svchost.exe napaden viry

[Rudy]

OK, provedeno. Jak se PC nyní tváří?

[Beggy]

Zatím si na nic nestěžuje, doufám, že to tak zůstane, uvidíme, prozatím děkuju, ještě napíšu zítra večer, jestli se něco dělo
:-)

[Rudy]

Prozatím nemáte zač!

[Beggy]

Tak se mršky pořád obě hlásí, není možné, že se jedná a planý poplach?

[Rudy]

V kterých jsou souborech?

[Beggy]

Pořád a jen svchost.exe nic jiného....a občas c:\Documents and setting\NetworkService\Local Settings\Temporalz internet files\content.IE5\pak se to již liší... Jméno souboru je neustále "x"

[Rudy]

Svchost jsme včera překopírovali. Ten svchost je v adresři windows\system 32? Obsah c:\Documents and setting\NetworkService\Local Settings\Temporalz internet files\content.IE5 můžete kompletně smazat.

[Beggy]

Ano, jeho cesta je c:\WINDOWS\system32\ a zde se nachází svchost.exe jeho velikost je 14 336kb.

[Rudy]

OK. Otestujte ho na www.virustotal.com . Výsledek oznamte.

[Beggy]

File name:
SVCHOST.EXE
Submission date:
2010-09-29 04:26:02 (UTC)
Current status:
finished
Result:
0 /43 (0.0%)


Ani avast v něm nicnenachází, PC není nijak zpomalen, ani s ním nejsou žádné jiné problémy...

[Beggy]

MD5 : dfba2915b0bf58abb288cd4c9318cb3f
SHA1 : f7b9909b2226503cb670ec10869a0ded4ebf6ddd
SHA256: 5fc6c8fe81b4c015433aee7d035a79056e77b7272dc4316b6b2f0548ebf1da38
ssdeep: 384:cwiRrTp13SkhnRCwOV5JpeLCdw9rDpWCl8CbW:OT/3Ska6Lh8C
File size : 14336 bytes
First seen: 2007-11-14 21:22:00
Last seen : 2010-09-29 04:26:02
Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Generic Host Process for Win32 Services
original name: svchost.exe
internal name: svchost.exe
file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x2509
timedatestamp....: 0x41107ED6 (Wed Aug 04 06:14:46 2004)
machinetype......: 0x14C (Intel I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x2C00, 0x2C00, 6.29, 778f37da200b1e2cb4a91f7b0eb551cb
.data, 0x4000, 0x1F0, 0x200, 1.61, 553c0ebbbc67abab785f2065a062b522
.rsrc, 0x5000, 0x418, 0x600, 2.54, 2997285df9158db5a62ffb42a2fd0d07

[[ 4 import(s) ]]
advapi32.dll: RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW
kernel32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook
ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid
rpcrt4.dll: RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status, RpcMgmtStopServerListening

[Beggy]

http://www.imghosting.cz/view-67Vir_1.jpg

[Rudy]

Svchost je čistý. Zkuste ještě spustit ComboFix tímto skriptem:

Collect::
c:\WINDOWS\system32\x

[Beggy]

ComboFix 10-10-01.07 - Beggy 05.10.2010 21:28:24.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.3071.2615 [GMT 2:00]
Spuštěný z: c:\documents and settings\Beggy\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Beggy\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-09-05 do 2010-10-05 )))))))))))))))))))))))))))))))
.

