Logy z Combofixu a Hijackthis - prosím o kontrolu
Napsal: 07 říj 2012 21:03
1) Combofix
-------------
ComboFix 12-10-04.02 - Zuzana Cieslarová 10/07/2012 21:32:27.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.510.155 [GMT 2:00]
Spuštěný z: c:\programy\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Uninstall
c:\program files\Common Files\Uninstall\PAV\Uninstall.lnk
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-07 do 2012-10-07 )))))))))))))))))))))))))))))))
.
.
2012-10-07 18:48 . 2012-10-07 19:04 -------- d-----w- c:\program files\rajce
2012-10-07 18:34 . 2012-10-07 18:34 -------- d-----w- c:\documents and settings\Zuzana Cieslarová\Data aplikací\Zoner
2012-10-07 18:30 . 2012-10-07 18:30 -------- d-----w- c:\program files\Zoner
2012-10-07 18:02 . 2008-04-14 02:22 20992 ----a-w- c:\windows\system32\dshowext.ax
2012-10-07 08:51 . 2012-10-07 08:53 -------- d-----w- C:\Mp3-Martin
2012-10-07 08:47 . 2012-10-07 08:47 -------- d-----w- c:\documents and settings\Zuzana Cieslarová\Data aplikací\ESTSoft
2012-10-07 08:47 . 2012-10-07 08:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESTsoft
2012-10-07 08:44 . 2012-10-07 08:45 -------- d-----w- c:\program files\ESTsoft
2012-10-05 17:07 . 2012-10-05 17:13 -------- d-----w- C:\Acer
2012-10-03 11:53 . 2012-10-03 11:53 -------- d-----w- c:\documents and settings\Zuzana Cieslarová\Data aplikací\Samsung
2012-10-03 11:20 . 2006-05-03 20:53 174592 ----a-w- c:\windows\system32\framedyn.dll
2012-10-03 11:15 . 2012-10-03 11:15 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2012-10-03 11:15 . 2005-08-30 15:59 94000 ----a-w- c:\windows\system32\drivers\ss_mdm.sys
2012-10-03 11:15 . 2005-08-30 15:58 8304 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys
2012-10-03 11:15 . 2005-08-30 15:58 6144 ----a-w- c:\windows\system32\drivers\ss_cmnt.sys
2012-10-03 11:15 . 2005-08-30 15:58 6144 ----a-w- c:\windows\system32\drivers\ss_cm.sys
2012-10-03 11:15 . 2005-08-30 15:57 58320 ----a-w- c:\windows\system32\drivers\ss_bus.sys
2012-10-03 11:15 . 2005-08-30 15:57 5808 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
2012-10-03 11:15 . 2005-08-30 15:57 5808 ----a-w- c:\windows\system32\drivers\ss_wh.sys
2012-10-03 11:13 . 2006-07-24 14:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-10-03 11:12 . 2012-10-03 11:12 -------- d-----w- c:\program files\Samsung
2012-10-03 10:16 . 2012-10-03 10:16 -------- d-----w- c:\program files\Common Files\Skype
2012-10-03 09:14 . 2012-10-03 09:17 -------- d-----w- c:\documents and settings\Zuzana Cieslarová\Data aplikací\pdfforge
2012-10-03 09:14 . 2012-05-05 09:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-10-03 09:14 . 2012-05-05 09:54 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-10-03 09:13 . 2012-07-29 11:59 81920 ----a-w- c:\windows\system32\pdfcmon.dll
2012-10-03 09:13 . 2012-05-05 09:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-10-03 09:13 . 2012-10-03 09:15 -------- d-----w- c:\program files\PDFCreator
2012-10-03 08:49 . 2003-06-18 23:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2012-10-03 08:49 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2012-10-03 08:45 . 2012-10-03 08:47 -------- d-----w- c:\windows\SHELLNEW
2012-10-03 08:45 . 2012-10-03 08:45 -------- d-----w- c:\program files\Microsoft.NET
2012-10-03 08:41 . 2012-10-03 08:41 -------- d-----r- C:\MSOCache
2012-10-01 12:01 . 2012-10-07 08:24 -------- d-----w- C:\Stahovani-Martin
2012-09-30 20:36 . 2012-09-30 20:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2012-09-30 20:36 . 2012-09-30 20:36 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 20:36 . 2012-09-30 20:36 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-30 11:25 . 2012-09-30 11:25 -------- d-----w- c:\windows\system32\oodag
2012-09-30 10:36 . 2012-10-03 16:49 -------- d-----w- C:\Martin
