tady je log z combofixu:ComboFix 09-03-23.01 - Honza 2009-03-25 20:14:44.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.2047.1382 [GMT 1:00]
Spuštěný z: c:\documents and settings\Honza\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Honza\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090324-0] *On-access scanning disabled* (Updated)
FW: Kerio Personal Firewall *disabled*
* Vytvořen nový Bod Obnovení
FILE ::
c:\windows\iun6002.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\iun6002.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-25 do 2009-03-25 )))))))))))))))))))))))))))))))
.
2009-03-24 22:50 . 2009-03-24 22:50 <DIR> d-------- c:\windows\LastGood
2009-03-24 22:50 . 2009-03-24 22:50 <DIR> d-------- c:\program files\Trials 2 Second Edition
2009-03-24 22:50 . 2009-03-24 22:50 <DIR> d-------- c:\program files\OpenAL
2009-03-24 22:50 . 2009-03-24 22:50 413,696 --a------ c:\windows\system32\wrap_oal.dll
2009-03-24 22:50 . 2009-03-24 22:50 110,592 --a------ c:\windows\system32\OpenAL32.dll
2009-03-24 22:09 . 2009-03-24 22:09 <DIR> d-------- c:\windows\system32\Adobe
2009-03-23 19:53 . 2009-03-23 19:53 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\InterAction studios
2009-03-23 19:52 . 2009-03-23 19:52 <DIR> d-------- c:\program files\ReflexiveArcade
2009-03-23 19:52 . 2009-03-23 19:52 <DIR> d-------- c:\program files\Chicken Invaders 3
2009-03-19 10:47 . 2009-03-19 10:47 <DIR> d-------- C:\DriveKey
2009-03-19 10:20 . 2009-03-19 10:21 <DIR> d-------- c:\program files\ProductViewExpress
2009-03-18 18:13 . 2009-03-18 19:51 <DIR> d-------- c:\program files\AutoCAD 2008
2009-03-18 16:56 . 2009-03-18 16:59 <DIR> d-------- c:\program files\ReadManiac
2009-03-08 19:02 . 2009-03-08 19:12 <DIR> d-------- c:\documents and settings\Honza\Data aplikací\ICQ
2009-03-08 19:01 . 2009-03-08 19:12 <DIR> d-------- c:\program files\ICQ6.5
2009-03-06 21:08 . 2009-03-06 21:08 <DIR> d-------- c:\documents and settings\Honza\Data aplikací\Desktopicon
2009-03-06 21:07 . 2009-03-06 21:07 <DIR> d-------- c:\program files\DsNET Corp
2009-03-06 21:07 . 2004-03-08 23:00 124,688 --a------ c:\windows\system32\MSWINSCK.OCX
2009-03-06 20:21 . 2009-03-06 20:22 <DIR> d-------- c:\program files\Any Video Converter Professional
2009-03-06 20:21 . 2009-03-06 20:22 <DIR> d-------- c:\documents and settings\Honza\Data aplikací\Any Video Converter Professional
2009-03-06 12:57 . 2009-03-06 12:57 <DIR> d-------- c:\program files\Any Audio Converter
2009-02-27 19:38 . 2009-02-27 19:38 <DIR> d-------- c:\documents and settings\Honza\Data aplikací\MyPhoneExplorer
2009-02-27 19:37 . 2009-02-27 19:38 <DIR> d-------- c:\program files\MyPhoneExplorer
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 18:52 --------- d-----w c:\program files\Chicken Invaders 3
2009-03-23 07:48 --------- d-----w c:\documents and settings\Honza\Data aplikací\skypePM
2009-03-23 07:48 --------- d-----w c:\documents and settings\Honza\Data aplikací\Skype
2009-03-22 22:03 --------- d-----w c:\documents and settings\Honza\Data aplikací\Autodesk
2009-03-22 22:03 --------- d-----w c:\documents and settings\All Users\Data aplikací\Autodesk
2009-03-19 09:47 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-18 18:51 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-03-06 19:08 --------- d-----w c:\documents and settings\All Users\Data aplikací\SmartSound Software Inc
2009-03-06 19:04 --------- d-----w c:\program files\Any Video Converter
2009-03-06 19:04 --------- d-----w c:\documents and settings\Honza\Data aplikací\Any Video Converter
2009-03-05 10:00 --------- d-----w c:\program files\Sony Ericsson
2009-03-02 18:00 --------- d-----w c:\program files\Hugin
2009-02-26 17:16 330 ----a-w c:\windows\system32\drivers\fwdrv.err
2009-02-24 15:15 --------- d-----w c:\program files\Daydream Software
2009-02-23 10:53 --------- d-----w c:\program files\Capcom
