uz to mam,asi.
ComboFix 08-02-22.2 - Aďka 2008-02-22 15:04:45.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.77 [GMT 1:00]
Running from: C:\Documents and Settings\Aďka\Plocha\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 28674 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\chenzi.exe
C:\WINDOWS\msettings.ini
C:\WINDOWS\system32\2_exception.nls
C:\WINDOWS\system32\alt.exe.exe
C:\WINDOWS\system32\bdscheca001.dll
C:\WINDOWS\system32\cmss.exe
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\drivers\protect.sys
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\drivers\secdrv.sys
C:\WINDOWS\system32\ipv6monl.dll
C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\pee.exe.exe
C:\WINDOWS\system32\PIk1Cl4i.dll
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\rpcc.dll
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\vtroll.dll
C:\WINDOWS\system32\w32sys4.exe
C:\WINDOWS\system32\w32sys5.exe
C:\WINDOWS\system32\WinAvX.exe
C:\WINDOWS\system32\wincom32.ini
C:\WINDOWS\system32\wincom32.sys
C:\WINDOWS\system32\windev-369f-62ec.sys
C:\WINDOWS\system32\windev-peers.ini
C:\WINDOWS\system32\winservcs32.dll
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\WebAssist.dll
----- BITS: Possible infected sites -----
hxxp://66.29.77.196
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_FCI
-------\LEGACY_PROTECT
-------\LEGACY_SYSLIBRARY
-------\FCI
-------\protect
-------\SysLibrary
((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))))
.
2008-01-29 09:57 . 2008-01-29 09:59 <DIR> d-------- C:\Program Files\Eurotran XP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 17:29 --------- d-----w C:\Program Files\Java
2008-01-17 17:26 --------- d-----w C:\Program Files\Common Files\Java
2007-07-24 15:06 19,968 --sha-r C:\WINDOWS\system32\crvdll.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe" [2004-05-06 16:01 516096]
"SiSPower"="SiSPower.dll" [2004-11-12 10:49 49152 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2004-08-17 14:49 389632 C:\WINDOWS\system32\cmd.exe]
"nlhr"="C:\WINDOWS\System32\AdvPack.Dll" [2004-08-17 14:49 100352]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-17 14:42 44544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2004-04-28 17:47]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2004-04-28 17:48]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2004-04-29 06:51]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 22:08]
S2 cb57837832;Mi841022t Windows Browser Servce;C:\WINDOWS\System32\svchost.exe [2008-02-21 18:10]
S2 sb77730532;Wi658060Shell Control Servic;C:\WINDOWS\System32\svchost.exe [2008-02-21 18:10]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 22:08]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
cb57837832
sb77730532
.
Contents of the 'Scheduled Tasks' folder
"2008-02-09 23:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 08:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2007-10-06 01:00:30 C:\WINDOWS\Tasks\At100.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-01-26 03:01:28 C:\WINDOWS\Tasks\At101.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2007-08-07 19:39:33 C:\WINDOWS\Tasks\At102.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2007-08-07 19:39:33 C:\WINDOWS\Tasks\At103.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2007-08-07 19:39:33 C:\WINDOWS\Tasks\At104.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-01-09 07:01:11 C:\WINDOWS\Tasks\At105.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 08:01:17 C:\WINDOWS\Tasks\At106.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 09:01:23 C:\WINDOWS\Tasks\At107.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 10:00:30 C:\WINDOWS\Tasks\At108.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 11:00:30 C:\WINDOWS\Tasks\At109.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 09:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-22 12:00:30 C:\WINDOWS\Tasks\At110.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 13:00:30 C:\WINDOWS\Tasks\At111.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 14:00:30 C:\WINDOWS\Tasks\At112.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 15:00:30 C:\WINDOWS\Tasks\At113.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 16:00:30 C:\WINDOWS\Tasks\At114.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 17:00:30 C:\WINDOWS\Tasks\At115.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 18:00:30 C:\WINDOWS\Tasks\At116.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 19:00:30 C:\WINDOWS\Tasks\At117.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 20:00:30 C:\WINDOWS\Tasks\At118.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-21 21:00:30 C:\WINDOWS\Tasks\At119.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-22 10:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-20 22:00:30 C:\WINDOWS\Tasks\At120.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-09 23:01:00 C:\WINDOWS\Tasks\At121.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-05 00:01:06 C:\WINDOWS\Tasks\At122.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-05 01:01:10 C:\WINDOWS\Tasks\At123.