Prosím o kontrolu logu

[yvonne_K]

Prosím o kontrolu - Spy hunter hlásí trojana, Spyware terminator ho nevidí.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Máca at 2011-02-06 14:40:11
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 111 GB (47%) free of 238 GB
Total RAM: 502 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:40:23, on 6.2.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Máca\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Máca\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Máca\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Máca\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Máca\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Máca\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Máca\Plocha\RSIT.exe
C:\Program Files\trend micro\Máca.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/a/topzine.cz/Ser ... he=2&hl=cs
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [KeyBoard] C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: KvetinkaProzeny.lnk = C:\Program Files\KvetinkaProzeny\KvetinkaProzeny\KvetinkaProzeny.exe
O4 - Global Startup: Panel zástupců Microsoft Office.lnk = C:\Program Files\New FrontPage\Office\FINDFAST.EXE
O4 - Global Startup: Rychlé hledání Microsoft.lnk = C:\Program Files\New FrontPage\Office\FINDFAST.EXE
O4 - Global Startup: Spuštění Office.lnk = C:\Program Files\New FrontPage\Office\FINDFAST.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\exICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\exICQ\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\exICQ\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4844571945
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A6F23B4-384D-40CF-BF99-7584E9164A5F}: NameServer = 192.168.13.1,192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A6F23B4-384D-40CF-BF99-7584E9164A5F}: NameServer = 192.168.13.1,192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 9309 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-12-10 1254024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-04-10 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-28 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-01-05 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-02 1018616]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-04-10 2403392]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-12-10 1254024]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-03-08 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-03-08 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-03-08 114688]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-03-10 13956096]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-03-10 69632]
"NWEReboot"= []
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-11-05 281768]
"WheelMouse"=C:\ADVANC~1\wh_exec.exe [2007-03-11 86016]
"KeyBoard"=C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe [2006-12-21 36864]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2011-02-06 2216960]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2010-11-24 1233856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-05-27 68856]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-02-06 3037696]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Panel zástupců Microsoft Office.lnk - C:\Program Files\New FrontPage\Office\FINDFAST.EXE
Rychlé hledání Microsoft.lnk - C:\Program Files\New FrontPage\Office\FINDFAST.EXE
Spuštění Office.lnk - C:\Program Files\New FrontPage\Office\FINDFAST.EXE

C:\Documents and Settings\Máca\Nabídka Start\Programy\Po spuštění
KvetinkaProzeny.lnk - C:\Program Files\KvetinkaProzeny\KvetinkaProzeny\KvetinkaProzeny.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-03-08 135168]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\exICQ\ICQLite\ICQLite.exe"="C:\Program Files\exICQ\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\DC++\rc10\StrongDC.exe"="C:\Program Files\DC++\rc10\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Player Neu fuer alles\FireANT.exe"="C:\Program Files\Player Neu fuer alles\FireANT.exe:*:Enabled:FireAnt"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE"="C:\Program Files\WEB.DE\WEB.DE MultiMessenger\MESSENGR.EXE:*:Enabled:WEB.DE MultiMessenger"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\squid\ncftpput.exe"="C:\squid\ncftpput.exe:*:Enabled:TNSftp"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======File associations======

.js - open -

======List of files/folders created in the last 1 months======

2011-02-06 14:40:14 ----D---- C:\Program Files\trend micro
2011-02-06 14:40:11 ----D---- C:\rsit
2011-02-06 14:33:39 ----SHD---- C:\Config.Msi
2011-02-06 14:00:26 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2011-02-06 14:00:23 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2011-02-06 14:00:21 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2011-02-06 14:00:16 ----A---- C:\WINDOWS\system32\unacev2.dll
2011-02-06 14:00:08 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2011-02-06 13:59:11 ----D---- C:\Program Files\Trojan Remover
2011-02-06 13:59:11 ----D---- C:\Documents and Settings\Máca\Data aplikací\Simply Super Software
2011-02-06 13:59:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Simply Super Software
2011-02-06 04:12:50 ----D---- C:\Program Files\WinClamAVShield
2011-02-06 04:09:02 ----D---- C:\Program Files\Crawler
2011-02-06 04:08:57 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011-02-06 04:08:56 ----D---- C:\Documents and Settings\Máca\Data aplikací\Spyware Terminator
2011-02-06 04:08:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2011-02-06 04:08:48 ----D---- C:\Program Files\Spyware Terminator
2011-02-06 03:14:48 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-02-06 03:14:47 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-02-06 03:14:46 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-02-06 03:14:46 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-02-06 03:14:44 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-02-06 03:14:44 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-02-06 03:14:44 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-02-06 03:13:43 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-02-06 03:13:26 ----D---- C:\Program Files\Alwil Software
2011-02-06 03:13:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2011-02-06 01:32:58 ----D---- C:\Program Files\Enigma Software Group
2011-02-06 01:32:27 ----D---- C:\WINDOWS\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-02-01 19:51:00 ----A---- C:\WINDOWS\system32\javaws.exe
2011-02-01 19:51:00 ----A---- C:\WINDOWS\system32\javaw.exe
2011-02-01 19:51:00 ----A---- C:\WINDOWS\system32\java.exe
2011-01-11 17:26:07 ----D---- C:\WINDOWS\StartHtmico

