BV: Malware-gen v souboru a.bat

[Argoneus]

ještě tu přílohu jak říkal fredik (pardon frediku )

[Reklama]

[fredik]

Než budeme pokračovat, udělej prosím tě toto:

Stáhni si Suspicious File Packer
Rozbal ho a spusť ho (soubor sfp.exe)
Do okna, které se ti zobrazí, zkopíruj a vlož tento tučně označený text:
C:\WINDOWS\system32\msvcrt2.dll
C:\WINDOWS\msNTNSslog.exe
C:\WINDOWS\msSsyslog.exe

pak klikni na tlačítko Continue
Program se ti přepne do druhého okna Step2: Create archive
Zavři program.
Na ploše se ti vytvoří soubor requested-files[2007-07-30_HH_MM].cab (místo 2007-07-30 budeš mít aktuální datum a kde HH - hodina a MM minuty) Budeš pak muset u vytvořeného archivu přejmenovat příponu souboru z cab na zip nebo rar, nebo celý soubor pak znovu zabal (rarem, zipem) a vlož ho sem jako přílohu.

Poznámka: Je možné že už dané soubory nebudeš mít na disku, takže se ti nemusí vytvořit archiv.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Protože se poslední log z ComboFix, který jsi sem vložil nebyl celý, spusť znovu CF (bez skriptu) a vlož sem po jeho proběhnutí celý log.

[fikj]

Tady je nový log:

ComboFix 08-04-18.3 - Maša 2008-04-22 19:00:02.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.448 [GMT 2:00]
Running from: C:\Documents and Settings\Maša\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\efcCvUkH.dll
C:\WINDOWS\system32\nnnkHwVL.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.

2008-04-22 18:57 . 2008-04-22 18:57 37,888 --a------ C:\WINDOWS\system32\hgGaaWqO.dll
2008-04-22 15:19 . 2008-04-22 15:19 16,896 --a------ C:\bluezm.exe
2008-04-21 20:10 . 2008-04-21 20:10 <DIR> d-------- C:\Documents and Settings\MaÜa
2008-04-21 19:58 . 2008-04-21 19:58 125,841 --a------ C:\Documents and Settings\Macatchme.zip
2008-04-20 15:30 . 2008-04-20 15:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-20 15:23 . 2008-04-20 15:45 <DIR> d-------- C:\SDFix
2008-04-18 10:01 . 2008-04-18 10:01 102,435 --a------ C:\WINDOWS\system32\msvcrt2.dll
2008-04-16 17:20 . 2008-04-16 17:20 <DIR> d-------- C:\Documents and Settings\Maša\Data aplikací\Oxford
2008-04-16 17:19 . 2008-04-16 17:19 <DIR> d-------- C:\Program Files\TEXTware
2008-04-16 17:17 . 2008-04-16 17:17 <DIR> d-------- C:\Program Files\Oxford
2008-04-15 16:21 . 2008-04-15 16:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-04-15 16:20 . 2006-06-16 11:12 <DIR> d-------- C:\Documents and Settings\Administrator\Šablony
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-04-15 16:20 . 2008-04-15 16:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-15 16:20 . 2008-04-21 19:02 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-14 20:31 . 2008-04-14 20:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-14 19:25 . 2006-09-05 18:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-14 19:09 . 2008-04-14 19:09 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-14 18:38 . 2008-04-14 18:38 0 --a------ C:\23990098.$$$
2008-04-14 18:28 . 2004-08-17 15:49 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-04-14 17:29 . 2008-04-17 18:14 13,824 -r-hs---- C:\WINDOWS\msNTNSslog.exe
2008-04-13 17:42 . 2008-04-13 17:42 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-12 17:37 . 2008-04-12 17:37 <DIR> d-------- C:\VundoFix Backups
2008-04-09 17:33 . 2008-04-09 17:33 13,824 -r-hs---- C:\WINDOWS\msSsyslog.exe
2008-04-09 16:28 . 2008-04-09 16:28 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-04-09 16:28 . 2008-04-09 16:28 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-04-09 16:28 . 2008-04-09 16:28 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-04-09 16:28 . 2008-04-09 16:28 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-04-09 16:28 . 2008-04-09 16:28 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-04-09 16:28 . 2008-04-09 16:28 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-04-09 16:21 . 2008-04-14 18:29 50 --a------ C:\WINDOWS\Lic.xxx
2008-04-09 16:20 . 2004-08-17 15:49 147,968 --a------ C:\WINDOWS\R.COM
2008-04-09 16:10 . 2008-04-09 16:10 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-09 15:53 . 2008-04-09 15:53 <DIR> d-------- C:\Program Files\CCleaner
2008-04-09 15:49 . 2008-04-09 15:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Lavasoft
2008-04-08 20:38 . 2008-04-08 20:38 130 --a------ C:\WINDOWS\wininit.ini
2008-04-08 19:17 . 2008-04-08 19:14 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-08 19:17 . 2008-04-08 19:17 2,550 --a------ C:\WINDOWS\unins000.dat
2008-04-08 19:02 . 2008-04-08 19:35 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-08 19:02 . 2008-04-14 18:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2008-04-06 19:01 . 2008-04-06 19:01 <DIR> d-------- C:\Program Files\uTorrent
2008-04-06 19:01 . 2008-04-06 19:03 <DIR> d-------- C:\Documents and Settings\Maša\Data aplikací\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 16:34 --------- d-----w C:\Program Files\Lx_cats
2008-04-21 18:25 --------- d-----w C:\Program Files\ICQToolbar
2008-04-20 19:08 --------- d-----w C:\Program Files\ICQ6
2008-04-20 16:32 --------- d-----w C:\Program Files\ICQLite
2008-04-13 16:05 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Yahoo! Companion
2008-04-09 14:43 --------- d-----w C:\Documents and Settings\Maša\Data aplikací\ICQ Toolbar
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-09 09:54 --------- d-----w C:\Program Files\Lexmark 2300 Series
2008-03-06 10:24 --------- d-----w C:\Documents and Settings\Maša\Data aplikací\ICQ
2008-03-02 11:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-26 13:38 737,280 ----a-w C:\WINDOWS\iun6002.exe
2006-02-02 15:08 914 ----a-w C:\Program Files\INSTALL.LOG
2005-12-21 13:13 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
2005-12-17 10:52 237,568 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER(3).DAT
.