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2007-10-06 01:01:00 C:\WINDOWS\Tasks\At124.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-01-26 03:01:58 C:\WINDOWS\Tasks\At125.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2007-09-03 07:48:08 C:\WINDOWS\Tasks\At126.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2007-09-03 07:48:08 C:\WINDOWS\Tasks\At127.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2007-09-03 07:48:08 C:\WINDOWS\Tasks\At128.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-01-09 07:01:41 C:\WINDOWS\Tasks\At129.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 11:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 08:01:47 C:\WINDOWS\Tasks\At130.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 09:01:53 C:\WINDOWS\Tasks\At131.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 10:01:00 C:\WINDOWS\Tasks\At132.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 11:01:00 C:\WINDOWS\Tasks\At133.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 12:01:00 C:\WINDOWS\Tasks\At134.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 13:01:01 C:\WINDOWS\Tasks\At135.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 14:01:00 C:\WINDOWS\Tasks\At136.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 15:01:01 C:\WINDOWS\Tasks\At137.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 16:01:00 C:\WINDOWS\Tasks\At138.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 17:01:00 C:\WINDOWS\Tasks\At139.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 12:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 18:01:00 C:\WINDOWS\Tasks\At140.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 19:01:00 C:\WINDOWS\Tasks\At141.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 20:01:00 C:\WINDOWS\Tasks\At142.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 21:01:00 C:\WINDOWS\Tasks\At143.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-21 07:02:56 C:\WINDOWS\Tasks\At144.job"
- C:\WINDOWS\system32\Wv22YBn3.exe
"2008-02-22 13:00:01 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-22 14:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 15:00:01 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 16:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 17:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-05 00:00:01 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 18:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 19:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 20:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 21:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-20 22:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-09 23:00:30 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-05 00:00:36 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-05 01:00:40 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2007-10-06 01:00:30 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-01-26 03:00:30 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-05 01:00:07 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2007-07-24 11:56:50 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2007-07-24 11:56:50 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2007-07-24 11:56:50 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-01-09 07:00:30 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 08:00:31 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-22 09:00:31 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-22 10:00:30 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-22 11:00:30 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-22 12:00:30 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-22 13:00:31 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2007-10-06 01:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-22 14:00:31 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 15:00:31 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 16:00:31 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 17:00:31 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 18:00:31 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 19:00:31 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 20:00:30 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-21 21:00:30 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-20 22:00:30 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\system32\Y866f04y.exe