======List of files/folders modified in the last 1 months======

2011-02-06 14:40:23 ----D---- C:\WINDOWS\Prefetch
2011-02-06 14:40:14 ----RD---- C:\Program Files
2011-02-06 14:33:47 ----SHD---- C:\WINDOWS\Installer
2011-02-06 14:12:26 ----D---- C:\WINDOWS\Temp
2011-02-06 14:00:30 ----D---- C:\WINDOWS\system32
2011-02-06 12:59:29 ----AH---- C:\WINDOWS\system32\FFASTLOG.TXT
2011-02-06 12:58:34 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-06 10:50:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-06 10:48:55 ----A---- C:\WINDOWS\TextSpy.ini
2011-02-06 09:02:46 ----D---- C:\Program Files\Azureus
2011-02-06 04:08:58 ----D---- C:\WINDOWS\system32\drivers
2011-02-06 03:32:50 ----A---- C:\WINDOWS\NeroDigital.ini
2011-02-06 03:14:32 ----D---- C:\WINDOWS\WinSxS
2011-02-06 03:13:46 ----D---- C:\WINDOWS
2011-02-06 03:09:47 ----A---- C:\WINDOWS\LEXICON.INI
2011-02-06 01:32:23 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-02-06 00:31:28 ----D---- C:\Documents and Settings\Máca\Data aplikací\ICQ
2011-02-05 20:15:51 ----D---- C:\Documents and Settings\Máca\Data aplikací\Azureus
2011-02-05 18:17:25 ----D---- C:\Program Files\Mozilla Sunbird
2011-02-04 17:46:32 ----D---- C:\Documents and Settings\Máca\Data aplikací\Canon
2011-02-01 19:50:58 ----D---- C:\Program Files\Java
2011-01-11 17:36:32 ----A---- C:\WINDOWS\MAXLINK.INI
2011-01-11 17:36:02 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2011-01-11 17:33:36 ----D---- C:\Program Files\Canon
2011-01-09 00:28:16 ----D---- C:\Program Files\The KMPlayer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-01-13 29392]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-01-13 47440]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-12-20 135096]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-01-13 100176]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-11-25 61960]
R2 STEC3;STEC3; \??\C:\WINDOWS\system32\STEC3.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-12-06 126720]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-03-08 828252]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-03-15 2544448]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-03-27 47360]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 FXDRV;FXDRV; \??\D:\Fxdrv.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 KMWDFilter;KMWDFilter; \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\WINDOWS\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
S3 whmice2k;Advanced Wheel Mouse Upper Filter Driver; C:\WINDOWS\system32\DRIVERS\whmice2k.sys [2004-04-26 6885]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-12-09 267944]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-11-05 135336]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-02-06 496128]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-10 138168]

-----------------EOF-----------------

[vyosek]

Zdravim, pekne odpoledne preji a vitam Vas u nas na foru

Spy hunter hlásí trojana

SpyHunter sice neni moc vhodny AntiSpy program, ale kdyz uz jej mate, kde Vam toho trojana hlasi

[yvonne_K]

Děkuji Rači bych se sem podívala za jiných okolností

Já ho to nenechala ani projet celý, jenom sem zkoušela jestli zase něco najde, když ostatní nic, takže je tam toho možná víc...

trojan bild.jpg (136.74 KiB) Zobrazeno 1884 x

[vyosek]

No verim ze navsteva naseho fora neni vzdycky moc oblibena

SpyHuntera odinstalujte, jak jsem psal o jeho kvalitach pochybuji

Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu

• Do okna vlozte skript nize

• Kód: Vybrat vše

  keyboard.exe

• Kliknete na Look
• Tlacitko Look se zmeni na Scanning a zsedne
• Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
• Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