((((((((((((((((((((((((((((( snapshot@2008-04-20_15.52.20,22 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-20 13:38:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-22 16:56:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-04-22 16:57:15 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_550.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-23 00:43 413775]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 19:14 1867776]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 11:43 68856]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-19 16:59 1449984]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 08:07 200704]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 14:05 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 15:36 299008]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
"WireLessMouse "="C:\Program Files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 15:54 503808]
"WireLessKeyboard "="C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2005-08-02 23:45 253952]
"wcmdmgr"="C:\WINDOWS\wt\updater\wcmdmgrl.exe" [ ]
"LXCGCATS"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 19:48 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]

C:\Documents and Settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-09 23:12:54 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26 29696]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-08-27 09:27:17 106560]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16316:TCP"= 16316:TCP:BitComet 16316 TCP
"16316:UDP"= 16316:UDP:BitComet 16316 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 13:18]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 Windows Name System Server;Windows Name Server Management Services;"C:\WINDOWS\msNTNSslog.exe" [2008-04-17 18:14]
R2 Windows System Server;Windows Server Management Services;"C:\WINDOWS\msSsyslog.exe" [2008-04-09 17:33]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 19:02:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-22 19:04:18
ComboFix-quarantined-files.txt 2008-04-22 17:04:11
ComboFix2.txt 2008-04-22 16:53:41
ComboFix3.txt 2008-04-21 18:23:35
ComboFix4.txt 2008-04-21 18:10:32
ComboFix5.txt 2008-04-20 13:53:44

Adresářů: 17, Volných bajtů: 7,889,563,648
Adresářů: 18, Volných bajtů: 7,879,565,312

159 --- E O F --- 2008-04-10 06:35:58

//dík za nahráni souboru
fredik

[fredik]

Vytvoř si nový CFScript a použij ho stejným způsobem jako ten předchozí, ale s tím rozdílem, že tentokrát vlož do něho toto:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Driver::
Windows Name System Server
Windows System Server

File::
C:\WINDOWS\system32\hgGaaWqO.dll
C:\bluezm.exe
C:\WINDOWS\system32\msvcrt2.dll
C:\WINDOWS\msNTNSslog.exe
C:\WINDOWS\msSsyslog.exe
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]

Vlož sem pak znovu log z ComboFix po jeho proběhnutí + nový log z HJT

[fikj]

tady jsou ty dva logy:



ComboFix 08-04-18.3 - Maša 2008-04-23 17:12:22.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.445 [GMT 2:00]
Running from: C:\Documents and Settings\Maša\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maša\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\bluezm.exe
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
C:\WINDOWS\msNTNSslog.exe
C:\WINDOWS\msSsyslog.exe
C:\WINDOWS\system32\hgGaaWqO.dll
C:\WINDOWS\system32\msvcrt2.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bluezm.exe
C:\WINDOWS\msNTNSslog.exe
C:\WINDOWS\msSsyslog.exe
C:\WINDOWS\system32\awtsQIXQ.dll
C:\WINDOWS\system32\hgGaaWqO.dll
C:\WINDOWS\system32\msvcrt2.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_NAME_SYSTEM_SERVER
-------\Legacy_WINDOWS_SYSTEM_SERVER
-------\Service_Windows Name System Server
-------\Service_Windows System Server


((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-21 20:10 . 2008-04-21 20:10 <DIR> d-------- C:\Documents and Settings\Maša
2008-04-21 20:10 . <DIR> C:\Documents and Settings\MaÜa\Local Settings
2008-04-21 20:10 . <DIR> C:\Documents and Settings\MaÜa\Local Settings
2008-04-21 19:58 . 2008-04-21 19:58 125,841 --a------ C:\Documents and Settings\Macatchme.zip
2008-04-20 15:30 . 2008-04-20 15:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-20 15:23 . 2008-04-20 15:45 <DIR> d-------- C:\SDFix
2008-04-16 17:19 . 2008-04-16 17:19 <DIR> d-------- C:\Program Files\TEXTware
2008-04-16 17:17 . 2008-04-16 17:17 <DIR> d-------- C:\Program Files\Oxford
2008-04-15 16:21 . 2008-04-15 16:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-15 16:20 . 2006-06-16 11:12 <DIR> d-------- C:\Documents and Settings\Administrator\ćablony
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-04-15 16:20 . 2008-04-15 16:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-15 16:20 . 2008-04-21 19:02 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-14 20:31 . 2008-04-14 20:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-14 19:25 . 2006-09-05 18:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-14 19:09 . 2008-04-14 19:09 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-14 18:38 . 2008-04-14 18:38 0 --a------ C:\23990098.$$$
2008-04-14 18:28 . 2004-08-17 15:49 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-04-13 17:42 . 2008-04-13 17:42 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-12 17:37 . 2008-04-12 17:37 <DIR> d-------- C:\VundoFix Backups
2008-04-09 16:28 . 2008-04-09 16:28 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-04-09 16:28 . 2008-04-09 16:28 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-04-09 16:28 . 2008-04-09 16:28 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-04-09 16:28 . 2008-04-09 16:28 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-04-09 16:28 . 2008-04-09 16:28 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-04-09 16:28 . 2008-04-09 16:28 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-04-09 16:21 . 2008-04-14 18:29 50 --a------ C:\WINDOWS\Lic.xxx
2008-04-09 16:20 . 2004-08-17 15:49 147,968 --a------ C:\WINDOWS\R.COM
2008-04-09 16:10 . 2008-04-09 16:10 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-09 15:53 . 2008-04-09 15:53 <DIR> d-------- C:\Program Files\CCleaner
2008-04-08 20:38 . 2008-04-08 20:38 130 --a------ C:\WINDOWS\wininit.ini
2008-04-08 19:17 . 2008-04-08 19:14 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-08 19:17 . 2008-04-08 19:17 2,550 --a------ C:\WINDOWS\unins000.dat
2008-04-08 19:02 . 2008-04-08 19:35 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-06 19:01 . 2008-04-06 19:01 <DIR> d-------- C:\Program Files\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 08:20 --------- d-----w C:\Program Files\Lx_cats
2008-04-22 17:07 --------- d-----w C:\Program Files\ICQToolbar
2008-04-20 19:08 --------- d-----w C:\Program Files\ICQ6
2008-04-20 16:32 --------- d-----w C:\Program Files\ICQLite
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-09 09:54 --------- d-----w C:\Program Files\Lexmark 2300 Series
2008-03-02 11:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-26 13:38 737,280 ----a-w C:\WINDOWS\iun6002.exe
2006-02-02 15:08 914 ----a-w C:\Program Files\INSTALL.LOG
2005-12-21 13:13 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
2005-12-17 10:52 237,568 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER(3).DAT
.

