Vyskakovanie nežiaducich stranok v novych oknach a ine... Vyřešeno

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
h:\documents and settings\OCO\Local Settings\Application Data\fusioncache.dat
h:\windows\system32\d3d9caps.dat


Folder::
h:\documents and settings\OCO\Local Settings\Application Data\Media Access Startup
h:\documents and settings\OCO\Local Settings\Application Data\Internet Saving Optimizer
h:\documents and settings\OCO\Local Settings\Application Data\DoubleD
h:\documents and settings\MATO\Local Settings\Application Data\Media Access Startup
h:\documents and settings\MATO\Local Settings\Application Data\Internet Saving Optimizer
h:\documents and settings\MATO\Local Settings\Application Data\DoubleD
h:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer
h:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup
h:\documents and settings\All Users\Application Data\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
h:\documents and settings\All Users\Application Data\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
h:\documents and settings\All Users\Application Data\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\Setup.exe
h:\documents and settings\All Users\Application Data\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE
h:\program files\ICQ6Toolbar

Driver::
LMIRfsClientNP;LMIRfsClientNP
LMIRfsClientNP




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[Reklama]

[mischo378]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:37, on 17.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\RTHDCPL.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
H:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
H:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe
H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\ICQ6.5\ICQ.exe
H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
H:\WINDOWS\explorer.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - H:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MI69DF~1\Office12\GRA8E1~1.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - H:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CnxDslTaskBar] "H:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [OpwareSE2] "H:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [egui] "H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "H:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://H:\PROGRA~1\MI69DF~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: S&end to OneNote - res://H:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MI69DF~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2780467734
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7F362D2-BCD1-4121-B8CE-3C045ED5F95C}: NameServer = 195.146.132.58 195.146.128.62
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MI69DF~1\Office12\GR99D3~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - H:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - H:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7722 bytes

[Damned]

Potřebuju ještě ten log z ComboFixu po tom čistícím procesu.

[mischo378]

ako ho mam opat ziskat?? lebo pred chvilou som ho mal lenze sa mi tu cely nezmestil a tak som ti najprv skopiroval ten z HJT

[Damned]

Zabal ho do archívu a rozděl do částí do 512 kb. Nebo ho sem postupně přilož.

[mischo378]

ComboFix 09-07-14.08 - Owner 17.07.2009 18:50.3.2 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2047.1511 [GMT 2:00]
Running from: h:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: h:\documents and settings\Owner\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"h:\documents and settings\OCO\Local Settings\Application Data\fusioncache.dat"
"h:\windows\system32\d3d9caps.dat"
.

((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))
.