2012-09-30 10:30 . 2012-09-30 10:30 -------- d-----w- c:\documents and settings\Zuzana Cieslarová\Local Settings\Data aplikací\O&O
2012-09-30 10:29 . 2012-09-30 10:29 -------- d-----w- c:\program files\OO Software
2012-09-30 10:23 . 2012-09-30 10:23 -------- d-----w- c:\program files\Lavalys
2012-09-30 10:21 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-30 10:19 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-30 10:19 . 2012-09-30 10:19 -------- d-----w- c:\program files\AVAST Software
2012-09-30 10:18 . 2012-09-30 10:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-09-30 10:13 . 2012-10-07 18:54 -------- d-----w- C:\Programy
2012-09-30 09:40 . 2012-09-30 09:45 -------- d-----w- C:\PerfLogs
2012-09-30 09:13 . 2012-09-30 09:15 476 ----a-w- C:\modifikaceDNScache.reg
2012-09-23 20:02 . 2012-09-23 20:02 -------- d-----w- c:\program files\CCleaner
2012-09-23 19:01 . 2012-09-23 19:01 17119 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-09-23 19:01 . 2012-09-23 19:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Intel
2012-09-23 19:00 . 2004-10-15 08:20 1654784 ----a-w- c:\windows\system32\W29MLRES.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 09:13 . 2009-02-22 00:49 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2009-02-22 00:49 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2009-02-22 00:49 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2009-02-22 00:49 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2009-02-22 00:49 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2009-02-22 00:49 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:13 . 2009-02-22 00:49 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2009-02-22 00:49 227648 ----a-w- c:\windows\system32\aswBoot.exe
2009-04-20 19:33 . 2009-04-20 19:32 16409960 ----a-w- c:\program files\spybotsd162.exe
2012-09-06 01:26 . 2012-09-30 20:12 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"wiwagent"="c:\program files\WATERS\Waters eLab Notebook 3.0\Waters Image Writer\wiwagent.exe" [2005-12-08 65536]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 09:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^Zuzana Cieslarová^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Zuzana Cieslarová\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-04-28 20:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-06-11 18:51 53248 ----a-w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 12:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2008-11-03 09:45 2540800 ----a-w- c:\windows\system32\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2004-10-08 13:43 688218 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-10-08 13:44 98394 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aspnet_state"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"ICQ Service"=2 (0x2)
"gusvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\WATERS\\Waters eLab Notebook 3.0\\eln.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\DC\\StrongDC.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/30/2012 12:21 PM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/22/2009 2:49 AM 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/22/2009 2:49 AM 21256]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [9/30/2012 10:36 PM 250288]
S3 DrvFltIp;DrvFltIp;\??\c:\documents and settings\Zuzana Cieslarová\Local Settings\TEMP\DrvFltIp --> c:\documents and settings\Zuzana Cieslarová\Local Settings\TEMP\DrvFltIp [?]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [5/25/2007 3:55 PM 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [9/30/2012 10:12 PM 114144]
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2/22/2009 2:46 PM 222456]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-30 20:36]
.
