo to smtp

Re: zacalo to smtp

Re: zacalo to smtp

Re: zacalo to smtp

Re: zacalo to smtp

Re: zacalo to smtp

Re: zacalo to smtp

Re: zacalo to smtp

Re: zacalo to smtp

Kdo je online