2009-07-17 12:43 . 2009-07-17 12:43 -------- d-----w- h:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-17 12:43 . 2009-07-13 11:36 38160 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 12:43 . 2009-07-17 12:43 -------- d-----w- h:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-17 12:43 . 2009-07-13 11:36 19096 ----a-w- h:\windows\system32\drivers\mbam.sys
2009-07-17 12:43 . 2009-07-17 12:43 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2009-07-17 12:14 . 2009-07-17 12:14 -------- d-----w- h:\program files\Trend Micro
2009-07-14 13:23 . 2009-07-14 13:23 -------- d-----w- h:\program files\ESET
2009-07-13 21:34 . 2009-07-13 10:01 3004139 -c--a-w- h:\documents and settings\All Users\Application Data\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\Setup.exe
2009-07-13 21:33 . 2009-07-17 16:08 -------- dc-h--w- h:\documents and settings\All Users\Application Data\{F444439B-B473-48E8-8DE5-4CB929C79A9F}
2009-07-13 21:33 . 2009-07-13 21:33 -------- d-----w- h:\documents and settings\Owner\Local Settings\Application Data\DoubleD
2009-07-11 20:28 . 2009-07-11 20:28 -------- d-----w- h:\documents and settings\MATO\Application Data\PC Suite
2009-07-09 22:19 . 2009-07-09 22:19 -------- d-----w- h:\program files\Autodesk
2009-07-03 21:32 . 2009-07-03 21:32 -------- d-----w- h:\documents and settings\Owner\Application Data\Nokia Multimedia Player
2009-07-03 18:11 . 2009-07-03 18:11 -------- d-----w- h:\documents and settings\OCO\Application Data\PC Suite
2009-07-02 23:07 . 2009-07-02 23:08 -------- d-----w- h:\documents and settings\OCO\Application Data\Canon
2009-07-02 21:53 . 2009-07-02 22:04 -------- d-----w- h:\documents and settings\OCO\Local Settings\Application Data\ApplicationHistory
2009-07-02 21:53 . 2009-07-02 21:53 2550 ----a-r- h:\documents and settings\OCO\Application Data\Microsoft\Installer\{F19D1A6C-E369-44C2-A4FA-0650E1433860}\_16496df1.exe
2009-07-02 21:53 . 2009-07-02 21:53 1078 ----a-r- h:\documents and settings\OCO\Application Data\Microsoft\Installer\{F19D1A6C-E369-44C2-A4FA-0650E1433860}\_bb32ea6.exe
2009-07-02 21:53 . 2009-07-02 21:53 1078 ----a-r- h:\documents and settings\OCO\Application Data\Microsoft\Installer\{F19D1A6C-E369-44C2-A4FA-0650E1433860}\_5af141bb.exe
2009-07-02 21:53 . 2009-07-02 21:53 1078 ----a-r- h:\documents and settings\OCO\Application Data\Microsoft\Installer\{F19D1A6C-E369-44C2-A4FA-0650E1433860}\_26e91eb.exe
2009-07-02 21:53 . 2009-07-02 21:53 1078 ----a-r- h:\documents and settings\OCO\Application Data\Microsoft\Installer\{F19D1A6C-E369-44C2-A4FA-0650E1433860}\_12db153c.exe
2009-07-02 13:48 . 2009-07-02 13:48 -------- d-----w- h:\documents and settings\OCO\Local Settings\Application Data\vdownloader
2009-06-30 20:19 . 2009-06-30 20:19 -------- d-sh--w- h:\documents and settings\MATO\IECompatCache
2009-06-29 19:47 . 2009-06-29 19:47 -------- d-----w- h:\documents and settings\MATO\Local Settings\Application Data\Adobe
2009-06-29 14:43 . 2009-06-29 14:44 -------- d-----w- h:\documents and settings\OCO\Local Settings\Application Data\Adobe
2009-06-28 20:08 . 2009-06-28 20:08 -------- d-----w- h:\documents and settings\Owner\WINDOWS
2009-06-28 18:56 . 2009-06-28 18:56 -------- d-----w- h:\documents and settings\Owner\Local Settings\Application Data\vdownloader
2009-06-28 18:56 . 2009-06-28 18:56 -------- d-----w- h:\documents and settings\Owner\Application Data\Desktopicon
2009-06-28 18:56 . 2009-06-28 18:56 -------- d-----w- h:\program files\VDOWNLOADER
2009-06-26 19:03 . 2009-06-26 19:03 -------- d-----w- h:\program files\Total Video Player
2009-06-26 18:46 . 2009-03-25 09:52 51200 ----a-w- h:\documents and settings\MATO\Application Data\Mozilla\Firefox\Profiles\xcrdgjw3.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFExternalAlert.dll
2009-06-26 18:46 . 2009-03-25 09:52 114688 ----a-w- h:\documents and settings\MATO\Application Data\Mozilla\Firefox\Profiles\xcrdgjw3.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\npmozax.dll
2009-06-25 11:32 . 2009-06-27 20:27 71152 ----a-w- h:\documents and settings\OCO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 11:30 . 2009-06-25 11:45 -------- d-----w- H:\WHOkna
2009-06-24 18:16 . 2009-06-24 18:16 -------- d-----w- h:\documents and settings\MATO\Local Settings\Application Data\Mozilla
2009-06-24 18:12 . 2009-06-24 18:12 -------- d-----w- h:\documents and settings\OCO\Application Data\ICQ
2009-06-24 18:09 . 2009-06-24 18:09 -------- d-sh--w- h:\documents and settings\OCO\PrivacIE
2009-06-23 14:32 . 2009-06-23 14:32 -------- d-sh--w- h:\documents and settings\Default User\IETldCache
2009-06-22 19:32 . 2006-10-26 17:56 32592 ----a-w- h:\windows\system32\msonpmon.dll
2009-06-22 19:31 . 2009-06-22 19:31 -------- d-----w- h:\program files\Microsoft Works
2009-06-22 19:31 . 2009-06-22 19:31 -------- d-----w- h:\program files\MSBuild
2009-06-22 19:29 . 2009-06-22 19:29 -------- d-----w- h:\program files\Microsoft Visual Studio 8
2009-06-22 19:29 . 2009-06-22 19:31 -------- d-----w- h:\program files\Microsoft Office 2007
2009-06-22 14:51 . 2009-06-22 14:51 -------- d-sh--w- h:\documents and settings\NetworkService\IETldCache
2009-06-21 14:10 . 2009-06-21 14:10 -------- d-----w- h:\documents and settings\Owner\Application Data\Ahead
2009-06-21 14:09 . 2001-06-26 06:15 38912 ----a-r- h:\windows\system32\picn20.dll
2009-06-21 14:08 . 2001-07-06 16:24 283920 ----a-r- h:\windows\system32\ImagXpr5.dll
2009-06-21 14:08 . 2001-07-06 12:41 569344 ----a-r- h:\windows\system32\imagr5.dll
2009-06-21 14:08 . 2001-07-06 10:44 544768 ----a-r- h:\windows\system32\imagx5.dll
2009-06-21 14:08 . 2009-06-21 14:08 -------- d-----w- h:\program files\Common Files\Ahead
2009-06-21 14:08 . 2001-07-09 09:50 155648 ----a-r- h:\windows\system32\NeroCheck.exe
2009-06-21 14:08 . 2009-06-21 14:09 -------- d-----w- h:\program files\Ahead
2009-06-21 13:51 . 2001-08-17 20:36 5632 ----a-w- h:\windows\system32\ptpusb.dll
2009-06-21 13:51 . 2008-04-14 00:12 159232 ----a-w- h:\windows\system32\ptpusd.dll
2009-06-20 18:47 . 2009-06-20 21:39 -------- d-----w- h:\documents and settings\Owner\Local Settings\Application Data\Google
2009-06-20 07:26 . 2009-06-20 07:27 -------- d-----w- h:\program files\Wise Registry Cleaner
2009-06-19 14:54 . 2009-06-19 14:51 15688 ----a-w- h:\windows\system32\lsdelete.exe
2009-06-19 14:53 . 2009-06-20 06:32 -------- d---a-w- h:\documents and settings\All Users\Application Data\TEMP
2009-06-19 14:49 . 2009-06-19 14:49 -------- dc-h--w- h:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-19 14:49 . 2009-03-12 08:17 2902048 -c--a-w- h:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-19 14:49 . 2009-06-19 14:51 -------- d-----w- h:\documents and settings\All Users\Application Data\Lavasoft
2009-06-19 14:49 . 2009-06-19 14:49 -------- d-----w- h:\program files\Lavasoft
2009-06-19 12:30 . 2009-06-19 12:30 -------- d-----w- h:\program files\CCleaner
2009-06-19 12:16 . 2009-07-17 16:38 -------- d-----w- h:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-19 12:16 . 2009-06-19 12:17 -------- d-----w- h:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 19:44 . 2009-05-21 17:59 -------- d-----w- h:\documents and settings\Owner\Application Data\Canon
2009-07-15 17:55 . 2009-05-25 22:13 -------- d-----w- h:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-14 08:35 . 2009-05-27 18:00 66872 ----a-w- h:\windows\system32\PnkBstrA.exe
2009-07-11 10:02 . 2009-05-21 18:30 71152 ----a-w- h:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-10 15:17 . 2009-06-19 14:51 25440 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-10 15:17 . 2009-06-19 14:51 1630560 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-10 15:17 . 2009-06-19 14:51 2353480 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-03 14:51 . 2009-06-19 14:51 314712 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-03 14:51 . 2009-06-19 14:51 169312 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-03 14:51 . 2009-06-19 14:51 84832 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-03 08:52 . 2009-05-25 20:00 8192 ----a-w- h:\documents and settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstCCD.exe
2009-07-03 08:52 . 2009-05-25 20:00 61440 ----a-w- h:\documents and settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-03 08:52 . 2009-05-25 20:00 10240 ----a-w- h:\documents and settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCS.exe