[yvonne_K]

Bylo to podezřele rychlý, ale:

SystemLook 04.09.10 by jpshortstuff
Log created at 16:37 on 06/02/2011 by Máca
Administrator - Elevation successful

No Context: keyboard.exe

-= EOF =-

[vyosek]

Dejte urcite pryc ten SpyHunter a doporucuji i Spyware Terminatora - ten je sice daleko lepsi, ale ma rezidentni stit a te by mohl byt v kolizi s Avastem = nestabilita systemu, jeho zpomaleni a pady

Avast samotny uz AntiSpy stit v sobe ma, takze pro bezneho uzivatele netreba dalsi

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[yvonne_K]

Kromě avastu odmazány všechny antiviry a pod. a z MBAMu vypadlo:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5690

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

6.2.2011 20:00:38
mbam-log-2011-02-06 (20-00-31).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 498761
Uplynulý čas: 2 hodin, 46 minut, 20 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 2
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{85589B5D-D53D-4237-A677-46B82EA275F3} (Trojan.Unclassified) -> No action taken.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\Máca\dokumenty\Blbosti\Spiele\potrestanie.exe (Joke.Stressreducer) -> No action taken.
c:\program files\vso\convertxtodvd\convertxtodvdv2x_goldcrackb2.exe (RiskWare.Tool.CK) -> No action taken.

[vyosek]

c:\documents and settings\Máca\dokumenty\Blbosti\Spiele\potrestanie.exe nemazte, jinak ostatni ano...

MBAM nic nenasel a dovolim si tvrdit ze je kvalitnejsi "hledac" nez SpyHunter, dle meho slo o falesnou detekci

[yvonne_K]

Moc děkuju za rady! Smazáno, zrestartováno a konečně uklidněno

Možná to SpyHunter dělá schválně, aby si člověk zaplatil tu fullverzi.

Ještě jednou děkuju a přeji dobrou noc.

[vyosek]

S tou full verzi je to mozne

S dovolenim bych tam pustil jeste ComboFix, kolega me upozornil na jednu drobnost, ktera muze byt tvorena haveti

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[yvonne_K]

Kontrola netrvala přes deset minut ale dvě hodiny a pak jsem program musela násilně vypnout a restartovat počítač. Všechno bylo hotovo, ještě tam bylo v tabulce, že to maže nějaký tři soubory a furt blikal kurzor a nic. Hodinu sem to vydržela... Žádnej txt z toho není, takže předpokládám, že se to nějak nedokončilo. Zítra to zkusím znova.
Jela sem všechno podle návodu, bohužel sem u toho nemohla být a když sem došla, tak sem jenom klikla pravým tlačítkem, abych odehnala spořič. Přitom pořád šrotil počítač, tak sem si furt říkala, že to asi pracuje...nevím no. Bylo tam v nabídce ještě "posunout" ale to taky nemělo žádnej efekt. Zítra dám vědět.

Prozatím děkuji za pomoc

[vyosek]

Zkuste ComboFix aplikovat v nouzovem rezimuu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

[yvonne_K]

V nouzovém režimu se mi objevil i Administrátor, netuším proč do něho normálně přístup nemám. Nicméně sem tam musela Combofix znovu uložit a pak už to šlo docela rychle (když sem se vrátila, bylo zrestartováno a proces následně pokračoval v mém normálním přihlášení)
Výsledek:

ComboFix 11-02-06.02 - Administrator 07.02.2011 13:17:21.2.1 - x86 NETWORK
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_STEC3
-------\Service_STEC3


((((((((((((((((((((((((( Soubory vytvořené od 2011-01-07 do 2011-02-07 )))))))))))))))))))))))))))))))
.

2011-02-07 11:42 . 2011-02-07 11:42 -------- d-----w- c:\documents and settings\Administrator
2011-02-06 16:11 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-06 16:11 . 2011-02-06 16:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-02-06 16:11 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-06 16:11 . 2011-02-06 16:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-06 13:40 . 2011-02-06 13:40 -------- d-----w- c:\program files\trend micro
2011-02-06 13:40 . 2011-02-06 13:40 -------- d-----w- C:\rsit
2011-02-06 12:59 . 2011-02-06 15:53 -------- d-----w- c:\program files\Trojan Remover
2011-02-06 02:38 . 2011-02-06 02:38 -------- d-----w- c:\documents and settings\Máca\DoctorWeb
2011-02-06 02:14 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-06 02:14 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-06 02:14 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-06 02:14 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-06 02:14 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-06 02:14 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-06 02:14 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-06 02:13 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-06 02:13 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-06 02:13 . 2011-02-06 02:13 -------- d-----w- c:\program files\Alwil Software
2011-02-06 02:13 . 2011-02-06 02:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-02-06 00:32 . 2011-02-06 00:32 -------- d-----w- c:\program files\Enigma Software Group
2011-02-06 00:32 . 2011-02-06 13:33 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-01-11 16:26 . 2011-01-11 16:26 -------- d-----w- c:\windows\StartHtmico