"2008-02-09 23:00:30 C:\WINDOWS\Tasks\At49.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-01-26 03:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-05 00:00:36 C:\WINDOWS\Tasks\At50.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-05 01:00:43 C:\WINDOWS\Tasks\At51.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2007-10-06 01:00:30 C:\WINDOWS\Tasks\At52.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-01-26 03:00:30 C:\WINDOWS\Tasks\At53.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2007-08-01 09:55:40 C:\WINDOWS\Tasks\At54.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2007-08-01 09:55:40 C:\WINDOWS\Tasks\At55.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2007-08-01 09:55:40 C:\WINDOWS\Tasks\At56.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-01-09 07:00:30 C:\WINDOWS\Tasks\At57.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 08:00:31 C:\WINDOWS\Tasks\At58.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-22 09:00:32 C:\WINDOWS\Tasks\At59.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2007-07-04 15:06:46 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-22 10:00:30 C:\WINDOWS\Tasks\At60.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-22 11:00:30 C:\WINDOWS\Tasks\At61.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-22 12:00:30 C:\WINDOWS\Tasks\At62.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-22 13:00:31 C:\WINDOWS\Tasks\At63.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-22 14:00:33 C:\WINDOWS\Tasks\At64.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 15:00:32 C:\WINDOWS\Tasks\At65.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 16:00:31 C:\WINDOWS\Tasks\At66.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 17:00:32 C:\WINDOWS\Tasks\At67.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 18:00:31 C:\WINDOWS\Tasks\At68.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 19:00:31 C:\WINDOWS\Tasks\At69.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2007-07-04 15:06:46 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 20:00:30 C:\WINDOWS\Tasks\At70.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-21 21:00:30 C:\WINDOWS\Tasks\At71.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-20 22:00:31 C:\WINDOWS\Tasks\At72.job"
- C:\WINDOWS\system32\b33r06hF.exe
"2008-02-09 23:00:31 C:\WINDOWS\Tasks\At73.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-05 00:00:36 C:\WINDOWS\Tasks\At74.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-05 01:00:48 C:\WINDOWS\Tasks\At75.job"
- C:\WINDOWS\system32\521a54HY.exe
"2007-10-06 01:00:30 C:\WINDOWS\Tasks\At76.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-01-26 03:00:30 C:\WINDOWS\Tasks\At77.job"
- C:\WINDOWS\system32\521a54HY.exe
"2007-08-02 18:32:58 C:\WINDOWS\Tasks\At78.job"
- C:\WINDOWS\system32\521a54HY.exe
"2007-08-02 18:32:58 C:\WINDOWS\Tasks\At79.job"
- C:\WINDOWS\system32\521a54HY.exe
"2007-07-04 15:06:46 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2007-08-02 18:32:58 C:\WINDOWS\Tasks\At80.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-01-09 07:00:30 C:\WINDOWS\Tasks\At81.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 08:00:31 C:\WINDOWS\Tasks\At82.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-22 09:00:33 C:\WINDOWS\Tasks\At83.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-22 10:00:31 C:\WINDOWS\Tasks\At84.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-22 11:00:31 C:\WINDOWS\Tasks\At85.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-22 12:00:31 C:\WINDOWS\Tasks\At86.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-22 13:00:31 C:\WINDOWS\Tasks\At87.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-22 14:00:33 C:\WINDOWS\Tasks\At88.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 15:00:32 C:\WINDOWS\Tasks\At89.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-01-09 07:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\6Ff04X5y.exe
"2008-02-21 16:00:31 C:\WINDOWS\Tasks\At90.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 17:00:32 C:\WINDOWS\Tasks\At91.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 18:00:31 C:\WINDOWS\Tasks\At92.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 19:00:31 C:\WINDOWS\Tasks\At93.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 20:00:30 C:\WINDOWS\Tasks\At94.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-21 21:00:30 C:\WINDOWS\Tasks\At95.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-20 22:00:31 C:\WINDOWS\Tasks\At96.job"
- C:\WINDOWS\system32\521a54HY.exe
"2008-02-09 23:00:31 C:\WINDOWS\Tasks\At97.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-05 00:00:36 C:\WINDOWS\Tasks\At98.job"
- C:\WINDOWS\system32\o13oIC41.exe
"2008-02-05 01:00:50 C:\WINDOWS\Tasks\At99.job"
- C:\WINDOWS\system32\o13oIC41.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-02-22 15:11:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-22 15:14:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-22 14:14:15
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:05, on 22.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.centrum.sk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\DrayTek\Vigor318 ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Lexie 2006 - {9EE61AF4-AC5B-42dd-9EBF-9DC30124C338} - C:\Program Files\Microton 2006\Lexie\lexie.dll (file missing)
O9 - Extra 'Tools' menuitem: Lexie 2006 - {9EE61AF4-AC5B-42dd-9EBF-9DC30124C338} - C:\Program Files\Microton 2006\Lexie\lexie.dll (file missing)
O16 - DPF: {CE40C3F1-3DF5-4461-A521-810923235628} (JOJ_Explorer_Player Control) -
http://www.joj.sk/fileadmin/joj_player/ ... Player.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D18A2D37-1EDA-416F-A6A5-6238C798C7F5}: NameServer = 195.146.132.58 195.146.128.60
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 4048 bytes