2009-06-29 14:57 . 2009-06-19 14:51 348496 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-29 14:56 . 2009-06-19 14:51 298336 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-29 14:55 . 2009-06-19 14:51 246128 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-29 14:55 . 2009-06-19 14:51 40288 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-29 14:55 . 2009-06-19 14:51 85352 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-29 14:55 . 2009-06-19 14:51 664424 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-29 14:54 . 2009-06-19 14:51 563064 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-29 14:54 . 2009-06-19 14:51 566632 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-29 14:52 . 2009-06-19 14:51 629072 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-29 14:52 . 2009-06-19 14:51 520024 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-29 14:51 . 2009-06-19 14:51 1029456 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-22 19:31 . 2009-06-02 12:12 -------- d-----w- h:\program files\Microsoft.NET
2009-06-19 14:51 . 2009-06-19 14:51 15688 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-19 14:51 . 2009-06-19 14:51 64160 ----a-w- h:\windows\system32\drivers\Lbd.sys
2009-06-19 14:51 . 2009-06-19 14:51 64160 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-19 10:50 . 2009-06-02 12:46 -------- d-----w- h:\program files\LogMeIn
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- h:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- h:\windows\system32\t2embed.dll
2009-06-13 20:50 . 2009-05-21 17:46 -------- d-----w- h:\documents and settings\Owner\Application Data\ICQ
2009-06-13 08:50 . 2009-05-27 18:00 138184 ----a-w- h:\windows\system32\drivers\PnkBstrK.sys
2009-06-13 08:49 . 2009-05-27 17:55 183112 ----a-w- h:\windows\system32\PnkBstrB.exe
2009-06-05 15:23 . 2009-06-05 15:23 22328 ----a-w- h:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-06-05 15:23 . 2009-06-05 15:23 22328 ----a-w- h:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-06-05 15:22 . 2009-06-05 15:22 682280 ----a-w- h:\windows\system32\pbsvc.exe
2009-06-05 15:22 . 2009-03-26 22:51 -------- d--h--w- h:\program files\InstallShield Installation Information
2009-06-05 15:18 . 2009-06-05 15:18 -------- d-----w- h:\program files\Activision
2009-06-04 15:59 . 2009-06-04 15:59 -------- d-----w- h:\program files\Microsoft Silverlight
2009-06-03 20:07 . 2009-06-02 12:10 -------- d-----w- h:\program files\Microsoft SQL Server
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- h:\windows\system32\quartz.dll
2009-06-02 12:46 . 2009-06-02 12:46 -------- d-----w- h:\documents and settings\All Users\Application Data\LogMeIn
2009-06-02 12:11 . 2009-06-02 12:11 -------- d-----w- h:\program files\MSXML 6.0
2009-06-02 12:06 . 2009-06-02 12:06 -------- d-----w- h:\program files\Winkhaus
2009-05-27 17:52 . 2009-05-27 17:52 -------- d-----w- h:\documents and settings\Owner\Application Data\Leadertech
2009-05-27 17:43 . 2009-06-02 12:48 162510 ----a-w- h:\windows\pchealth\helpctr\Config\Cache\Personal_32_1051.dat
2009-05-26 21:15 . 2009-05-26 21:12 410984 ----a-w- h:\windows\system32\deploytk.dll
2009-05-26 21:15 . 2009-05-26 21:15 -------- d-----w- h:\program files\Java
2009-05-26 21:14 . 2009-05-26 21:12 152576 ----a-w- h:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-26 13:16 . 2009-05-26 13:16 -------- d-----w- h:\documents and settings\Owner\Application Data\Nero
2009-05-26 13:15 . 2009-05-26 13:15 -------- d-----w- h:\program files\Common Files\Nero
2009-05-26 13:15 . 2009-05-26 13:15 -------- d-----w- h:\documents and settings\All Users\Application Data\Nero
2009-05-26 11:43 . 2009-05-26 11:19 -------- d-----w- h:\documents and settings\All Users\Application Data\Avira
2009-05-26 11:22 . 2009-05-26 11:19 55640 ----a-w- h:\windows\system32\drivers\avgntflt.sys
2009-05-25 22:15 . 2009-05-25 22:15 -------- d-----w- h:\program files\Microsoft Sync Framework
2009-05-25 22:14 . 2009-05-25 22:14 -------- d-----w- h:\program files\Microsoft Analysis Services
2009-05-25 20:06 . 2009-05-25 20:04 -------- d-----w- h:\documents and settings\Owner\Application Data\Nokia
2009-05-25 20:04 . 2009-05-25 20:04 -------- d-----w- h:\documents and settings\All Users\Application Data\PC Suite
2009-05-25 20:03 . 2009-05-25 20:03 -------- d-----w- h:\program files\Common Files\PCSuite
2009-05-25 20:03 . 2009-05-25 20:03 -------- d-----w- h:\program files\Common Files\Nokia
2009-05-25 20:03 . 2009-05-25 20:03 -------- d-----w- h:\program files\Nokia
2009-05-25 20:03 . 2009-05-25 20:03 -------- d-----w- h:\program files\DIFX
2009-05-25 20:03 . 2009-05-25 20:03 -------- d-----w- h:\documents and settings\Owner\Application Data\PC Suite
2009-05-25 20:03 . 2009-05-25 20:03 -------- d-----w- h:\program files\PC Connectivity Solution
2009-05-25 20:00 . 2009-05-25 19:59 -------- d-----w- h:\documents and settings\All Users\Application Data\Installations
2009-05-22 05:09 . 2009-05-21 18:43 -------- d-----w- h:\program files\NOS
2009-05-22 05:09 . 2009-05-21 18:43 -------- d-----w- h:\documents and settings\All Users\Application Data\NOS
2009-05-21 18:47 . 2009-05-21 18:47 -------- d-----w- h:\program files\Common Files\Adobe AIR
2009-05-21 18:47 . 2009-05-21 18:47 -------- d-----w- h:\program files\Common Files\Adobe
2009-05-21 17:49 . 2009-05-21 17:46 -------- d-----w- h:\program files\ICQ6.5
2009-05-21 17:47 . 2009-05-21 17:47 -------- d-----w- h:\documents and settings\All Users\Application Data\ICQ
2009-05-21 17:30 . 2009-05-21 17:30 0 ----a-w- h:\windows\nsreg.dat
2009-05-21 17:21 . 2009-05-21 17:21 -------- d-----w- h:\documents and settings\All Users\Application Data\ESET
2009-05-21 15:16 . 2009-05-21 15:16 -------- d-----w- h:\documents and settings\All Users\Application Data\ScanSoft
2009-05-21 15:15 . 2009-05-21 15:15 -------- d--h--w- h:\documents and settings\All Users\Application Data\CanonBJ
2009-05-21 15:13 . 2009-05-21 15:13 -------- d-----w- h:\documents and settings\Owner\Application Data\ScanSoft
2009-05-21 15:13 . 2009-05-21 15:13 -------- d-----w- h:\documents and settings\All Users\Application Data\SSScanWizard
2009-05-21 15:13 . 2009-05-21 15:13 -------- d-----w- h:\documents and settings\All Users\Application Data\SSScanAppDataDir
2009-05-21 15:13 . 2009-05-21 15:13 -------- d-----w- h:\program files\Common Files\ScanSoft Shared
2009-05-21 15:13 . 2009-05-21 15:13 -------- d-----w- h:\program files\ScanSoft
2009-05-21 15:11 . 2009-05-21 15:11 -------- d-----w- h:\program files\ArcSoft
2009-05-21 15:11 . 2009-03-26 22:51 -------- d-----w- h:\program files\Common Files\InstallShield
2009-05-21 15:10 . 2009-05-21 15:08 -------- d-----w- h:\program files\Canon
2009-05-21 14:59 . 2009-05-21 14:59 -------- d-----w- h:\program files\Microcom
2009-05-20 09:37 . 2009-03-26 22:41 5110 ----a-w- h:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-05-20 09:37 . 2009-03-26 22:41 147275 ----a-w- h:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-20 09:10 . 2009-03-26 22:41 8972 ----a-w- h:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-05-20 00:24 . 2009-05-20 00:24 -------- d-----w- h:\program files\Common Files\Wise Installation Wizard
2009-05-20 00:13 . 2009-05-20 00:13 -------- d-----w- h:\program files\SystemRequirementsLab
2009-05-19 23:51 . 2009-05-19 23:51 -------- d-----w- h:\documents and settings\Owner\Application Data\TMP
2009-05-19 23:49 . 2009-05-19 23:49 -------- d-----w- h:\program files\Intel
2009-05-14 13:49 . 2009-05-14 13:49 94360 ----a-w- h:\windows\system32\drivers\epfwtdir.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- h:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w- h:\windows\system32\drivers\eamon.sys
2009-05-13 05:15 . 2009-06-12 10:52 915456 ----a-w- h:\windows\system32\SETF73.tmp
2009-05-13 05:15 . 2009-06-12 10:52 915456 ------w- h:\windows\system32\SET505.tmp
2009-05-13 05:15 . 2009-06-12 10:52 5936128 ----a-w- h:\windows\system32\SETF75.tmp
2009-05-13 05:15 . 2009-06-12 10:52 5936128 ------w- h:\windows\system32\SET507.tmp
2009-05-13 05:15 . 2004-08-04 12:00 915456 ----a-w- h:\windows\system32\wininet.dll
2009-06-12 15:49 . 2009-05-21 17:30 134648 ----a-w- h:\program files\mozilla firefox\components\brwsrcmp.dll
.

