agas7
2008-03-03, 10:19
Hi, I have been having trouble with my computer over past two months. My email was blocked by some servers, based on the listing in some blacklists (see, e. g., http://cbl.abuseat.org/lookup.cgi?ip=80.188.41.127 or http://www.blacklistalert.org/?q=80.188.41.127).
I did a scan with SpyBot and MWAV and nothing serious came up. Then I did use the KAV and some old viruses were detected. I did delete the "C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst" file, where all the viruses ware present, but I ma not sure, if it is enough.
I am sending the KAV log (I have deleted all the "Object is locked" objects) and the HJT log, asking for your assistance.
Thanks.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, March 03, 2008 7:24:47 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/03/2008
Kaspersky Anti-Virus database records: 593805
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 375552
Number of viruses found: 8
Number of infected objects: 13
Number of suspicious objects: 2
Duration of the scan process: 04:05:55
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Odstraněná pošta/19 Oct 2006 12:20 from sec@logoluso.com:Mail server report./Update-KB5473-x86.zip/Update-KB5473-x86.exe Infected: Email-Worm.Win32.Warezov.do skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Odstraněná pošta/19 Oct 2006 12:20 from sec@logoluso.com:Mail server report./Update-KB5473-x86.zip Infected: Email-Worm.Win32.Warezov.do skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Odstraněná pošta/19 Oct 2006 12:26 from brent:Status/test.msg.cmd Infected: Email-Worm.Win32.Warezov.do skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Doručená pošta/Odpovědět/05 Aug 2004 08:27 from MAILER-DAEMON@email.seznam.cz:failure not.eml/[From agas@seznam.cz][Date Thu, 5 Aug 2004 10:26:40 +0200]/UNNAMED/shower.rtf.pif Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Doručená pošta/Odpovědět/05 Aug 2004 08:27 from MAILER-DAEMON@email.seznam.cz:failure not.eml/[From agas@seznam.cz][Date Thu, 5 Aug 2004 10:26:40 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Doručená pošta/Odpovědět/05 Aug 2004 08:27 from MAILER-DAEMON@email.seznam.cz:failure not.eml Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Archív/+ Pastorace/22 Sep 2003 17:01 from Petr Breindl (pldieceze@pandora.cz):Annou.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Archív/+ Počítače/19 Sep 2003 16:42 from Microsoft:Current Net Security Update/q719383.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Archív/+ Počítače/16 Mar 2004 22:05 from MAILER-DAEMON@email.seznam.cz:failure not.eml/[From agas@seznam.cz][Date Tue, 16 Mar 2004 23:04:15 +0100]/UNNAMED/document_4351.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Archív/+ Počítače/16 Mar 2004 22:05 from MAILER-DAEMON@email.seznam.cz:failure not.eml/[From agas@seznam.cz][Date Tue, 16 Mar 2004 23:04:15 +0100]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Archív/+ Počítače/16 Mar 2004 22:05 from MAILER-DAEMON@email.seznam.cz:failure not.eml Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Archív/+ KKK/28 Apr 2004 15:38 from Pavel Hofírek (pastorace@pandora.cz):Re: /Message.com Infected: Email-Worm.Win32.Bagle.z skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Nevyžádaná pošta/07 May 2004 12:47 from Adenov:Re: Msg reply.html Suspicious: Email-Worm.Win32.Bagle.mail skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Nevyžádaná pošta/07 May 2004 12:47 from Adenov:Re: Msg reply/Details.zip Infected: Email-Worm.Win32.Bagle.gen skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst Mail MS Mail: infected - 12, suspicious - 2 skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:54, on 3.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\GENIUS~1\STouch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\CAPM2RSK.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PC1\Plocha\Zabezpečení\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.farnostcheb.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Místní vyhledávání.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Smart Touch -- Genius Scanner.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177176760390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 9944 bytes
I did a scan with SpyBot and MWAV and nothing serious came up. Then I did use the KAV and some old viruses were detected. I did delete the "C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst" file, where all the viruses ware present, but I ma not sure, if it is enough.
I am sending the KAV log (I have deleted all the "Object is locked" objects) and the HJT log, asking for your assistance.
Thanks.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, March 03, 2008 7:24:47 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/03/2008
Kaspersky Anti-Virus database records: 593805
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 375552
Number of viruses found: 8
Number of infected objects: 13
Number of suspicious objects: 2
Duration of the scan process: 04:05:55
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Odstraněná pošta/19 Oct 2006 12:20 from sec@logoluso.com:Mail server report./Update-KB5473-x86.zip/Update-KB5473-x86.exe Infected: Email-Worm.Win32.Warezov.do skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Odstraněná pošta/19 Oct 2006 12:20 from sec@logoluso.com:Mail server report./Update-KB5473-x86.zip Infected: Email-Worm.Win32.Warezov.do skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Odstraněná pošta/19 Oct 2006 12:26 from brent:Status/test.msg.cmd Infected: Email-Worm.Win32.Warezov.do skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Doručená pošta/Odpovědět/05 Aug 2004 08:27 from MAILER-DAEMON@email.seznam.cz:failure not.eml/[From agas@seznam.cz][Date Thu, 5 Aug 2004 10:26:40 +0200]/UNNAMED/shower.rtf.pif Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Doručená pošta/Odpovědět/05 Aug 2004 08:27 from MAILER-DAEMON@email.seznam.cz:failure not.eml/[From agas@seznam.cz][Date Thu, 5 Aug 2004 10:26:40 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Doručená pošta/Odpovědět/05 Aug 2004 08:27 from MAILER-DAEMON@email.seznam.cz:failure not.eml Infected: Email-Worm.Win32.NetSky.c skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Archív/+ Pastorace/22 Sep 2003 17:01 from Petr Breindl (pldieceze@pandora.cz):Annou.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Archív/+ Počítače/19 Sep 2003 16:42 from Microsoft:Current Net Security Update/q719383.exe Infected: Email-Worm.Win32.Swen skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Archív/+ Počítače/16 Mar 2004 22:05 from MAILER-DAEMON@email.seznam.cz:failure not.eml/[From agas@seznam.cz][Date Tue, 16 Mar 2004 23:04:15 +0100]/UNNAMED/document_4351.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Archív/+ Počítače/16 Mar 2004 22:05 from MAILER-DAEMON@email.seznam.cz:failure not.eml/[From agas@seznam.cz][Date Tue, 16 Mar 2004 23:04:15 +0100]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Archív/+ Počítače/16 Mar 2004 22:05 from MAILER-DAEMON@email.seznam.cz:failure not.eml Infected: Email-Worm.Win32.NetSky.d skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Archív/+ KKK/28 Apr 2004 15:38 from Pavel Hofírek (pastorace@pandora.cz):Re: /Message.com Infected: Email-Worm.Win32.Bagle.z skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Nevyžádaná pošta/07 May 2004 12:47 from Adenov:Re: Msg reply.html Suspicious: Email-Worm.Win32.Bagle.mail skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst/Osobní složky/Nevyžádaná pošta/07 May 2004 12:47 from Adenov:Re: Msg reply/Details.zip Infected: Email-Worm.Win32.Bagle.gen skipped
C:\Documents and Settings\PC1\Local Settings\Data aplikací\Microsoft\Outlook\Outlook_toshisba.pst Mail MS Mail: infected - 12, suspicious - 2 skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:54, on 3.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\GENIUS~1\STouch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\CAPM2RSK.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PC1\Plocha\Zabezpečení\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.farnostcheb.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Místní vyhledávání.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Smart Touch -- Genius Scanner.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177176760390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 9944 bytes