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 17:53 . 2010-05-01 17:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2007-04-10 14:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-04-26 14:00 . 2009-04-26 13:59 1686727 ----a-w- c:\program files\pf-setup-en.exe
2009-03-19 08:42 . 2009-03-19 08:40 30143040 ----a-w- c:\program files\avira_antivir_personal_de.exe
2009-02-01 19:18 . 2009-03-09 15:32 10938951 ----a-w- c:\program files\pfs-setup-en.exe
2008-12-24 13:00 . 2008-12-24 12:54 28996120 ----a-w- c:\program files\FileFormatConverters.exe
2008-08-19 22:43 . 2008-08-19 22:43 1495112 ----a-w- c:\program files\install_flash_player.exe
2008-07-08 19:34 . 2008-07-08 19:34 2297856 ----a-w- c:\program files\apache_1.3.28-win32-x86-no_src.msi
2008-07-08 18:21 . 2008-07-08 18:21 2890503 ----a-w- c:\program files\pspad453inst_cz.exe
2008-06-10 19:24 . 2008-06-10 19:22 11778976 ----a-w- c:\program files\WEBDE_MultiMessenger_Setup.exe
2008-04-19 21:25 . 2008-04-19 21:25 5204297 ----a-w- c:\program files\sunbird-0.5.cs.win32.installer.exe
2008-04-13 20:50 . 2008-04-13 20:49 12909755 ----a-w- c:\program files\kmp.exe
2008-03-14 10:44 . 2008-03-14 10:44 7293465 ----a-w- c:\program files\dvdflick_setup_1.2.1.3.exe
2008-03-14 10:29 . 2008-03-14 10:28 22538622 ----a-w- c:\program files\Avi2Dvd_Setup_043.exe
2008-02-06 23:59 . 2008-02-06 23:59 2897821 ----a-w- c:\program files\bsplayer137.826.exe
2007-09-21 12:57 . 2007-09-21 12:57 5827472 ----a-w- c:\program files\Firefox Setup 2.0.0.7.exe
2007-06-24 22:56 . 2007-06-24 22:56 6671930 ----a-w- c:\program files\Setup_FreeConverter.exe
2007-05-21 10:27 . 2007-05-21 10:27 634880 ----a-w- c:\program files\PanelSetup.exe
2007-04-20 12:25 . 2007-04-20 12:25 2623145 ----a-w- c:\program files\vplayer063cz.exe
2007-04-16 14:12 . 2007-04-16 14:12 9453630 ----a-w- c:\program files\vlc-0.8.6a-win32.exe
2007-04-10 14:43 . 2007-04-10 14:41 9862208 ----a-w- c:\program files\Azureus_2.5.0.4_Win32.setup.exe
2007-02-10 12:16 . 2007-02-10 12:16 193080 ----a-w- c:\program files\moon-phase-calculator-setup.exe
2006-10-02 10:43 . 2006-10-02 10:42 2829110 ----a-w- c:\program files\pspad451inst_cz.exe
2006-09-24 18:43 . 2006-09-24 18:43 1181812 ----a-w- c:\program files\flvplayer_setup.exe
2006-09-22 18:18 . 2006-09-22 18:14 13526432 ----a-w- c:\program files\RealPlayer10-5GOLD_rs.exe
2006-09-06 21:43 . 2006-09-06 21:43 3921909 ----a-w- c:\program files\Tubedownloader10.exe
2006-08-04 12:16 . 2006-08-04 12:16 3516912 ----a-w- c:\program files\FileZilla_2_2_26_setup.exe
2006-06-21 18:55 . 2006-06-21 18:54 1587144 ----a-w- c:\program files\photo editor.exe
2006-04-14 10:36 . 2006-04-14 10:36 10046792 ----a-w- c:\program files\SkypeSetup.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-08 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-03-08 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-10 13956096]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2007-03-11 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\WEB.DE\\WEB.DE MultiMessenger\\MESSENGR.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16518:TCP"= 16518:TCP:BitComet 16518 TCP
"16518:UDP"= 16518:UDP:BitComet 16518 UDP