2009-02-23 10:45 --------- d-----w c:\documents and settings\Honza\Data aplikací\Capcom
2009-02-23 10:37 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-20 11:18 --------- d-----w c:\documents and settings\Honza\Data aplikací\dvdcss
2009-02-19 19:02 --------- d-----w c:\program files\Mafia
2009-02-17 11:42 --------- d-----w c:\program files\Rockstar Games
2009-02-17 11:23 --------- d-----w c:\program files\THQ
2009-02-13 07:35 --------- d-----w c:\program files\QIP
2009-02-08 16:00 --------- d-----w c:\program files\Avast4
2009-02-07 10:12 --------- d-----w c:\program files\KC Softwares
2009-02-07 09:59 --------- d-----w c:\program files\GSpot
2009-02-07 09:42 --------- d-----w c:\program files\AVIcodec
2009-02-07 09:38 --------- d-----w c:\program files\Gabest
2009-02-07 09:36 --------- d-----w c:\program files\AviSynth 2.5
2009-02-07 09:36 --------- d-----w c:\documents and settings\Honza\Data aplikací\DivX
2009-02-06 22:02 --------- d-----w c:\program files\Common Files\ATI Technologies
2009-02-06 21:40 --------- d-----w c:\program files\JockerSoft
2009-02-06 21:32 --------- d-----w c:\program files\DivX
2009-02-06 21:00 --------- d-----w c:\documents and settings\Honza\Data aplikací\GRETECH
2009-02-06 20:59 --------- d-----w c:\program files\GRETECH
2009-02-05 18:56 --------- d-----w c:\program files\DVDVideoSoft
2009-02-05 18:56 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-02-04 13:02 --------- d-----w c:\program files\VLCPortable
2009-02-04 13:02 --------- d-----w c:\documents and settings\Honza\Data aplikací\vlc
2009-02-04 10:20 --------- d-----w c:\program files\Simpli Software
2009-02-02 14:32 --------- d-----w c:\program files\IrfanView
2009-02-02 08:21 --------- d-----w c:\program files\Electronic Arts
2009-02-01 16:22 --------- d-----w c:\program files\Webteh
2009-02-01 11:07 --------- d-----w c:\program files\HfAsistent
2009-02-01 11:07 --------- d-----w c:\program files\Google
2009-01-30 18:10 --------- d-----w c:\program files\Common Files\Adobe
2009-01-30 17:47 --------- d-----w c:\documents and settings\Honza\Data aplikací\Happy Foto
2009-01-30 17:46 --------- d-----w c:\program files\CCleaner
2009-01-30 17:41 --------- d-----w c:\program files\Unlocker
2009-01-30 17:07 --------- d-----w c:\documents and settings\All Users\Data aplikací\Pinnacle
2009-01-30 16:29 --------- d-----w c:\program files\SmartSound Software
2009-01-30 16:27 --------- d-----w c:\program files\Pinnacle
.
((((((((((((((((((((((((((((( SnapShot@2009-03-25_13.45.10,73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-18 15:52:14 292,878 ----a-r c:\windows\Installer\{53480330-E1D1-41CA-B8F8-7F78644F7F50}\ARPPRODUCTICON.exe
+ 2009-03-25 14:02:28 292,878 ----a-r c:\windows\Installer\{53480330-E1D1-41CA-B8F8-7F78644F7F50}\ARPPRODUCTICON.exe
- 2008-09-18 15:52:14 292,878 ----a-r c:\windows\Installer\{53480330-E1D1-41CA-B8F8-7F78644F7F50}\oodcnt_ds.53480420_ED54_41F1_B802_5A3B83DAF067.exe
+ 2009-03-25 14:02:28 292,878 ----a-r c:\windows\Installer\{53480330-E1D1-41CA-B8F8-7F78644F7F50}\oodcnt_ds.53480420_ED54_41F1_B802_5A3B83DAF067.exe
- 2008-09-18 15:52:14 292,878 ----a-r c:\windows\Installer\{53480330-E1D1-41CA-B8F8-7F78644F7F50}\oodcnt_exe.53480420_ED54_41F1_B802_5A3B83DAF067.exe
+ 2009-03-25 14:02:28 292,878 ----a-r c:\windows\Installer\{53480330-E1D1-41CA-B8F8-7F78644F7F50}\oodcnt_exe.53480420_ED54_41F1_B802_5A3B83DAF067.exe
+ 2009-03-25 14:54:10 38,240 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2007-05-10 21:19:26 38,160 ------w c:\windows\system32\drivers\oobctm.sys
+ 2007-05-10 22:19:26 38,160 ----a-w c:\windows\system32\drivers\oobctm.sys
- 2007-05-11 00:09:48 1,050,120 ------w c:\windows\system32\oodag.exe
+ 2007-05-11 01:09:48 1,050,120 ----a-w c:\windows\system32\oodag.exe
- 2007-05-11 00:06:22 15,880 ------w c:\windows\system32\oodagmg.dll
+ 2007-05-11 01:06:22 15,880 ----a-w c:\windows\system32\oodagmg.dll