2010-10-03 19:28 . 2010-10-03 19:28 -------- d--h--w- c:\windows\PIF
2010-10-03 08:16 . 2010-10-03 08:25 -------- d-----w- c:\program files\trend micro
2010-10-03 08:16 . 2010-10-03 08:16 -------- d-----w- C:\rsit
2010-10-03 08:14 . 2010-10-03 08:14 -------- d-----w- c:\program files\Zone Labs
2010-10-03 08:14 . 2010-10-03 08:14 -------- d-----w- c:\windows\Internet Logs
2010-10-03 07:12 . 2010-10-03 07:12 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-10-03 07:12 . 2010-10-03 07:12 -------- d-----w- c:\program files\AVS4YOU
2010-10-03 07:12 . 2008-11-24 10:00 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-10-03 07:12 . 2008-11-24 10:00 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-10-03 07:12 . 2008-11-24 10:00 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-10-03 07:12 . 2008-11-24 10:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-10-03 07:12 . 2008-11-24 10:00 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-10-03 07:12 . 2008-11-24 10:00 638976 ----a-w- c:\windows\system32\divx.dll
2010-10-03 07:12 . 2008-11-24 10:00 524288 ----a-w- c:\windows\system32\xvidcore.dll
2010-10-03 07:12 . 2008-11-24 10:00 413760 ----a-w- c:\windows\system32\mpg4c32.dll
2010-10-03 07:12 . 2008-11-24 10:00 261632 ----a-w- c:\windows\system32\mcdvd_32.dll
2010-10-03 07:12 . 2008-11-24 10:00 139264 ----a-w- c:\windows\system32\xvidvfw.dll
2010-10-03 07:05 . 2010-10-03 07:05 -------- d-----w- c:\program files\VideoLAN
2010-10-02 15:47 . 2010-10-02 15:47 -------- d-----w- c:\program files\BlackBeanGames
2010-10-02 15:46 . 2010-10-02 15:52 -------- d-----w- c:\windows\SxsCaPendDel
2010-10-02 15:28 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-10-02 15:28 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-10-02 15:28 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-10-02 15:28 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-02 15:28 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2010-10-02 15:26 . 2007-07-19 22:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-10-02 15:26 . 2007-07-19 16:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-10-02 15:26 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-10-02 15:26 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-10-02 15:26 . 2007-10-22 01:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2010-10-02 15:26 . 2007-06-20 18:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2010-10-02 15:26 . 2007-05-16 14:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2010-10-02 15:26 . 2007-05-16 14:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2010-10-02 15:26 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2010-10-02 15:26 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2010-10-02 15:26 . 2007-04-04 16:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2010-10-02 15:26 . 2007-03-15 14:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2010-10-02 15:26 . 2007-03-12 14:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2010-10-02 15:25 . 2007-03-12 14:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-10-02 15:25 . 2007-01-24 13:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2010-10-02 15:25 . 2006-12-08 10:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2010-10-02 15:25 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-02 15:25 . 2007-03-05 10:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2010-10-02 15:25 . 2006-09-28 14:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2010-10-02 15:25 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-10-02 15:25 . 2006-07-28 07:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2010-10-02 15:25 . 2006-07-28 07:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2010-10-02 15:24 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-10-02 15:21 . 2010-10-02 15:25 -------- d-----w- c:\windows\Logs
2010-10-02 10:47 . 2010-10-05 16:57 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-10-02 10:47 . 2010-10-02 10:47 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-02 09:34 . 2010-10-02 09:34 1 ----a-w- c:\documents and settings\Beggy\Data aplikací\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-10-02 09:32 . 2010-10-02 09:32 -------- d-----w- c:\program files\OpenOffice.org 3
2010-10-01 19:44 . 2010-10-01 19:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-01 19:43 . 2010-10-01 19:43 -------- d-----w- c:\windows\Cache