2012-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-10-07 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-30 09:12]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = proxy.vscht.cz:3128
uInternet Settings,ProxyOverride = *.vscht.cz
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Zuzana Cieslarová\Data aplikací\Mozilla\Firefox\Profiles\9k7eso6w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http://www.novinky.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-07 21:40
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\documents and settings\Zuzana Cieslarová\Local Settings\TEMP\ASFWHide"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\c:\documents and settings\Zuzana Cieslarová\Local Settings\TEMP\DrvFltIp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="EB1E285D6DE59256BB9090B3C33C4FFED5EE23D1BBD88AC4A2AE6B4D74B3D315803BAB63A7CAB7B35C995DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DA2D97226D213B555A9C6AECB7A5D14073A6F283F95582F30AD45EF87E934F4C1A751BE0E9991864266AE4C14297CF278C925190A643EE0EABCDB56E754F63DE33DE055D1C38E743A657B861559EC3DFA08D0146FBA09F251E4D87EA4C6C47ECCDF22D06A571BD67058E8E2219B9781918077ABD8FDA8B68ACD5DA3AC973A863AF9F4B8EA3B1E92D38CB2CF8E8952DF81FED15502968025D16740E34121E4427BB8E973B95CF7326B90499C08BEE697A5944C6B7D72E6D8F6E38AC3F8C3CA48F592C9CD12A8F5614F3ACE000F5D14116B97072E2E84A6105DB87A2ABB5FE3CFA03C8D7802955F71AD209B14760A8BD4D61FD7BD4D42FE2E7C207F62C9DD9AB288316487EB196CD6C69FBBD4666B72907C0AC5A267A32439DD97411C3326D0F34FB2307387B04BAA71D86DA4DAB0E31707F88D45DEA8BB5D22E218EADDAAD9B5A6C009195FDA9B2A952FA4C8A208EDDD35D0A075E6506268FC0691C504DBFD4057A4B6B7521B72B5B04B0AE8622893FE59BB2365892324CD354D700834AFF87F3FE8BAF512F959D3D31977959148C73858A56CAA2229872526C5A872CD24F903CC5D46D9A7024DAAA548FC3E7C26F66B2EC00AC061EF01A73EC165A688B326FE0614BE516BC3BF88DDCE5E38C2017E1E68803D05CD88FC3582D7022DED63954B02E3C02B0E52945F4B6393BDD79FB0FA292079BABF0B5AD188611270DB3A54E4ED699A1E11C52642CD81476B03495350A71B6887628EEA22FC7D59410442E0E98983CCBF4CB9C0EB5AEA5AC260CAA08EAD34657637B277F21D0DD3D16C0AB19E28548F0FE84D25B6FB23DEA9E0F4C6CB98EE817514963A32BE37AC396D232DEB34444E6BE62489264EF19C6AC69B66C35B9500D62063617247E5467436A5B0DC28FCA4181AE7955E05640F302A1997D17C35DBD25ABF90EBB347B6E1C7AC0AA114EE673FA6C0E6A76249E60D7848E3F9169EBF01915A607891CDC645F855FE8D9ECC9CEC89E10E6F413686F7EE0BC7E1D5670CE1EAE45917042F7345F143C61AFD8DFE1190FC91460E0285C823C5B6517F675756DF16FC6BC4656F6EB29C8E62FE6D7C805E49E8614C4A30BDFAE096B8E7BDE7A6BCA53C3B1CAE202F0B8C75A481E9B7F26A8302190E6E85F7B4C941A87AC93B7A2352FE726C0E1EDAA1418F477AC70785FE6BBDEAFE12387B5F6F05D734B18263065D9F1F2648B8A9706D65D0728CF5B83BC37077DB1DB0345D48231F295F21D12F0D6E74D1E8EEB7C3C8F1ED840542EF91546383753D0B6EE74BD17DFCFDAF9CBB2B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'Explorer.EXE'(308)
c:\program files\WinRAR\rarext.dll
c:\program files\WinRAR\rarlng.dll
c:\windows\system32\xpsp3res.dll
c:\windows\system32\xpsp1res.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Celkový čas: 2012-10-07 21:43:56
ComboFix-quarantined-files.txt 2012-10-07 19:43
.
Před spuštěním: Volných bajtů: 18,810,290,176
Po spuštění: Volných bajtů: 18,891,780,096
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E50658E13DBEC9D467D8C2AFFD3D84D3
2) HijackThis
-------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:02:47 PM, on 10/7/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17103)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\WATERS\Waters eLab Notebook 3.0\Waters Image Writer\wiwagent.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Zuzana Cieslarová\Plocha\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.vscht.cz:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.vscht.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [wiwagent] C:\Program Files\WATERS\Waters eLab Notebook 3.0\Waters Image Writer\wiwagent.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipamiti kategorií soueástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 6524 bytes
-------------
ComboFix 12-10-04.02 - Zuzana Cieslarová 10/07/2012 21:32:27.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.510.155 [GMT 2:00]
Spuštěný z: c:\programy\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Uninstall
c:\program files\Common Files\Uninstall\PAV\Uninstall.lnk
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-07 do 2012-10-07 )))))))))))))))))))))))))))))))
.