[mischo378]

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-04-08 14:05 739688 ----a-w- h:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ICQ"="h:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"CnxDslTaskBar"="h:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" [2004-06-16 233472]
"OpwareSE2"="h:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"GrooveMonitor"="h:\program files\Microsoft Office 2007\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"PCSuiteTrayApplication"="h:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"egui"="h:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"RTHDCPL"="RTHDCPL.EXE" - h:\windows\RTHDCPL.exe [2007-12-20 16860672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="h:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- h:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=h:\documents and settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=h:\windows\pss\OfficeSAS.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"PnkBstrA"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
"ose"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"IDriverT"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"h:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"h:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"h:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"h:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"h:\\Program Files\\ICQ6.5\\ICQ.exe"=

R0 Lbd;Lbd;h:\windows\system32\drivers\Lbd.sys [19.6.2009 16:51 64160]
R1 ehdrv;ehdrv;h:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;h:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R2 ekrn;ESET Service;h:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 LMIInfo;LogMeIn Kernel Information Provider;h:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 18:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;h:\windows\system32\drivers\LMIRfsDriver.sys [2.6.2009 14:46 47640]
R2 osppsvc;Office Software Protection Platform;h:\windows\system32\OSPPSVC.EXE [8.4.2009 15:37 4319136]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;h:\windows\system32\drivers\CnxEtP.sys [21.5.2009 16:59 131072]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;h:\windows\system32\drivers\CnxEtU.sys [21.5.2009 16:59 614272]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;h:\windows\system32\drivers\CnxTgNP.sys [21.5.2009 17:06 60416]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;h:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 21:06 1029456]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"h:\windows\system32\rundll32.exe" "h:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-17 h:\windows\Tasks\Ad-Aware Update (Weekly).job
- h:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:54]

2009-07-16 h:\windows\Tasks\User_Feed_Synchronization-{EE3D0329-82FC-4E41-B081-D7E1CB458182}.job
- h:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - h:\progra~1\MI69DF~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - h:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - h:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - h:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - h:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: S&end to OneNote - h:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - h:\program files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
FF - ProfilePath - h:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5z61w0zz.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - trueh:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-17 18:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
h:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(1976)
h:\windows\system32\WININET.dll
h:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
h:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
h:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1833_x-ww_5ef082d6\MSVCR80.dll
h:\windows\system32\ieframe.dll
h:\windows\system32\webcheck.dll
.
Completion time: 2009-07-17 18:52
ComboFix-quarantined-files.txt 2009-07-17 16:52
ComboFix2.txt 2009-07-17 16:11
ComboFix3.txt 2009-07-17 13:42