2010-10-01 13:18 . 2010-10-01 13:18 -------- d-----w- c:\program files\Opera
2010-09-30 20:11 . 2010-09-30 20:11 -------- d-----w- c:\program files\Ashampoo
2010-09-30 18:29 . 2010-10-03 16:42 -------- d-----w- C:\Downloads
2010-09-30 18:28 . 2010-09-30 18:28 1448448 ----a-w- c:\documents and settings\Skalický Jiří\Data aplikací\Mozilla\Firefox\Profiles\c5lvwepl.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2010-09-30 18:28 . 2010-09-30 18:28 -------- d-----w- c:\program files\BitComet
2010-09-30 17:55 . 2005-08-18 20:00 83968 ----a-w- c:\documents and settings\All Users\Data aplikací\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP150 Series Printer\LanguageModules\040c\CNMsr7K.dll
2010-09-30 17:54 . 2010-09-30 17:54 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-09-30 17:54 . 2010-09-30 17:54 -------- d-----w- c:\program files\ScanSoft
2010-09-30 17:53 . 2010-09-30 17:53 -------- d-----w- c:\program files\ArcSoft
2010-09-30 17:53 . 1995-08-01 02:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-09-30 17:52 . 2003-09-18 12:32 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-30 17:52 . 2003-09-18 12:32 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-30 17:52 . 2003-09-18 12:32 1060864 ----a-w- c:\windows\system32\MFC71.dll
2010-09-30 17:52 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-09-30 17:51 . 2010-09-30 17:51 -------- d-----w- c:\windows\StartHtmico
2010-09-30 17:51 . 2010-09-30 17:51 -------- d--h--w- c:\windows\system32\CanonMP Uninstaller Information
2010-09-30 17:51 . 2005-08-04 04:13 49152 ----a-w- c:\windows\system32\cncisco.dll
2010-09-30 17:51 . 2005-08-04 04:12 221184 ----a-w- c:\windows\system32\CNCC150.DLL
2010-09-30 17:51 . 2005-08-04 04:12 69632 ----a-w- c:\windows\system32\CNCI150.DLL
2010-09-30 17:51 . 2005-05-30 10:45 139264 ----a-w- c:\windows\system32\CNCL150.DLL
2010-09-30 17:51 . 2010-09-30 17:51 -------- d-----w- C:\CanonMP
2010-09-30 17:50 . 2010-09-30 17:52 -------- d-----w- c:\program files\Canon
2010-09-30 16:41 . 2001-10-24 09:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-09-30 16:41 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-09-30 16:28 . 2010-09-30 16:28 -------- d-----w- c:\program files\A4Tech
2010-09-30 16:27 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-09-30 16:27 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-09-30 16:22 . 2001-08-17 20:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-09-30 16:22 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-09-30 16:22 . 2004-08-03 21:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-09-30 16:22 . 2004-08-03 21:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-09-28 14:26 . 2010-09-28 14:26 -------- d-----w- c:\program files\CallingID
2010-09-28 14:06 . 2010-09-28 14:06 -------- d-----w- c:\program files\Cobian Backup 10
2010-09-28 13:32 . 2010-10-02 15:59 -------- d-----w- C:\Sebráno z plochy
2010-09-28 12:43 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-28 12:43 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-28 12:43 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-28 12:43 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-28 12:43 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-28 12:43 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-28 12:43 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-28 12:43 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-28 12:43 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-28 12:43 . 2010-09-28 12:43 -------- d-----w- c:\program files\Alwil Software
2010-09-28 12:42 . 2010-09-28 12:42 -------- d-----w- c:\windows\system32\oodag
2010-09-28 12:32 . 2010-09-28 12:32 -------- d-----w- c:\program files\CCleaner
2010-09-28 12:13 . 2010-09-28 12:16 -------- d-----w- c:\program files\OO Software
2010-09-28 11:42 . 2010-10-01 11:05 -------- d-----w- C:\Dokumenty !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2010-09-28 11:28 . 2010-09-28 11:28 -------- d-----w- c:\program files\7-Zip
2010-09-28 11:27 . 2010-09-28 11:27 -------- d-----w- c:\program files\Glary Registry Repair
2010-09-28 11:26 . 2010-09-28 11:40 -------- d-----w- c:\program files\EasyCleaner
2010-09-28 11:08 . 2010-09-28 11:08 0 ----a-w- c:\windows\nsreg.dat
2010-09-28 11:05 . 2010-09-28 11:05 -------- d-----w- c:\windows\system32\cs-cz
2010-09-28 11:03 . 2010-09-28 11:03 -------- d--h--w- c:\windows\$hf_mig$