((((((((((((((((((((((((((((( snapshot@2008-04-20_15.52.20,22 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-20 13:38:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-23 15:16:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-04-23 15:16:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_544.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-23 00:43 413775]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 19:14 1867776]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 11:43 68856]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-19 16:59 1449984]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 08:07 200704]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 14:05 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 15:36 299008]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
"WireLessMouse "="C:\Program Files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 15:54 503808]
"WireLessKeyboard "="C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2005-08-02 23:45 253952]
"wcmdmgr"="C:\WINDOWS\wt\updater\wcmdmgrl.exe" [ ]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 19:48 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16316:TCP"= 16316:TCP:BitComet 16316 TCP
"16316:UDP"= 16316:UDP:BitComet 16316 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 13:18]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 17:17:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kerio\Personal Firewall\PERSFW.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\WinZip\WZQKPICK.EXE
.
**************************************************************************
.
Completion time: 2008-04-23 17:24:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-23 15:24:00
ComboFix2.txt 2008-04-22 17:04:19
ComboFix3.txt 2008-04-22 16:53:41
ComboFix4.txt 2008-04-21 18:23:35
ComboFix5.txt 2008-04-21 18:10:32

Adresářů: 17, Volných bajtů: 7,822,262,272
Adres ý…: 19, Volněch bajt…: 7,832,776,704

176 --- E O F --- 2008-04-10 06:35:58


-----------------------------------------------------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24:56, on 23.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~2\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~2\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~2\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5034
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Hledej v &Seznamu - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5035
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{20C7BB40-E383-4D71-A9A5-AC08D689DED3}: NameServer = 212.80.64.118,85.93.160.118
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 10448 bytes

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Máš tam dost IE Toolbarů, můžeš odinstalovat ty které nepoužíváš a nech si tam jen ten který využíváš:
Yahoo! Toolbar
ICQ Toolbar
Lištička
Google Toolbar

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si ATF-Cleaner (by Atribune) a spusť ho

Pod položkou Main zatrhni možnost: Select All
Pak klikni na tlačítko: Empty Selected

Pokud používáš jako prohlížeč FireFox:

- Zvol nahoře možnost Firefox
- Zatrhni možnost: Select All
- Budeš dotázán na to zda si přeješ odstranit uložené hesla z Firefoxu, podle potřeby zvol buď Ano nebo Ne
- Pak klikni na tlačítko: Empty Selected

Pokud používáš jako prohlížeč Operu:

- Zvol nahoře možnost Opera
- Zatrhni možnost: Select All
- Budeš dotázán na to zda si přeješ odstranit uložené hesla z Opery, podle potřeby zvol buď Ano nebo Ne
- Pak klikni na tlačítko: Empty Selected

Pak můžeš program zavřít.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si a spusť T-cleaner a postupuj podle instrukcí.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Máš ještě problémy?

[fikj]

Malware už zmizel, ale objevil se nový problém. Z plochy zmizí ikony a objeví se tabulka individuální nastavení a az se ikony zase zjeví tak se objeví tabulka chyby v procesu explorer. po zmáčknutí neodesílat, se to párkrát zopakuje a pak to přejde. Máte nějakou radu?

[fredik]

Pokud máš ještě někde od minula SDFix a ComboFix tak je smaž, stáhni si je znovu a dej sem z nich aktuální logy.

[fikj]

tady je log z SDFix:


SDFix: Version 1.177
Run by Maça on Łt 29.04.2008 at 18:03

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe - Deleted
C:\WINDOWS\hosts - Deleted
C:\WINDOWS\system32\drivers\hosts - Deleted
C:\WINDOWS\system32\winIogon.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 18:11:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE:*:Enabled:ActiveSync Application"
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"="C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE:*:Enabled:Connection Manager"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 15 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Fri 12 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"

Finished!

[fikj]

a tady z combofix:

ComboFix 08-04-28.2 - Maša 2008-04-29 18:23:21.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.419 [GMT 2:00]
Running from: C:\Documents and Settings\Maša\Plocha\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.

