Prosím o kontrolu logu

[nehyz]

ComboFix 10-03-18.02 - uzivatel 19.03.2010 15:53:20.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.255.103 [GMT 1:00]
Spuštěný z: c:\documents and settings\uzivatel\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100319-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-19 do 2010-03-19 )))))))))))))))))))))))))))))))
.

2010-03-16 18:15 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-16 18:15 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-16 18:15 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-16 18:15 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-03-16 18:15 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-16 18:15 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-16 18:15 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-16 18:15 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-16 18:15 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-16 18:15 . 2010-03-16 18:15 -------- d-----w- c:\program files\Alwil Software
2010-03-16 18:03 . 2010-03-18 20:27 -------- d-----w- c:\program files\PowerArchiver

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-13 12:51 . 2002-12-31 23:19 -------- d-----w- c:\program files\ICQ7.0
2010-03-05 19:28 . 2003-01-10 00:09 -------- d-----w- c:\program files\Might and Magic VI
2010-03-05 19:26 . 2003-01-02 04:44 -------- d-----w- c:\program files\Scorpions WinCheater
2010-03-05 19:22 . 2002-12-31 23:10 -------- d-----w- c:\program files\Plus or minus
2010-03-05 19:21 . 2002-12-31 23:45 -------- d-----w- c:\program files\PMM2 The TPS aliens are back!
2010-03-05 19:17 . 2003-01-12 04:21 -------- d-----w- c:\program files\Cross Racing Championship
2010-02-12 14:34 . 2010-02-12 14:34 -------- d-----w- c:\program files\VistaCodecPack
2010-02-12 14:34 . 2006-11-25 17:39 -------- d-----w- c:\program files\Codec Pack - All In 1
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-02-11 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 75520]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.3.2010 19:15 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.3.2010 19:15 20560]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [1.1.2003 0:23 246520]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\axtmvflt.sys [31.12.2002 23:05 3456]
S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\axtmvmdm.sys [31.12.2002 23:05 40064]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\axtmvprt.sys [31.12.2002 23:05 38784]
S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);c:\windows\system32\drivers\SE30bus.sys [29.3.2007 18:18 61600]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys --> c:\windows\system32\drivers\vmfilter303.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.10.2007 17:29 682232]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath - c:\documents and settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\7qijj6rm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\

---- NASTAVENÍ FIREFOXU ----

pref(icqtoolbar.suggestions, true);
pref(icqtoolbar.xmlEnableSuggestions, true);
pref(icqtoolbar.history, );
pref(icqtoolbar.shownElements, itb_people itb_zoom_in itb_zoom_out itb_zoom_default itb_games itb_highlight);
pref(icqtoolbar.hiddenElements, itb_options itb_send_url);
/*
pref(icqtoolbar.searchInSameTab, true);

pref(icqtoolbar.searchInNewWindow, false);
*/
// 0 - same tab; 1 - new tab; 2 - new window
pref(icqtoolbar.displayResultsIn, 1);
//-1 for infinite number of saved searches
pref(icqtoolbar.historyCapacity, 15);
pref(icqtoolbar.displayHistory, true);
pref(icqtoolbar.enableAutocomplete, false);
pref(icqtoolbar.searchOnDrop, true);
pref(icqtoolbar.searchOnSelect, true);
pref(icqtoolbar.searchBoxSize, 200);
pref(icqtoolbar.showBtnsText, false);
pref(icqtoolbar.allowSendURL, true);
pref(icqtoolbar.initSearchType, );
pref(icqtoolbar.uninstStatSent, false);
pref(icqtoolbar.installsource, 0);
pref(icqtoolbar.xmlLanguage, en-US);
pref(icqtoolbar.updateRetryTimeout, 600);
pref(icqtoolbar.showSitesPanel, true);
pref(icqtoolbar.showVoucher, true);
pref(icqtoolbar.searchInNewTab, true);
pref(icqtoolbar.displayResultsIn, 1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-netstraf - c:\windows\system32\netstraf.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-19 15:58
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1482476501-515967899-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\V*X]
"Order"=hex:08,00,00,00,02,00,00,00,66,02,00,00,01,00,00,00,05,00,00,00,60,00,
00,00,00,00,00,00,52,00,32,00,e6,00,00,00,63,35,e8,99,20,00,44,4f,42,52,50,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-03-19 16:02:21
ComboFix-quarantined-files.txt 2010-03-19 15:02

Před spuštěním: Volných bajtů: 49 132 646 400
Po spuštění: Volných bajtů: 49 120 124 928

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - FB676D6A4B244E2CC652F7A02B8BB924

[Rudy]

4 položky smazány, zbytek logu vypadá čistý.