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 15:47 . 2010-09-28 08:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-10-01 17:26 . 2010-09-28 08:30 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-10-01 17:26 . 2010-09-28 08:30 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-10-01 17:25 . 2010-09-28 08:30 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-09-30 18:09 . 2010-09-28 10:53 -------- d-----w- c:\program files\PSPad editor
2010-09-30 17:53 . 2010-09-28 08:38 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-28 14:23 . 2010-09-28 10:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-28 10:54 . 2010-09-28 10:54 -------- d-----w- c:\program files\MP3codec-rdm
2010-09-28 10:52 . 2010-09-28 10:52 -------- d-----w- c:\program files\Convert - převod veličin
2010-09-28 10:38 . 2010-09-28 10:38 -------- d-----w- c:\program files\Zoner Photo Studio 8
2010-09-28 10:12 . 2010-09-28 10:12 -------- d-----w- c:\program files\Microsoft Works
2010-09-28 10:12 . 2010-09-28 10:12 -------- d-----w- c:\program files\MSBuild
2010-09-28 09:59 . 2010-09-28 09:59 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-28 08:59 . 2002-11-02 18:58 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-09-28 08:59 . 2002-11-02 18:58 309990 ----a-w- c:\windows\system32\perfh005.dat
2010-09-28 08:58 . 2010-09-28 08:58 -------- d-----w- c:\program files\Attansic
2010-09-28 08:52 . 2010-09-28 08:52 -------- d-----w- c:\program files\Realtek
2010-09-28 08:46 . 2010-09-28 08:46 -------- d-----w- c:\program files\VIA
2010-09-28 08:43 . 2010-09-28 08:43 -------- d-----w- c:\program files\totalcmd CZ
2010-09-28 08:38 . 2010-09-28 08:38 -------- d-----w- c:\program files\AMD
2010-09-28 08:31 . 2010-09-28 08:31 -------- d-----w- c:\program files\microsoft frontpage
2010-09-28 08:27 . 2010-09-28 08:27 21812 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-10-03_09.25.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-01 19:44 . 2010-10-05 17:30 2472448 c:\windows\Installer\1690d07.msi
- 2010-10-01 19:44 . 2010-10-03 07:31 2472448 c:\windows\Installer\1690d07.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Beggy\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-09-30 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Cobian Backup 10 Interface"="c:\program files\Cobian Backup 10\cbInterface.exe" [2010-09-21 3152384]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Beggy\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24432:TCP"= 24432:TCP:BitComet 24432 TCP
"24432:UDP"= 24432:UDP:BitComet 24432 UDP
"11059:TCP"= 11059:TCP:BitComet 11059 TCP
"11059:UDP"= 11059:UDP:BitComet 11059 UDP