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FXDRV;FXDRV;D:\Fxdrv.sys [x]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
R3 whmice2k;Advanced Wheel Mouse Upper Filter Driver;c:\windows\system32\DRIVERS\whmice2k.sys [2004-04-26 6885]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]

.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = https://www.google.com/a/topzine.cz/Ser ... he=2&hl=cs
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 127.0.0.1:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\exICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: {2A6F23B4-384D-40CF-BF99-7584E9164A5F} = 192.168.13.1,192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Máca\Data aplikací\Mozilla\Firefox\Profiles\apb3gw7b.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.landofsinners.hys.cz/forum/index.php
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-NWEReboot - (no file)
AddRemove-Azureus - c:\program files\Azureus\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-07 13:26
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(4024)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Alwil Software\Avast5\setup\avast.setup
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2011-02-07 13:30:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-07 12:30

Před spuštěním: Volných bajtů: 122 220 806 144
Po spuštění: Volných bajtů: 122 126 700 544

- - End Of File - - 16C67CC5E99966C9729A860199F7234A

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Folder::
  c:\program files\Trojan Remover
  c:\program files\ICQ6Toolbar
  
  Driver::
  ICQ Service
  
  DDS::
  uStart Page = https://www.google.com/a/topzine.cz/Ser ... he=2&hl=cs
  uInternet Settings,ProxyServer = 127.0.0.1:3128
  IE: &ICQ Toolbar Search - c:\program files\exICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML
  uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
  
  Firefox::
  FF - ProfilePath - c:\documents and settings\Máca\Data aplikací\Mozilla\Firefox\Profiles\apb3gw7b.default\
  FF - prefs.js: browser.search.selectedEngine - ICQ Search
  FF - prefs.js: browser.startup.homepage - hxxp://www.landofsinners.hys.cz/forum/index.php
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.6&q=
  FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
  FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
  
  AtJob::
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "swg"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SunJavaUpdateSched"=-

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[yvonne_K]

Zase se to zasekalo, takže sem musela přes nouzový režim + admina:

ComboFix 11-02-06.02 - Administrator 07.02.2011 17:32:22.4.1 - x86 NETWORK
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICQ_SERVICE
-------\Service_ICQ Service


((((((((((((((((((((((((( Soubory vytvořené od 2011-01-07 do 2011-02-07 )))))))))))))))))))))))))))))))
.

2011-02-07 11:42 . 2011-02-07 11:42 -------- d-----w- c:\documents and settings\Administrator
2011-02-06 16:11 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-06 16:11 . 2011-02-06 16:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-02-06 16:11 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-06 16:11 . 2011-02-06 16:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-06 13:40 . 2011-02-06 13:40 -------- d-----w- c:\program files\trend micro
2011-02-06 13:40 . 2011-02-06 13:40 -------- d-----w- C:\rsit
2011-02-06 02:38 . 2011-02-06 02:38 -------- d-----w- c:\documents and settings\Máca\DoctorWeb
2011-02-06 02:14 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-06 02:14 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-06 02:14 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-06 02:14 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-06 02:14 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-06 02:14 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-06 02:14 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-06 02:13 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-02-06 02:13 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-06 02:13 . 2011-02-06 02:13 -------- d-----w- c:\program files\Alwil Software
2011-02-06 02:13 . 2011-02-06 02:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2011-02-06 00:32 . 2011-02-06 00:32 -------- d-----w- c:\program files\Enigma Software Group
2011-02-06 00:32 . 2011-02-06 13:33 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
2011-01-11 16:26 . 2011-01-11 16:26 -------- d-----w- c:\windows\StartHtmico