Pre-Run: 25 333 604 352 bytes free
Post-Run: 7 adresárov, 25 321 574 400 voľných bajtov

299 --- E O F --- 2009-07-15 17:55

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
h:\windows\system32\SETF73.tmp
h:\windows\system32\SET505.tmp
h:\windows\system32\SETF75.tmp
h:\windows\system32\SET507.tmp

Folder::
h:\windows\system32\SETF73.tmp
h:\windows\system32\SET505.tmp
h:\windows\system32\SETF75.tmp
h:\windows\system32\SET507.tmp




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[mischo378]

ComboFix 09-07-14.08 - Owner 17.07.2009 19:15.4.2 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2047.1486 [GMT 2:00]
Running from: h:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: h:\documents and settings\Owner\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"h:\windows\system32\SET505.tmp"
"h:\windows\system32\SET507.tmp"
"h:\windows\system32\SETF73.tmp"
"h:\windows\system32\SETF75.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\windows\system32\SET505.tmp
h:\windows\system32\SET507.tmp
h:\windows\system32\SETF73.tmp
h:\windows\system32\SETF75.tmp

.
((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))
.

2009-07-17 12:43 . 2009-07-17 12:43 -------- d-----w- h:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-17 12:43 . 2009-07-13 11:36 38160 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 12:43 . 2009-07-17 12:43 -------- d-----w- h:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-17 12:43 . 2009-07-13 11:36 19096 ----a-w- h:\windows\system32\drivers\mbam.sys
2009-07-17 12:43 . 2009-07-17 12:43 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2009-07-17 12:14 . 2009-07-17 12:14 -------- d-----w- h:\program files\Trend Micro
2009-07-14 13:23 . 2009-07-14 13:23 -------- d-----w- h:\program files\ESET
2009-07-13 21:34 . 2009-07-13 10:01 3004139 -c--a-w- h:\documents and settings\All Users\Application Data\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\Setup.exe
2009-07-13 21:33 . 2009-07-17 16:08 -------- dc-h--w- h:\documents and settings\All Users\Application Data\{F444439B-B473-48E8-8DE5-4CB929C79A9F}
2009-07-13 21:33 . 2009-07-13 21:33 -------- d-----w- h:\documents and settings\Owner\Local Settings\Application Data\DoubleD
2009-07-11 20:28 . 2009-07-11 20:28 -------- d-----w- h:\documents and settings\MATO\Application Data\PC Suite
2009-07-09 22:19 . 2009-07-09 22:19 -------- d-----w- h:\program files\Autodesk
2009-07-03 21:32 . 2009-07-03 21:32 -------- d-----w- h:\documents and settings\Owner\Application Data\Nokia Multimedia Player
2009-07-03 18:11 . 2009-07-03 18:11 -------- d-----w- h:\documents and settings\OCO\Application Data\PC Suite
2009-07-02 23:07 . 2009-07-02 23:08 -------- d-----w- h:\documents and settings\OCO\Application Data\Canon
2009-07-02 21:53 . 2009-07-02 22:04 -------- d-----w- h:\documents and settings\OCO\Local Settings\Application Data\ApplicationHistory
2009-07-02 21:53 . 2009-07-02 21:53 2550 ----a-r- h:\documents and settings\OCO\Application Data\Microsoft\Installer\{F19D1A6C-E369-44C2-A4FA-0650E1433860}\_16496df1.exe
2009-07-02 21:53 . 2009-07-02 21:53 1078 ----a-r- h:\documents and settings\OCO\Application Data\Microsoft\Installer\{F19D1A6C-E369-44C2-A4FA-0650E1433860}\_bb32ea6.exe
2009-07-02 21:53 . 2009-07-02 21:53 1078 ----a-r- h:\documents and settings\OCO\Application Data\Microsoft\Installer\{F19D1A6C-E369-44C2-A4FA-0650E1433860}\_5af141bb.exe
2009-07-02 21:53 . 2009-07-02 21:53 1078 ----a-r- h:\documents and settings\OCO\Application Data\Microsoft\Installer\{F19D1A6C-E369-44C2-A4FA-0650E1433860}\_26e91eb.exe
2009-07-02 21:53 . 2009-07-02 21:53 1078 ----a-r- h:\documents and settings\OCO\Application Data\Microsoft\Installer\{F19D1A6C-E369-44C2-A4FA-0650E1433860}\_12db153c.exe
2009-07-02 13:48 . 2009-07-02 13:48 -------- d-----w- h:\documents and settings\OCO\Local Settings\Application Data\vdownloader
2009-06-30 20:19 . 2009-06-30 20:19 -------- d-sh--w- h:\documents and settings\MATO\IECompatCache
2009-06-29 19:47 . 2009-06-29 19:47 -------- d-----w- h:\documents and settings\MATO\Local Settings\Application Data\Adobe
2009-06-29 14:43 . 2009-06-29 14:44 -------- d-----w- h:\documents and settings\OCO\Local Settings\Application Data\Adobe
2009-06-28 20:08 . 2009-06-28 20:08 -------- d-----w- h:\documents and settings\Owner\WINDOWS
2009-06-28 18:56 . 2009-06-28 18:56 -------- d-----w- h:\documents and settings\Owner\Local Settings\Application Data\vdownloader
2009-06-28 18:56 . 2009-06-28 18:56 -------- d-----w- h:\documents and settings\Owner\Application Data\Desktopicon
2009-06-28 18:56 . 2009-06-28 18:56 -------- d-----w- h:\program files\VDOWNLOADER
2009-06-26 19:03 . 2009-06-26 19:03 -------- d-----w- h:\program files\Total Video Player
2009-06-26 18:46 . 2009-03-25 09:52 51200 ----a-w- h:\documents and settings\MATO\Application Data\Mozilla\Firefox\Profiles\xcrdgjw3.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFExternalAlert.dll
2009-06-26 18:46 . 2009-03-25 09:52 114688 ----a-w- h:\documents and settings\MATO\Application Data\Mozilla\Firefox\Profiles\xcrdgjw3.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\npmozax.dll
2009-06-25 11:32 . 2009-06-27 20:27 71152 ----a-w- h:\documents and settings\OCO\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 11:30 . 2009-06-25 11:45 -------- d-----w- H:\WHOkna
2009-06-24 18:16 . 2009-06-24 18:16 -------- d-----w- h:\documents and settings\MATO\Local Settings\Application Data\Mozilla
2009-06-24 18:12 . 2009-06-24 18:12 -------- d-----w- h:\documents and settings\OCO\Application Data\ICQ
2009-06-24 18:09 . 2009-06-24 18:09 -------- d-sh--w- h:\documents and settings\OCO\PrivacIE
2009-06-23 14:32 . 2009-06-23 14:32 -------- d-sh--w- h:\documents and settings\Default User\IETldCache
2009-06-22 19:32 . 2006-10-26 17:56 32592 ----a-w- h:\windows\system32\msonpmon.dll
2009-06-22 19:31 . 2009-06-22 19:31 -------- d-----w- h:\program files\Microsoft Works
2009-06-22 19:31 . 2009-06-22 19:31 -------- d-----w- h:\program files\MSBuild
2009-06-22 19:29 . 2009-06-22 19:29 -------- d-----w- h:\program files\Microsoft Visual Studio 8
2009-06-22 19:29 . 2009-06-22 19:31 -------- d-----w- h:\program files\Microsoft Office 2007
2009-06-22 14:51 . 2009-06-22 14:51 -------- d-sh--w- h:\documents and settings\NetworkService\IETldCache
2009-06-21 14:10 . 2009-06-21 14:10 -------- d-----w- h:\documents and settings\Owner\Application Data\Ahead