.
2012-10-07 18:48 . 2012-10-07 19:04 -------- d-----w- c:\program files\rajce
2012-10-07 18:34 . 2012-10-07 18:34 -------- d-----w- c:\documents and settings\Zuzana Cieslarová\Data aplikací\Zoner
2012-10-07 18:30 . 2012-10-07 18:30 -------- d-----w- c:\program files\Zoner
2012-10-07 18:02 . 2008-04-14 02:22 20992 ----a-w- c:\windows\system32\dshowext.ax
2012-10-07 08:51 . 2012-10-07 08:53 -------- d-----w- C:\Mp3-Martin
2012-10-07 08:47 . 2012-10-07 08:47 -------- d-----w- c:\documents and settings\Zuzana Cieslarová\Data aplikací\ESTSoft
2012-10-07 08:47 . 2012-10-07 08:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESTsoft
2012-10-07 08:44 . 2012-10-07 08:45 -------- d-----w- c:\program files\ESTsoft
2012-10-05 17:07 . 2012-10-05 17:13 -------- d-----w- C:\Acer
2012-10-03 11:53 . 2012-10-03 11:53 -------- d-----w- c:\documents and settings\Zuzana Cieslarová\Data aplikací\Samsung
2012-10-03 11:20 . 2006-05-03 20:53 174592 ----a-w- c:\windows\system32\framedyn.dll
2012-10-03 11:15 . 2012-10-03 11:15 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2012-10-03 11:15 . 2005-08-30 15:59 94000 ----a-w- c:\windows\system32\drivers\ss_mdm.sys
2012-10-03 11:15 . 2005-08-30 15:58 8304 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys
2012-10-03 11:15 . 2005-08-30 15:58 6144 ----a-w- c:\windows\system32\drivers\ss_cmnt.sys
2012-10-03 11:15 . 2005-08-30 15:58 6144 ----a-w- c:\windows\system32\drivers\ss_cm.sys
2012-10-03 11:15 . 2005-08-30 15:57 58320 ----a-w- c:\windows\system32\drivers\ss_bus.sys
2012-10-03 11:15 . 2005-08-30 15:57 5808 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
2012-10-03 11:15 . 2005-08-30 15:57 5808 ----a-w- c:\windows\system32\drivers\ss_wh.sys
2012-10-03 11:13 . 2006-07-24 14:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-10-03 11:12 . 2012-10-03 11:12 -------- d-----w- c:\program files\Samsung
2012-10-03 10:16 . 2012-10-03 10:16 -------- d-----w- c:\program files\Common Files\Skype
2012-10-03 09:14 . 2012-10-03 09:17 -------- d-----w- c:\documents and settings\Zuzana Cieslarová\Data aplikací\pdfforge
2012-10-03 09:14 . 2012-05-05 09:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-10-03 09:14 . 2012-05-05 09:54 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-10-03 09:13 . 2012-07-29 11:59 81920 ----a-w- c:\windows\system32\pdfcmon.dll
2012-10-03 09:13 . 2012-05-05 09:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-10-03 09:13 . 2012-10-03 09:15 -------- d-----w- c:\program files\PDFCreator
2012-10-03 08:49 . 2003-06-18 23:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2012-10-03 08:49 . 2003-06-18 23:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2012-10-03 08:45 . 2012-10-03 08:47 -------- d-----w- c:\windows\SHELLNEW
2012-10-03 08:45 . 2012-10-03 08:45 -------- d-----w- c:\program files\Microsoft.NET
2012-10-03 08:41 . 2012-10-03 08:41 -------- d-----r- C:\MSOCache
2012-10-01 12:01 . 2012-10-07 08:24 -------- d-----w- C:\Stahovani-Martin
2012-09-30 20:36 . 2012-09-30 20:36 -------- d-----w- c:\documents and settings\All Users\Data aplikací\McAfee
2012-09-30 20:36 . 2012-09-30 20:36 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 20:36 . 2012-09-30 20:36 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-30 11:25 . 2012-09-30 11:25 -------- d-----w- c:\windows\system32\oodag
2012-09-30 10:36 . 2012-10-03 16:49 -------- d-----w- C:\Martin
2012-09-30 10:30 . 2012-09-30 10:30 -------- d-----w- c:\documents and settings\Zuzana Cieslarová\Local Settings\Data aplikací\O&O
2012-09-30 10:29 . 2012-09-30 10:29 -------- d-----w- c:\program files\OO Software