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 17:53 . 2010-05-01 17:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2007-04-10 14:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-04-26 14:00 . 2009-04-26 13:59 1686727 ----a-w- c:\program files\pf-setup-en.exe
2009-03-19 08:42 . 2009-03-19 08:40 30143040 ----a-w- c:\program files\avira_antivir_personal_de.exe
2009-02-01 19:18 . 2009-03-09 15:32 10938951 ----a-w- c:\program files\pfs-setup-en.exe
2008-12-24 13:00 . 2008-12-24 12:54 28996120 ----a-w- c:\program files\FileFormatConverters.exe
2008-08-19 22:43 . 2008-08-19 22:43 1495112 ----a-w- c:\program files\install_flash_player.exe
2008-07-08 19:34 . 2008-07-08 19:34 2297856 ----a-w- c:\program files\apache_1.3.28-win32-x86-no_src.msi
2008-07-08 18:21 . 2008-07-08 18:21 2890503 ----a-w- c:\program files\pspad453inst_cz.exe
2008-06-10 19:24 . 2008-06-10 19:22 11778976 ----a-w- c:\program files\WEBDE_MultiMessenger_Setup.exe
2008-04-19 21:25 . 2008-04-19 21:25 5204297 ----a-w- c:\program files\sunbird-0.5.cs.win32.installer.exe
2008-04-13 20:50 . 2008-04-13 20:49 12909755 ----a-w- c:\program files\kmp.exe
2008-03-14 10:44 . 2008-03-14 10:44 7293465 ----a-w- c:\program files\dvdflick_setup_1.2.1.3.exe
2008-03-14 10:29 . 2008-03-14 10:28 22538622 ----a-w- c:\program files\Avi2Dvd_Setup_043.exe
2008-02-06 23:59 . 2008-02-06 23:59 2897821 ----a-w- c:\program files\bsplayer137.826.exe
2007-09-21 12:57 . 2007-09-21 12:57 5827472 ----a-w- c:\program files\Firefox Setup 2.0.0.7.exe
2007-06-24 22:56 . 2007-06-24 22:56 6671930 ----a-w- c:\program files\Setup_FreeConverter.exe
2007-05-21 10:27 . 2007-05-21 10:27 634880 ----a-w- c:\program files\PanelSetup.exe
2007-04-20 12:25 . 2007-04-20 12:25 2623145 ----a-w- c:\program files\vplayer063cz.exe
2007-04-16 14:12 . 2007-04-16 14:12 9453630 ----a-w- c:\program files\vlc-0.8.6a-win32.exe
2007-04-10 14:43 . 2007-04-10 14:41 9862208 ----a-w- c:\program files\Azureus_2.5.0.4_Win32.setup.exe
2007-02-10 12:16 . 2007-02-10 12:16 193080 ----a-w- c:\program files\moon-phase-calculator-setup.exe
2006-10-02 10:43 . 2006-10-02 10:42 2829110 ----a-w- c:\program files\pspad451inst_cz.exe
2006-09-24 18:43 . 2006-09-24 18:43 1181812 ----a-w- c:\program files\flvplayer_setup.exe
2006-09-22 18:18 . 2006-09-22 18:14 13526432 ----a-w- c:\program files\RealPlayer10-5GOLD_rs.exe
2006-09-06 21:43 . 2006-09-06 21:43 3921909 ----a-w- c:\program files\Tubedownloader10.exe
2006-08-04 12:16 . 2006-08-04 12:16 3516912 ----a-w- c:\program files\FileZilla_2_2_26_setup.exe
2006-06-21 18:55 . 2006-06-21 18:54 1587144 ----a-w- c:\program files\photo editor.exe
2006-04-14 10:36 . 2006-04-14 10:36 10046792 ----a-w- c:\program files\SkypeSetup.exe
.

((((((((((((((((((((((((((((( SnapShot@2011-02-07_12.26.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-07 16:40 . 2011-02-07 16:40 16384 c:\windows\temp\Perflib_Perfdata_61c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-08 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-03-08 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-10 13956096]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2007-03-11 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\WEB.DE\\WEB.DE MultiMessenger\\MESSENGR.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16518:TCP"= 16518:TCP:BitComet 16518 TCP
"16518:UDP"= 16518:UDP:BitComet 16518 UDP

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FXDRV;FXDRV;D:\Fxdrv.sys [x]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
R3 whmice2k;Advanced Wheel Mouse Upper Filter Driver;c:\windows\system32\DRIVERS\whmice2k.sys [2004-04-26 6885]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]

.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: {2A6F23B4-384D-40CF-BF99-7584E9164A5F} = 192.168.13.1,192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Máca\Data aplikací\Mozilla\Firefox\Profiles\apb3gw7b.default\
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-07 17:41
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3220)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2011-02-07 17:44:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-07 16:44
ComboFix2.txt 2011-02-07 12:30

Před spuštěním: Volných bajtů: 122 061 328 384
Po spuštění: Volných bajtů: 122 050 527 232

- - End Of File - - F72C92BD8AD4A3E7B790E02422ABEBA0