2009-06-21 14:09 . 2001-06-26 06:15 38912 ----a-r- h:\windows\system32\picn20.dll
2009-06-21 14:08 . 2001-07-06 16:24 283920 ----a-r- h:\windows\system32\ImagXpr5.dll
2009-06-21 14:08 . 2001-07-06 12:41 569344 ----a-r- h:\windows\system32\imagr5.dll
2009-06-21 14:08 . 2001-07-06 10:44 544768 ----a-r- h:\windows\system32\imagx5.dll
2009-06-21 14:08 . 2009-06-21 14:08 -------- d-----w- h:\program files\Common Files\Ahead
2009-06-21 14:08 . 2001-07-09 09:50 155648 ----a-r- h:\windows\system32\NeroCheck.exe
2009-06-21 14:08 . 2009-06-21 14:09 -------- d-----w- h:\program files\Ahead
2009-06-21 13:51 . 2001-08-17 20:36 5632 ----a-w- h:\windows\system32\ptpusb.dll
2009-06-21 13:51 . 2008-04-14 00:12 159232 ----a-w- h:\windows\system32\ptpusd.dll
2009-06-20 18:47 . 2009-06-20 21:39 -------- d-----w- h:\documents and settings\Owner\Local Settings\Application Data\Google
2009-06-20 07:26 . 2009-06-20 07:27 -------- d-----w- h:\program files\Wise Registry Cleaner
2009-06-19 14:54 . 2009-06-19 14:51 15688 ----a-w- h:\windows\system32\lsdelete.exe
2009-06-19 14:53 . 2009-06-20 06:32 -------- d---a-w- h:\documents and settings\All Users\Application Data\TEMP
2009-06-19 14:49 . 2009-06-19 14:49 -------- dc-h--w- h:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-19 14:49 . 2009-03-12 08:17 2902048 -c--a-w- h:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-19 14:49 . 2009-06-19 14:51 -------- d-----w- h:\documents and settings\All Users\Application Data\Lavasoft
2009-06-19 14:49 . 2009-06-19 14:49 -------- d-----w- h:\program files\Lavasoft
2009-06-19 12:30 . 2009-06-19 12:30 -------- d-----w- h:\program files\CCleaner
2009-06-19 12:16 . 2009-07-17 16:38 -------- d-----w- h:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-19 12:16 . 2009-06-19 12:17 -------- d-----w- h:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 19:44 . 2009-05-21 17:59 -------- d-----w- h:\documents and settings\Owner\Application Data\Canon
2009-07-15 17:55 . 2009-05-25 22:13 -------- d-----w- h:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-14 08:35 . 2009-05-27 18:00 66872 ----a-w- h:\windows\system32\PnkBstrA.exe
2009-07-11 10:02 . 2009-05-21 18:30 71152 ----a-w- h:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-10 15:17 . 2009-06-19 14:51 25440 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-10 15:17 . 2009-06-19 14:51 1630560 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-10 15:17 . 2009-06-19 14:51 2353480 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-03 14:51 . 2009-06-19 14:51 314712 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-03 14:51 . 2009-06-19 14:51 169312 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-03 14:51 . 2009-06-19 14:51 84832 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-03 08:52 . 2009-05-25 20:00 8192 ----a-w- h:\documents and settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstCCD.exe
2009-07-03 08:52 . 2009-05-25 20:00 61440 ----a-w- h:\documents and settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-03 08:52 . 2009-05-25 20:00 10240 ----a-w- h:\documents and settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCS.exe
2009-06-29 14:57 . 2009-06-19 14:51 348496 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-29 14:56 . 2009-06-19 14:51 298336 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-29 14:55 . 2009-06-19 14:51 246128 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-29 14:55 . 2009-06-19 14:51 40288 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-29 14:55 . 2009-06-19 14:51 85352 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-29 14:55 . 2009-06-19 14:51 664424 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-29 14:54 . 2009-06-19 14:51 563064 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-29 14:54 . 2009-06-19 14:51 566632 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-29 14:52 . 2009-06-19 14:51 629072 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-29 14:52 . 2009-06-19 14:51 520024 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-29 14:51 . 2009-06-19 14:51 1029456 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-22 19:31 . 2009-06-02 12:12 -------- d-----w- h:\program files\Microsoft.NET
2009-06-19 14:51 . 2009-06-19 14:51 15688 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-19 14:51 . 2009-06-19 14:51 64160 ----a-w- h:\windows\system32\drivers\Lbd.sys
2009-06-19 14:51 . 2009-06-19 14:51 64160 ----a-w- h:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-19 10:50 . 2009-06-02 12:46 -------- d-----w- h:\program files\LogMeIn
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- h:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- h:\windows\system32\t2embed.dll
2009-06-13 20:50 . 2009-05-21 17:46 -------- d-----w- h:\documents and settings\Owner\Application Data\ICQ
2009-06-13 08:50 . 2009-05-27 18:00 138184 ----a-w- h:\windows\system32\drivers\PnkBstrK.sys
2009-06-13 08:49 . 2009-05-27 17:55 183112 ----a-w- h:\windows\system32\PnkBstrB.exe
2009-06-05 15:23 . 2009-06-05 15:23 22328 ----a-w- h:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-06-05 15:23 . 2009-06-05 15:23 22328 ----a-w- h:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-06-05 15:22 . 2009-06-05 15:22 682280 ----a-w- h:\windows\system32\pbsvc.exe
2009-06-05 15:22 . 2009-03-26 22:51 -------- d--h--w- h:\program files\InstallShield Installation Information
2009-06-05 15:18 . 2009-06-05 15:18 -------- d-----w- h:\program files\Activision
2009-06-04 15:59 . 2009-06-04 15:59 -------- d-----w- h:\program files\Microsoft Silverlight
2009-06-03 20:07 . 2009-06-02 12:10 -------- d-----w- h:\program files\Microsoft SQL Server
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- h:\windows\system32\quartz.dll
2009-06-02 12:46 . 2009-06-02 12:46 -------- d-----w- h:\documents and settings\All Users\Application Data\LogMeIn
2009-06-02 12:11 . 2009-06-02 12:11 -------- d-----w- h:\program files\MSXML 6.0
2009-06-02 12:06 . 2009-06-02 12:06 -------- d-----w- h:\program files\Winkhaus
2009-05-27 17:52 . 2009-05-27 17:52 -------- d-----w- h:\documents and settings\Owner\Application Data\Leadertech
2009-05-27 17:43 . 2009-06-02 12:48 162510 ----a-w- h:\windows\pchealth\helpctr\Config\Cache\Personal_32_1051.dat
2009-05-26 21:15 . 2009-05-26 21:12 410984 ----a-w- h:\windows\system32\deploytk.dll
2009-05-26 21:15 . 2009-05-26 21:15 -------- d-----w- h:\program files\Java