- 2007-05-11 00:06:22 15,880 ------w c:\windows\system32\oodagrs.dll
+ 2007-05-11 01:06:22 15,880 ----a-w c:\windows\system32\oodagrs.dll
- 2007-05-11 00:08:24 194,056 ------w c:\windows\system32\oodbs.exe
+ 2007-05-11 01:08:24 194,056 ----a-w c:\windows\system32\oodbs.exe
- 2007-05-11 00:06:24 10,248 ------w c:\windows\system32\oodbsrs.dll
+ 2007-05-11 01:06:24 10,248 ----a-w c:\windows\system32\oodbsrs.dll
- 2007-05-11 00:08:54 2,512,392 ------w c:\windows\system32\oodtray.exe
+ 2007-05-11 01:08:54 2,512,392 ----a-w c:\windows\system32\oodtray.exe
- 2007-05-10 21:18:24 15,368 ------w c:\windows\system32\ootmapi.dll
+ 2007-05-10 22:18:24 15,368 ----a-w c:\windows\system32\ootmapi.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-02-12 3276288]
"BitComet"="c:\program files\BitLord\BitLord.exe" [2005-05-07 2224128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-09-26 872448]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-08-14 352256]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NSSInstallation"="c:\windows\system32\Adobe\Shockwave 11\nssstub.exe" [2009-03-24 181624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]
c:\documents and settings\Honza\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BitLord.lnk - c:\program files\BitLord\BitLord.exe [2005-05-07 2224128]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Last.fm.lnk - c:\program files\Last.fm\LastFM.exe [2008-12-01 1138688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"msacm.l3acm"= :c:\windows\system32\l3codeca.acm
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \
0[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
--a------ 2005-05-07 01:47 2224128 c:\program files\BitLord\BitLord.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\Capcom\\MotoGP 08\\Launcher.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-09-08 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2005-09-26 286720]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2005-09-26 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-09-08 20560]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-08-01 143467]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S3 eRootDrv;eRootDrv;c:\windows\system32\drivers\eRootDrv.sys [2008-11-17 7168]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\drivers\s125bus.sys [2008-10-30 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2008-10-30 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2008-10-30 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2008-10-30 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\drivers\s125obex.sys [2008-10-30 98696]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - O&O_DEFRAG
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f1212d8-cabe-11dd-bff5-0011679c9c5b}]
\Shell\AutoRun\command - E:\WDSetup.exe
.
Obsah adresáře 'Naplánované úlohy'
2009-03-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2009-03-25 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-03-24 22:10]
.
.
------- Doplňkový sken -------
.
uStart Page =
hxxp://www.daemon-search.com/startpageuInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
FF - ProfilePath - c:\documents and settings\Honza\Data aplikací\Mozilla\Firefox\Profiles\wbxhxwgx.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage -
hxxp://www.seznam.cz/---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-25 20:19:00
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,55,29,3b,75,81,
a4,12,6e,c8,28,51,af,b0,29,a3,98,d5,5d,ba,af,b5,3a,47,f0,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,a3,b5,90,ed,ff,
5d,ec,09,71,3b,04,66,8b,46,0d,96,1c,56,97,38,6f,10,70,30,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,f7,b9,a9,48,c1,
67,93,3d,25,da,ec,7e,55,20,c9,26,d3,0b,31,93,cd,cb,44,58,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,32,dc,16,44,86,