R0 mv614x;mv614x;c:\windows\system32\drivers\mv614x.sys [28.9.2010 10:58 63232]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28.9.2010 14:43 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28.9.2010 14:43 17744]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [28.9.2010 10:58 35712]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.10.2010 12:47 691696]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: {616DBB26-10AF-4EDB-B6F0-7927D24C88AB} = 82.144.143.254,10.100.100.2
FF - ProfilePath - c:\documents and settings\Beggy\Data aplikací\Mozilla\Firefox\Profiles\3uwb5r50.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\program files\CallingID\Toolbar\Firefox\components\CIDDomFx3.dll
FF - component: c:\program files\CallingID\Toolbar\Firefox\components\CIDDomFx35.dll
FF - component: c:\program files\CallingID\Toolbar\Firefox\components\CIDDomFx36.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-05 21:31
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="EA72DAF17EDD8962604367A0A5E5DC1B4F1D0EAA3ECD751F18862D9CC069B5B3287F8FC91E2AF841DABBAA0C76035CF77D3772E35C2797D05314B051A38E5D5B33CE788DC850D5D4303A23905C49281C56525E638E95096571E04B44B85AE84E6CE22D9D875B25363855A7C7A867D2ECC73D8A208D8C8FAD1A8CB76A4024706C5453090A46A86D70EDB8D2FE8DE0F3C4E8D67445F654F3F09CD0716CE2998A88144B2718D36A3903F127833BA50B286FF095D9B2CC8902E8EA76BA27A7BBD7E8740BEC41622516638772FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794A6171C11EC38DE3D8EDD5E5BE2F6E6677A531223CBBE6B9772B1FB5865267A02429C0F6A633A7FE51CD0223E65B9EAE15D9C9F0F578B907B751AE5C36BD2502072ADBB1F1EE350787FDD552D4E7B4C848F7A6097E4CBE98E86892FB3095CA66EF6146171E433D29374342F9302D019696D7EB735AA809A099D32E2A263EF9BB78B40D3066FA03BB79620705967213D6791F26BB5611BE836F979706527AC6E5D3154CBD1791AE2FAC5A037B96CC6CD69DED4A6B74782C0739EF72B9F01260253A7A765A043004608A7E80CC3010FFE6DF953F7B21D92AF35D0FBCACAA465DD22F7C2211110A6861A24E1565C1ABBAA854B53D0ECA99AEA839A876AB649E4AF64EDE5E49426D7E70266A5643BAF03CE5780ED0784B6DCC6F7494F8A84A897C64D9883767454D055A7DF04E5EBBF108D1E0CEFD66A90913FC3F03D0D28815E979EC9C0844966425981C28172CEC97FAC29A0D8DDE189E0F3A8E6EEBA6D961338B198791D03B3D0A61F89538296D2E495D7B95D9E0678EC267EC4B5BC71AE01E5F261BC37E3121790A06E68F34B64C358A292E5FEC134483E31E917A52693687FE1434BA8825CA091BBF2DC88C80A99A3142D904AD69DF7C53FF6CC65D095FD0B14A09CB0CA736E44B9DA86E3BFD4D04F48CFABAE5994796D3BD244568B85E82E30A15CED7A3B766C76ADEB90B2D8CDD573813EBD337EB986CEA79E3345BBC4B673AF66E3249A216D66B8C8FB79AFE5D25B107DED1FC59D09B2E3B21ABD922312AEFB4FFCAF7D4B4F8B0B0DF7C175E20B5A8E581BB057FA0F373A878F0BE707D645F75C055753C6C08079DBB888CA8362DE4FEF024A271D58401FDDFA199EE7BA2F5C0A2C2A10D612F11B8CD8A3D4F762E96D16C62627C34743CCA4A6239DB39BF9A30507892CB73823CD2B543ABB69BA1344D56D4FD39F624E448243BB4FC8F7C40CB08DAD21924BE631F68EC62BEEBC84F76BE2A8A95BD47EC4D0E3CA23FA74C41A221D21EF8B09A7A8634C1CD698DD7CEA45F365AB8EED87D49CFE068A14D84014A674C21C36D2E2DC98B4DAEF67B74D460AD290DCCA"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1844)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\msi.dll

- - - - - - - > 'explorer.exe'(2828)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\msi.dll
.
Celkový čas: 2010-10-05 21:32:16
ComboFix-quarantined-files.txt 2010-10-05 19:32
ComboFix2.txt 2010-10-04 17:32
ComboFix3.txt 2010-10-03 10:27
ComboFix4.txt 2010-10-03 09:25

Před spuštěním: Volných bajtů: 254 910 787 584
Po spuštění: Volných bajtů: 254 955 208 704

- - End Of File - - 754B4D1F187CD2775151A846435358B2

[Rudy]

Ten soubor, který Avast hlásil, se v adresáři system32 nevyskytuje. CF nic nemazal. Log vypadá čistý.