2009-05-26 21:14 . 2009-05-26 21:12 152576 ----a-w- h:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-26 13:16 . 2009-05-26 13:16 -------- d-----w- h:\documents and settings\Owner\Application Data\Nero
2009-05-26 13:15 . 2009-05-26 13:15 -------- d-----w- h:\program files\Common Files\Nero
2009-05-26 13:15 . 2009-05-26 13:15 -------- d-----w- h:\documents and settings\All Users\Application Data\Nero
2009-05-26 11:43 . 2009-05-26 11:19 -------- d-----w- h:\documents and settings\All Users\Application Data\Avira
2009-05-26 11:22 . 2009-05-26 11:19 55640 ----a-w- h:\windows\system32\drivers\avgntflt.sys
2009-05-25 22:15 . 2009-05-25 22:15 -------- d-----w- h:\program files\Microsoft Sync Framework
2009-05-25 22:14 . 2009-05-25 22:14 -------- d-----w- h:\program files\Microsoft Analysis Services
2009-05-25 20:06 . 2009-05-25 20:04 -------- d-----w- h:\documents and settings\Owner\Application Data\Nokia
2009-05-25 20:04 . 2009-05-25 20:04 -------- d-----w- h:\documents and settings\All Users\Application Data\PC Suite
2009-05-25 20:03 . 2009-05-25 20:03 -------- d-----w- h:\program files\Common Files\PCSuite
2009-05-25 20:03 . 2009-05-25 20:03 -------- d-----w- h:\program files\Common Files\Nokia
2009-05-25 20:03 . 2009-05-25 20:03 -------- d-----w- h:\program files\Nokia
2009-05-25 20:03 . 2009-05-25 20:03 -------- d-----w- h:\program files\DIFX
2009-05-25 20:03 . 2009-05-25 20:03 -------- d-----w- h:\documents and settings\Owner\Application Data\PC Suite
2009-05-25 20:03 . 2009-05-25 20:03 -------- d-----w- h:\program files\PC Connectivity Solution
2009-05-25 20:00 . 2009-05-25 19:59 -------- d-----w- h:\documents and settings\All Users\Application Data\Installations
2009-05-22 05:09 . 2009-05-21 18:43 -------- d-----w- h:\program files\NOS
2009-05-22 05:09 . 2009-05-21 18:43 -------- d-----w- h:\documents and settings\All Users\Application Data\NOS
2009-05-21 18:47 . 2009-05-21 18:47 -------- d-----w- h:\program files\Common Files\Adobe AIR
2009-05-21 18:47 . 2009-05-21 18:47 -------- d-----w- h:\program files\Common Files\Adobe
2009-05-21 17:49 . 2009-05-21 17:46 -------- d-----w- h:\program files\ICQ6.5
2009-05-21 17:47 . 2009-05-21 17:47 -------- d-----w- h:\documents and settings\All Users\Application Data\ICQ
2009-05-21 17:30 . 2009-05-21 17:30 0 ----a-w- h:\windows\nsreg.dat
2009-05-21 17:21 . 2009-05-21 17:21 -------- d-----w- h:\documents and settings\All Users\Application Data\ESET
2009-05-21 15:16 . 2009-05-21 15:16 -------- d-----w- h:\documents and settings\All Users\Application Data\ScanSoft
2009-05-21 15:15 . 2009-05-21 15:15 -------- d--h--w- h:\documents and settings\All Users\Application Data\CanonBJ
2009-05-21 15:13 . 2009-05-21 15:13 -------- d-----w- h:\documents and settings\Owner\Application Data\ScanSoft
2009-05-21 15:13 . 2009-05-21 15:13 -------- d-----w- h:\documents and settings\All Users\Application Data\SSScanWizard
2009-05-21 15:13 . 2009-05-21 15:13 -------- d-----w- h:\documents and settings\All Users\Application Data\SSScanAppDataDir
2009-05-21 15:13 . 2009-05-21 15:13 -------- d-----w- h:\program files\Common Files\ScanSoft Shared
2009-05-21 15:13 . 2009-05-21 15:13 -------- d-----w- h:\program files\ScanSoft
2009-05-21 15:11 . 2009-05-21 15:11 -------- d-----w- h:\program files\ArcSoft
2009-05-21 15:11 . 2009-03-26 22:51 -------- d-----w- h:\program files\Common Files\InstallShield
2009-05-21 15:10 . 2009-05-21 15:08 -------- d-----w- h:\program files\Canon
2009-05-21 14:59 . 2009-05-21 14:59 -------- d-----w- h:\program files\Microcom
2009-05-20 09:37 . 2009-03-26 22:41 5110 ----a-w- h:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-05-20 09:37 . 2009-03-26 22:41 147275 ----a-w- h:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-20 09:10 . 2009-03-26 22:41 8972 ----a-w- h:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-05-20 00:24 . 2009-05-20 00:24 -------- d-----w- h:\program files\Common Files\Wise Installation Wizard
2009-05-20 00:13 . 2009-05-20 00:13 -------- d-----w- h:\program files\SystemRequirementsLab
2009-05-19 23:51 . 2009-05-19 23:51 -------- d-----w- h:\documents and settings\Owner\Application Data\TMP
2009-05-19 23:49 . 2009-05-19 23:49 -------- d-----w- h:\program files\Intel
2009-05-14 13:49 . 2009-05-14 13:49 94360 ----a-w- h:\windows\system32\drivers\epfwtdir.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- h:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w- h:\windows\system32\drivers\eamon.sys
2009-05-13 05:15 . 2004-08-04 12:00 915456 ----a-w- h:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- h:\windows\system32\localspl.dll
2009-04-30 22:31 . 2009-04-30 22:31 1657376 ----a-w- h:\windows\system32\nwiz.exe
2009-04-30 22:31 . 2009-04-30 22:31 449056 ----a-w- h:\windows\system32\nvappbar.exe
2009-04-30 22:31 . 2009-04-30 22:31 436768 ----a-w- h:\windows\system32\keystone.exe
2009-06-12 15:49 . 2009-05-21 17:30 134648 ----a-w- h:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-04-08 14:05 739688 ----a-w- h:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ICQ"="h:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"CnxDslTaskBar"="h:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" [2004-06-16 233472]
"OpwareSE2"="h:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"GrooveMonitor"="h:\program files\Microsoft Office 2007\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"PCSuiteTrayApplication"="h:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"egui"="h:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"RTHDCPL"="RTHDCPL.EXE" - h:\windows\RTHDCPL.exe [2007-12-20 16860672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="h:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- h:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=h:\documents and settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=h:\windows\pss\OfficeSAS.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"PnkBstrA"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)
"LogMeIn"=2 (0x2)
"LMIMaint"=2 (0x2)
"ose"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"IDriverT"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"h:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"h:\\Program Files\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"h:\\Program Files\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"h:\\Program Files\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"h:\\Program Files\\ICQ6.5\\ICQ.exe"=