f5,5a,b0,3e,1e,9e,e0,57,5a,93,61,f7,0e,11,6a,c8,c6,cf,ee,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,0d,89,18,c3,bd,
25,69,53,cd,44,cd,b9,a6,33,6c,cd,49,d1,bd,eb,29,be,ea,4a,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,54,1e,8d,1c,3e,
34,69,9a,b0,18,ed,a7,3f,8d,37,a4,7a,20,20,a0,dc,d3,85,40,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,52,e0,24,77,65,
12,a4,17,31,77,e1,ba,b1,f8,68,02,35,e1,92,77,40,2e,07,e7,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,0c,cc,e2,0b,6c,
a9,11,be,83,6c,56,8b,a0,85,96,ab,ce,f6,90,f6,08,30,04,30,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,15,dd,ad,5d,d9,
a3,db,a5,51,fa,6e,91,28,9e,14,cc,ec,ff,a8,b9,7f,e1,7b,a3,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,e8,40,4b,e3,7e,
03,82,a3,b1,cd,45,5a,a8,c4,f8,b9,f8,38,ea,3d,d5,da,a9,64,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,d1,30,d8,2a,87,
36,be,21,e3,0e,66,d5,eb,bc,2f,6b,2f,94,c7,03,a1,0b,38,88,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,56,9b,69,02,b6,
49,f0,39,fa,ea,66,7f,d4,3b,6b,70,11,7c,60,5a,1b,08,03,6c,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="763DBE0C76A9C20BB796AB874DAD1334E2403E552D1580BB213A1C1E59F9AA040BFC0EEFE93B6B8C6BB9C275B94707FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98088EDD5E5BE2F6E667A2D97226D213B5554876914E22B39BF3C6E02EB171E021B82EF996F4F0695A4F6048B082F191DD619E47C7B4D5F9711D6FB3428FBF914CDE9A8EFA60D741F531B58A94991F032595BCB0F189CE2EBC22BB6AADE2CD27CD6E8BCDAA0A30D52D519A3E3540CC6B20EAC75B2F155E810C82CDC64C2BB57A40B33CADE54DFA41CD68822F54D005CBEAA88C09E14E3778EA34681B44A1F1B5C3EF8736B1409EF32825833A775FB778A889F70CAF646FEFEC1D75D1FB2FE5D57C597084D4A964B1902AD5D1E62D351A7D3C9E4B82B88492A91AFD659DF3D32F11171BCA5B057891DF0C597D2FB4B42D9464B6420A5F55633BFB3467994164E82E47CE4F17026D0072D58E56A221D1049B199B80372324B8BF856BF9231D24FC827BFA681B04B83EA9859C0BD6538841C2654BA9BF8199BA5AEE99D830C383B942B62F063FA2B2DDE98CCC5D2361BDDE4147E8741F2C4069B165DDCCFBA1D6C3A5F42029A0A91A461B518B24A691B52A4F33BB2B1286081570087638865CD610E620A7E49D9810362BAD6D4942E19CC1AB0FAEAE1C2E4463C46AC60F13C61FE9469BC1E4DD22183A097027CB1A82FE9C173650F1026CAB4FE115D6D9286E316F873B906545AE1EB82B5B123D96D651835878D37CCEC5DBA4FE84D334118F7195F2C7D63882D96E6709232DC3E67AE81238188FE8506E510855280DCDDC1E27A0D200FE4185F1BA539FF3191BFB3600B985CC80E5194F706CA4E4F66C5F40FEAD781317FB817B185B6FE99C8F890DB53E10BF42390008821DAE91A7672FD08AA9B5A64DF3EFAE00347D97A1040A328B3AAE1299371D68AFB73B7ADBABA75DBCD7E354774B0DF550E4D204B6EEB91068983BD66ECCD0F58A2E93DFF339E72AEECE5EA81037577149C97B288B5B1A40171B12924AF73BEB84450876742352ABDD7A8324B2009374911208F277667196C4D696C25B4EC3B5F4186A6583930F8DA718B8BC9F844B06B1C20D4475C2479406332ED6F5F415F598931148EEC5882FD3BBE35BBDB448E19831A3F421376874CE6FC0AE11299B810EF9D5B0A48AEEA0C84BF1DB14969C78958CE74EBE9D67A27A993DA4C6380AE258E099213A46342BD382D19150439BEB5E51FA8CB164993FC8189502D40557D6DF31BD92E5EF9047256EF73FC368DE948E550263860D171FD9233F862189BDCFEEAAA8F00616FEA45074DA9E624640FE2140A47869AE3DCAB54833E4B0CEBAF2B5DCC51B98D63E25CEC8F6DC45B360E8F80C9066AC732EFDC6E7EFC32F"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-03-25 20:21:33
ComboFix-quarantined-files.txt 2009-03-25 19:21:29
ComboFix2.txt 2009-03-25 12:46:47
Před spuštěním: Volných bajtů: 12 619 964 416
Po spuštění: Volných bajtů: 12,634,992,640
297 --- E O F --- 2008-09-17 19:45:06
a tady je log z HJT:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:03, on 25.3.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Léčba viru\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.daemon-search.com/startpageR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BitLord.lnk = C:\Program Files\BitLord\BitLord.exe
O4 - Global Startup: Last.fm.lnk = C:\Program Files\Last.fm\LastFM.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 7323 bytes
Nevim co s tim, prosim o pomoc. diky