2008-04-29 17:50 . 2008-04-29 18:16 <DIR> d-------- C:\SDFix
2008-04-26 12:37 . 2008-04-26 12:37 <DIR> d-------- C:\Program Files\Psygnosis
2008-04-25 15:18 . 2008-04-25 15:18 21,873 --a------ C:\WINDOWS\system32\phgm.exe
2008-04-25 15:17 . 2008-04-25 15:17 21,873 --a------ C:\WINDOWS\system32\yxjhjoq.exe
2008-04-25 15:07 . 2008-04-25 15:07 21,873 --a------ C:\WINDOWS\system32\ucsv.exe
2008-04-25 15:01 . 2008-04-25 15:01 241 --a------ C:\Documents and Settings\Maša\SR.vbs
2008-04-25 15:01 . 2008-04-25 15:01 241 --a------ C:\Documents and Settings\Maša\SR.vbs
2008-04-25 13:45 . 2008-04-25 13:45 21,873 --a------ C:\WINDOWS\system32\rrhxgwid.exe
2008-04-24 15:31 . 2008-04-24 15:31 21,142 --a------ C:\WINDOWS\system32\fnjkmxok.exe
2008-04-24 15:01 . 2008-04-24 15:01 21,142 --a------ C:\WINDOWS\system32\sciskcq.exe
2008-04-24 13:50 . 2008-04-28 19:32 39,520 --a------ C:\winhost.exe
2008-04-24 13:49 . 2008-04-24 13:49 21,142 --a------ C:\WINDOWS\system32\uwfy.exe
2008-04-21 20:10 . 2008-04-21 20:10 <DIR> d-------- C:\Documents and Settings\MaÜa
2008-04-21 19:58 . 2008-04-21 19:58 125,841 --a------ C:\Documents and Settings\Macatchme.zip
2008-04-20 15:30 . 2008-04-20 15:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-16 17:20 . 2008-04-16 17:20 <DIR> d-------- C:\Documents and Settings\Maša\Data aplikací\Oxford
2008-04-16 17:19 . 2008-04-16 17:19 <DIR> d-------- C:\Program Files\TEXTware
2008-04-16 17:17 . 2008-04-16 17:17 <DIR> d-------- C:\Program Files\Oxford
2008-04-15 16:21 . 2008-04-15 16:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-04-15 16:20 . 2006-06-16 11:12 <DIR> d-------- C:\Documents and Settings\Administrator\Šablony
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-04-15 16:20 . 2008-04-15 16:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-15 16:20 . 2008-04-29 18:23 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-14 20:31 . 2008-04-14 20:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-14 19:25 . 2006-09-05 18:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-14 19:09 . 2008-04-14 19:09 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-14 18:38 . 2008-04-14 18:38 0 --a------ C:\23990098.$$$
2008-04-13 17:42 . 2008-04-25 14:53 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-09 16:10 . 2008-04-09 16:10 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-09 15:53 . 2008-04-09 15:53 <DIR> d-------- C:\Program Files\CCleaner
2008-04-09 15:49 . 2008-04-09 15:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Lavasoft
2008-04-08 20:38 . 2008-04-08 20:38 130 --a------ C:\WINDOWS\wininit.ini
2008-04-08 19:17 . 2008-04-08 19:14 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-08 19:17 . 2008-04-08 19:17 2,550 --a------ C:\WINDOWS\unins000.dat
2008-04-08 19:02 . 2008-04-08 19:35 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-08 19:02 . 2008-04-14 18:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2008-04-06 19:01 . 2008-04-06 19:01 <DIR> d-------- C:\Program Files\uTorrent
2008-04-06 19:01 . 2008-04-06 19:03 <DIR> d-------- C:\Documents and Settings\Maša\Data aplikací\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 14:38 --------- d-----w C:\Program Files\Lx_cats
2008-04-25 15:37 --------- d-----w C:\Documents and Settings\Maša\Data aplikací\ICQ
2008-04-25 12:54 --------- d-----w C:\Program Files\Google
2008-04-25 12:52 --------- d-----w C:\Program Files\ICQToolbar
2008-04-20 19:08 --------- d-----w C:\Program Files\ICQ6
2008-04-20 16:32 --------- d-----w C:\Program Files\ICQLite
2008-04-09 14:43 --------- d-----w C:\Documents and Settings\Maša\Data aplikací\ICQ Toolbar
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-09 09:54 --------- d-----w C:\Program Files\Lexmark 2300 Series
2008-03-02 11:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2006-02-02 15:08 914 ----a-w C:\Program Files\INSTALL.LOG
2005-12-21 13:13 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
2005-12-17 10:52 237,568 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER(3).DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-23 00:43 413775]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 19:14 1867776]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-19 16:59 1449984]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 08:07 200704]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 14:05 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 15:36 299008]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
"WireLessMouse "="C:\Program Files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 15:54 503808]
"WireLessKeyboard "="C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2005-08-02 23:45 253952]
"wcmdmgr"="C:\WINDOWS\wt\updater\wcmdmgrl.exe" [ ]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 19:48 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]