R0 Lbd;Lbd;h:\windows\system32\drivers\Lbd.sys [19.6.2009 16:51 64160]
R1 ehdrv;ehdrv;h:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R1 epfwtdir;epfwtdir;h:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360]
R2 ekrn;ESET Service;h:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840]
R2 LMIInfo;LogMeIn Kernel Information Provider;h:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 18:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;h:\windows\system32\drivers\LMIRfsDriver.sys [2.6.2009 14:46 47640]
R2 osppsvc;Office Software Protection Platform;h:\windows\system32\OSPPSVC.EXE [8.4.2009 15:37 4319136]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;h:\windows\system32\drivers\CnxEtP.sys [21.5.2009 16:59 131072]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;h:\windows\system32\drivers\CnxEtU.sys [21.5.2009 16:59 614272]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;h:\windows\system32\drivers\CnxTgNP.sys [21.5.2009 17:06 60416]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;h:\program files\Lavasoft\Ad-Aware\AAWService.exe [9.3.2009 21:06 1029456]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"h:\windows\system32\rundll32.exe" "h:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-17 h:\windows\Tasks\Ad-Aware Update (Weekly).job
- h:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:54]

2009-07-16 h:\windows\Tasks\User_Feed_Synchronization-{EE3D0329-82FC-4E41-B081-D7E1CB458182}.job
- h:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - h:\progra~1\MI69DF~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - h:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - h:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - h:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - h:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: S&end to OneNote - h:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - h:\program files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
FF - ProfilePath - h:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5z61w0zz.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - trueh:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-17 19:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
h:\windows\system32\LMIinit.dll
.
Completion time: 2009-07-17 19:17
ComboFix-quarantined-files.txt 2009-07-17 17:17
ComboFix2.txt 2009-07-17 16:53
ComboFix3.txt 2009-07-17 16:11
ComboFix4.txt 2009-07-17 13:42

Pre-Run: 25 324 429 312 bytes free
Post-Run: 7 adresárov, 25 313 173 504 voľných bajtov

302 --- E O F --- 2009-07-15 17:55

[mischo378]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:00, on 17.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
H:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
H:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe
H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\ICQ6.5\ICQ.exe
H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\WINDOWS\explorer.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - H:\WINDOWS\system32\dvmurl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\PROGRA~1\MI69DF~1\Office12\GRA8E1~1.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - H:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CnxDslTaskBar] "H:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe" "Microcom\ADSL DeskPorte USB"
O4 - HKLM\..\Run: [OpwareSE2] "H:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [egui] "H:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "H:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] H:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://H:\PROGRA~1\MI69DF~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: S&end to OneNote - res://H:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MI69DF~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2780467734
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\PROGRA~1\MI69DF~1\Office12\GR99D3~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - H:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - H:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7575 bytes

[Damned]

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž
a zapni si AVG.)


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Označ topic za vyřešený (zelená fajfka) a měj se.

[mischo378]

diki moc ; velmi si mi pomohol a som ti vdacny........ si naozaj sefko