2012-09-30 10:23 . 2012-09-30 10:23 -------- d-----w- c:\program files\Lavalys
2012-09-30 10:21 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-30 10:19 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-30 10:19 . 2012-09-30 10:19 -------- d-----w- c:\program files\AVAST Software
2012-09-30 10:18 . 2012-09-30 10:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-09-30 10:13 . 2012-10-07 18:54 -------- d-----w- C:\Programy
2012-09-30 09:40 . 2012-09-30 09:45 -------- d-----w- C:\PerfLogs
2012-09-30 09:13 . 2012-09-30 09:15 476 ----a-w- C:\modifikaceDNScache.reg
2012-09-23 20:02 . 2012-09-23 20:02 -------- d-----w- c:\program files\CCleaner
2012-09-23 19:01 . 2012-09-23 19:01 17119 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-09-23 19:01 . 2012-09-23 19:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Intel
2012-09-23 19:00 . 2004-10-15 08:20 1654784 ----a-w- c:\windows\system32\W29MLRES.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 09:13 . 2009-02-22 00:49 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2009-02-22 00:49 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2009-02-22 00:49 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2009-02-22 00:49 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2009-02-22 00:49 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2009-02-22 00:49 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:13 . 2009-02-22 00:49 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2009-02-22 00:49 227648 ----a-w- c:\windows\system32\aswBoot.exe
2009-04-20 19:33 . 2009-04-20 19:32 16409960 ----a-w- c:\program files\spybotsd162.exe
2012-09-06 01:26 . 2012-09-30 20:12 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"wiwagent"="c:\program files\WATERS\Waters eLab Notebook 3.0\Waters Image Writer\wiwagent.exe" [2005-12-08 65536]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 09:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^Zuzana Cieslarová^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Zuzana Cieslarová\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-04-28 20:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-06-11 18:51 53248 ----a-w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 12:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2008-11-03 09:45 2540800 ----a-w- c:\windows\system32\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2004-10-08 13:43 688218 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-10-08 13:44 98394 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aspnet_state"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"ICQ Service"=2 (0x2)
"gusvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\WATERS\\Waters eLab Notebook 3.0\\eln.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\DC\\StrongDC.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/30/2012 12:21 PM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/22/2009 2:49 AM 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/22/2009 2:49 AM 21256]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [9/30/2012 10:36 PM 250288]
S3 DrvFltIp;DrvFltIp;\??\c:\documents and settings\Zuzana Cieslarová\Local Settings\TEMP\DrvFltIp --> c:\documents and settings\Zuzana Cieslarová\Local Settings\TEMP\DrvFltIp [?]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [5/25/2007 3:55 PM 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [9/30/2012 10:12 PM 114144]
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2/22/2009 2:46 PM 222456]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-30 20:36]
.