C:\Documents and Settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-09 23:12:54 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26 29696]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-08-27 09:27:17 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"MSACM.CEGSM"= mobilev.acm
"VIDC.ACDV"= ACDV.dll
"VIDC.XVID"= xvid.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16316:TCP"= 16316:TCP:BitComet 16316 TCP
"16316:UDP"= 16316:UDP:BitComet 16316 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 13:18]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 18:25:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-29 18:27:33
ComboFix-quarantined-files.txt 2008-04-29 16:27:13

Adresářů: 16, Volných bajtů: 9,317,109,760
Adresářů: 18, Volných bajtů: 9,502,507,008

137 --- E O F --- 2008-04-10 06:35:58

[fredik]

Pokud disk G je součástí disku, tak použij Flash Disinfector. Pokud se ti na něj mapuje nějaké výměnné zařízení (Fleška, USB disk,...) tak ho připoj.

Stáhni si a ulož na disk Flash Disinfector (by sUBs)
- Spusť Flash Disinfector
- Počkej až program proběhne
- pak flešku odpoj

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Vytvoř si nový CFScript a použij ho stejným způsobem jako ten předchozí, ale s tím rozdílem, že tentokrát vlož do něho toto:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\phgm.exe
C:\WINDOWS\system32\yxjhjoq.exe
C:\WINDOWS\system32\ucsv.exe
C:\WINDOWS\system32\rrhxgwid.exe
C:\WINDOWS\system32\fnjkmxok.exe
C:\WINDOWS\system32\sciskcq.exe
C:\winhost.exe
C:\WINDOWS\system32\uwfy.exe

Vlož sem pak znovu log z ComboFix po jeho proběhnutí + nový log z HJT

[fikj]

Combofix:


ComboFix 08-04-28.2 - Maša 2008-05-05 17:46:47.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.304 [GMT 2:00]
Running from: C:\Documents and Settings\Maša\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maša\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\fnjkmxok.exe
C:\WINDOWS\system32\phgm.exe
C:\WINDOWS\system32\rrhxgwid.exe
C:\WINDOWS\system32\sciskcq.exe
C:\WINDOWS\system32\ucsv.exe
C:\WINDOWS\system32\uwfy.exe
C:\WINDOWS\system32\yxjhjoq.exe
C:\winhost.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\fnjkmxok.exe
C:\WINDOWS\system32\phgm.exe
C:\WINDOWS\system32\rrhxgwid.exe
C:\WINDOWS\system32\sciskcq.exe
C:\WINDOWS\system32\ucsv.exe
C:\WINDOWS\system32\uwfy.exe
C:\WINDOWS\system32\yxjhjoq.exe
C:\winhost.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-05-02 21:21 . 2008-05-02 22:49 26 --a------ C:\WINDOWS\system32\satsukidecodersettings.ini
2008-04-29 17:50 . 2008-04-29 18:16 <DIR> d-------- C:\SDFix
2008-04-26 12:37 . 2008-04-26 12:37 <DIR> d-------- C:\Program Files\Psygnosis
2008-04-25 15:01 . 2008-04-25 15:01 241 --a------ C:\Documents and Settings\Maša\SR.vbs
2008-04-25 15:01 . 2008-04-25 15:01 241 --a------ C:\Documents and Settings\Maša\SR.vbs
2008-04-21 20:10 . 2008-04-21 20:10 <DIR> d-------- C:\Documents and Settings\MaÜa
2008-04-21 19:58 . 2008-04-21 19:58 125,841 --a------ C:\Documents and Settings\Macatchme.zip
2008-04-20 15:30 . 2008-04-20 15:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-16 17:20 . 2008-04-16 17:20 <DIR> d-------- C:\Documents and Settings\Maša\Data aplikací\Oxford
2008-04-16 17:19 . 2008-04-16 17:19 <DIR> d-------- C:\Program Files\TEXTware
2008-04-16 17:17 . 2008-04-16 17:17 <DIR> d-------- C:\Program Files\Oxford
2008-04-15 16:21 . 2008-04-15 16:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2008-04-15 16:20 . 2006-06-16 11:12 <DIR> d-------- C:\Documents and Settings\Administrator\Šablony
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-04-15 16:20 . 2005-12-17 13:11 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2008-04-15 16:20 . 2008-04-15 16:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-15 16:20 . 2008-05-04 17:04 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-14 20:31 . 2008-04-14 20:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-14 19:25 . 2006-09-05 18:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-14 19:09 . 2008-04-14 19:09 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-14 18:38 . 2008-04-14 18:38 0 --a------ C:\23990098.$$$
2008-04-13 17:42 . 2008-04-25 14:53 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-09 16:10 . 2008-04-09 16:10 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-09 15:53 . 2008-04-09 15:53 <DIR> d-------- C:\Program Files\CCleaner
2008-04-09 15:49 . 2008-04-09 15:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Lavasoft
2008-04-08 20:38 . 2008-04-08 20:38 130 --a------ C:\WINDOWS\wininit.ini
2008-04-08 19:17 . 2008-04-08 19:14 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-08 19:17 . 2008-04-08 19:17 2,550 --a------ C:\WINDOWS\unins000.dat
2008-04-08 19:02 . 2008-04-08 19:35 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-08 19:02 . 2008-04-14 18:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2008-04-06 19:01 . 2008-04-06 19:01 <DIR> d-------- C:\Program Files\uTorrent
2008-04-06 19:01 . 2008-04-06 19:03 <DIR> d-------- C:\Documents and Settings\Maša\Data aplikací\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 15:00 --------- d-----w C:\Program Files\Lx_cats
2008-04-25 15:37 --------- d-----w C:\Documents and Settings\Maša\Data aplikací\ICQ
2008-04-25 12:54 --------- d-----w C:\Program Files\Google
2008-04-25 12:52 --------- d-----w C:\Program Files\ICQToolbar
2008-04-20 19:08 --------- d-----w C:\Program Files\ICQ6
2008-04-20 16:32 --------- d-----w C:\Program Files\ICQLite
2008-04-09 14:43 --------- d-----w C:\Documents and Settings\Maša\Data aplikací\ICQ Toolbar
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-09 09:54 --------- d-----w C:\Program Files\Lexmark 2300 Series
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 660,480 ----a-w C:\WINDOWS\system32\wininet.dll
2006-02-02 15:08 914 ----a-w C:\Program Files\INSTALL.LOG
2005-12-21 13:13 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER(2).DAT
2005-12-17 10:52 237,568 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER(3).DAT
.

((((((((((((((((((((((((((((( snapshot@2008-04-29_18.26.51,39 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-29 16:08:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-05 12:40:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-03 10:37:40 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_540.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-23 00:43 413775]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-07-26 19:14 1867776]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-19 16:59 1449984]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 08:07 200704]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 14:05 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 15:36 299008]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 13:36 229376]
"WireLessMouse "="C:\Program Files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 15:54 503808]
"WireLessKeyboard "="C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2005-08-02 23:45 253952]
"wcmdmgr"="C:\WINDOWS\wt\updater\wcmdmgrl.exe" [ ]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 19:48 73728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]

C:\Documents and Settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-09 23:12:54 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26 29696]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-08-27 09:27:17 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"MSACM.CEGSM"= mobilev.acm
"VIDC.ACDV"= ACDV.dll
"VIDC.XVID"= xvid.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\Maša\\Dokumenty\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16316:TCP"= 16316:TCP:BitComet 16316 TCP
"16316:UDP"= 16316:UDP:BitComet 16316 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 13:18]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 17:51:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-05 17:54:54
ComboFix-quarantined-files.txt 2008-05-05 15:53:57
ComboFix2.txt 2008-04-29 16:27:34

Adresářů: 16, Volných bajtů: 9,163,968,512
Adresářů: 19, Volných bajtů: 9,341,452,288

160 --- E O F --- 2008-04-10 06:35:58


hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:50, on 5.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcgjswx.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5034
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Hledej v &Seznamu - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5035
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{20C7BB40-E383-4D71-A9A5-AC08D689DED3}: NameServer = 212.80.64.118,85.93.160.118
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 9109 bytes