2012-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-10-07 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-30 09:12]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyServer = proxy.vscht.cz:3128
uInternet Settings,ProxyOverride = *.vscht.cz
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Zuzana Cieslarová\Data aplikací\Mozilla\Firefox\Profiles\9k7eso6w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http://www.novinky.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-07 21:40
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\documents and settings\Zuzana Cieslarová\Local Settings\TEMP\ASFWHide"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\c:\documents and settings\Zuzana Cieslarová\Local Settings\TEMP\DrvFltIp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="EB1E285D6DE59256BB9090B3C33C4FFED5EE23D1BBD88AC4A2AE6B4D74B3D315803BAB63A7CAB7B35C995DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DA2D97226D213B555A9C6AECB7A5D14073A6F283F95582F30AD45EF87E934F4C1A751BE0E9991864266AE4C14297CF278C925190A643EE0EABCDB56E754F63DE33DE055D1C38E743A657B861559EC3DFA08D0146FBA09F251E4D87EA4C6C47ECCDF22D06A571BD67058E8E2219B9781918077ABD8FDA8B68ACD5DA3AC973A863AF9F4B8EA3B1E92D38CB2CF8E8952DF81FED15502968025D16740E34121E4427BB8E973B95CF7326B90499C08BEE697A5944C6B7D72E6D8F6E38AC3F8C3CA48F592C9CD12A8F5614F3ACE000F5D14116B97072E2E84A6105DB87A2ABB5FE3CFA03C8D7802955F71AD209B14760A8BD4D61FD7BD4D42FE2E7C207F62C9DD9AB288316487EB196CD6C69FBBD4666B72907C0AC5A267A32439DD97411C3326D0F34FB2307387B04BAA71D86DA4DAB0E31707F88D45DEA8BB5D22E218EADDAAD9B5A6C009195FDA9B2A952FA4C8A208EDDD35D0A075E6506268FC0691C504DBFD4057A4B6B7521B72B5B04B0AE8622893FE59BB2365892324CD354D700834AFF87F3FE8BAF512F959D3D31977959148C73858A56CAA2229872526C5A872CD24F903CC5D46D9A7024DAAA548FC3E7C26F66B2EC00AC061EF01A73EC165A688B326FE0614BE516BC3BF88DDCE5E38C2017E1E68803D05CD88FC3582D7022DED63954B02E3C02B0E52945F4B6393BDD79FB0FA292079BABF0B5AD188611270DB3A54E4ED699A1E11C52642CD81476B03495350A71B6887628EEA22FC7D59410442E0E98983CCBF4CB9C0EB5AEA5AC260CAA08EAD34657637B277F21D0DD3D16C0AB19E28548F0FE84D25B6FB23DEA9E0F4C6CB98EE817514963A32BE37AC396D232DEB34444E6BE62489264EF19C6AC69B66C35B9500D62063617247E5467436A5B0DC28FCA4181AE7955E05640F302A1997D17C35DBD25ABF90EBB347B6E1C7AC0AA114EE673FA6C0E6A76249E60D7848E3F9169EBF01915A607891CDC645F855FE8D9ECC9CEC89E10E6F413686F7EE0BC7E1D5670CE1EAE45917042F7345F143C61AFD8DFE1190FC91460E0285C823C5B6517F675756DF16FC6BC4656F6EB29C8E62FE6D7C805E49E8614C4A30BDFAE096B8E7BDE7A6BCA53C3B1CAE202F0B8C75A481E9B7F26A8302190E6E85F7B4C941A87AC93B7A2352FE726C0E1EDAA1418F477AC70785FE6BBDEAFE12387B5F6F05D734B18263065D9F1F2648B8A9706D65D0728CF5B83BC37077DB1DB0345D48231F295F21D12F0D6E74D1E8EEB7C3C8F1ED840542EF91546383753D0B6EE74BD17DFCFDAF9CBB2B"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
- - - - - - - > 'Explorer.EXE'(308)
c:\program files\WinRAR\rarext.dll
c:\program files\WinRAR\rarlng.dll
c:\windows\system32\xpsp3res.dll
c:\windows\system32\xpsp1res.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Celkový čas: 2012-10-07 21:43:56
ComboFix-quarantined-files.txt 2012-10-07 19:43
.
Před spuštěním: Volných bajtů: 18,810,290,176
Po spuštění: Volných bajtů: 18,891,780,096
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E50658E13DBEC9D467D8C2AFFD3D84D3
2) HijackThis
-------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:02:47 PM, on 10/7/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17103)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\WATERS\Waters eLab Notebook 3.0\Waters Image Writer\wiwagent.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Zuzana Cieslarová\Plocha\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.vscht.cz:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.vscht.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [wiwagent] C:\Program Files\WATERS\Waters eLab Notebook 3.0\Waters Image Writer\wiwagent.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipamiti kategorií soueástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 6524 bytes