"Vypnutí systému" Vyřešeno

[Lunaris]

ComboFix 09-01-21.04 - Lunaris 2009-01-26 20:07:16.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2047.1282 [GMT 1:00]
Spuštěný z: c:\documents and settings\Lunaris\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Lunaris\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *disabled*
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\UN32.EXE
c:\windows\XXLGSC
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\UN32.EXE
c:\windows\XXLGSC

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-26 do 2009-01-26 )))))))))))))))))))))))))))))))
.

2009-01-25 17:35 . 2009-01-25 17:44 <DIR> d-------- c:\program files\RegCleaner
2009-01-24 15:26 . 2009-01-24 22:52 201 --a------ c:\windows\wcx_ftp.ini
2009-01-18 18:35 . 2009-01-18 18:35 <DIR> d--h----- c:\windows\PIF
2009-01-18 18:34 . 2009-01-18 18:34 <DIR> d-------- c:\program files\Active Data Recovery Software
2009-01-18 15:59 . 2009-01-18 15:59 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-18 15:59 . 2009-01-18 15:59 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-01-18 15:59 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-18 15:59 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-16 17:51 . 2009-01-16 17:51 <DIR> d-------- c:\documents and settings\NetworkService\Plocha
2009-01-15 21:10 . 2009-01-15 21:10 <DIR> d-------- C:\PcwBak
2009-01-15 17:28 . 2009-01-15 17:28 <DIR> d-------- c:\program files\Enigma Software Group
2009-01-14 21:17 . 2009-01-14 21:17 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-11 12:00 . 2009-01-11 12:00 354,560 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-06 21:52 . 2009-01-06 21:52 <DIR> d-------- c:\program files\Common Files\Logitech
2008-12-31 16:03 . 2008-12-31 16:03 <DIR> d-------- c:\program files\Skype
2008-12-31 16:03 . 2008-12-31 16:03 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-31 14:46 . 2008-12-31 20:21 2,194 --a------ c:\windows\wininit.ini
2008-12-30 12:41 . 2009-01-11 21:44 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\LangSoft
2008-12-30 12:32 . 2008-12-30 12:32 200,704 --a------ c:\windows\TRNOET.DLL
2008-12-30 12:32 . 2008-12-30 12:32 45,056 --a------ c:\windows\TRNOEH.DLL
2008-12-30 12:32 . 2008-12-30 12:32 26,624 --a------ c:\windows\OETRN.EXE
2008-12-30 12:32 . 2008-12-30 12:32 33 --a------ c:\windows\WTRDCTM.INI
2008-12-30 12:31 . 2008-12-30 12:41 <DIR> d-------- C:\TRANSLAT
2008-12-30 12:31 . 2008-12-30 12:38 4,454 --a------ c:\windows\WTRAN32.INI
2008-12-30 12:31 . 2008-12-30 12:31 2,753 --a------ c:\windows\UN32P.INI
2008-12-30 12:31 . 2008-12-30 12:41 2,476 --a------ c:\windows\TRNCOM.INI
2008-12-30 12:31 . 2008-12-30 12:33 1,849 --a------ c:\windows\WDICT32.INI
2008-12-30 12:31 . 2009-01-26 18:52 1,678 --a------ c:\windows\MAILTRAN.INI
2008-12-30 12:20 . 2008-12-30 12:20 <DIR> d-------- c:\program files\MultiTranse

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-26 18:27 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-26 13:16 --------- d-----w c:\program files\Recuva
2009-01-24 09:51 --------- d-----w c:\program files\FlashGet
2009-01-22 13:27 --------- d-----w c:\program files\QIP Infium
2009-01-19 17:31 --------- d-----w c:\program files\DVDVideoSoft
2009-01-19 17:31 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-01-17 21:46 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-01-15 16:38 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-15 16:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-14 20:37 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-01-11 10:01 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-01-05 13:19 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-12-31 15:03 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2008-12-27 18:46 --------- d-----w c:\program files\Google
2008-12-27 18:37 --------- d-----w c:\program files\Common Files\Adobe
2008-12-25 18:26 --------- d-----w c:\program files\CustomXML
2008-12-25 16:21 --------- d-----w c:\program files\Lavasoft
2008-12-25 15:02 --------- d-----w c:\program files\CCleaner
2008-12-25 14:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 19:16 --------- d-----w c:\program files\Nero
2008-12-14 19:16 --------- d-----w c:\documents and settings\All Users\Data aplikací\Nero
2008-12-14 17:06 --------- d-----w c:\program files\Common Files\Nero
2008-12-14 16:52 --------- d-----w c:\program files\Windows Sidebar
2008-12-14 13:02 --------- d-----w c:\program files\Safari
2008-12-13 15:30 --------- d-----w c:\program files\iTunes
2008-12-13 15:30 --------- d-----w c:\documents and settings\All Users\Data aplikací\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-13 15:29 --------- d-----w c:\program files\iPod
2008-12-13 15:00 --------- d-----w c:\program files\NOS
2008-12-13 15:00 --------- d-----w c:\documents and settings\All Users\Data aplikací\NOS
2008-12-13 13:43 --------- d-----w c:\program files\Hamachi
2008-12-13 13:41 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-13 13:41 --------- d-----w c:\documents and settings\All Users\Data aplikací\Lavasoft
2008-12-13 13:18 --------- d-----w c:\program files\Common Files\INCA Shared
2008-12-13 12:56 --------- d-----w c:\program files\Microsoft Games
2008-12-13 12:53 --------- d-----w c:\program files\Mgutil
2008-12-12 20:54 --------- d-sh--w c:\documents and settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-12 20:11 --------- d-----w c:\program files\Memory Improve Professional
2008-12-11 20:26 --------- d-----w c:\program files\Nsasoft
2008-12-11 20:25 --------- d-----w c:\program files\DivX
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 19:01 --------- d-----w c:\program files\ICQ6.5
2008-12-09 20:09 --------- d-----w c:\program files\ICQ6Toolbar
2008-12-09 20:09 --------- d-----w c:\documents and settings\All Users\Data aplikací\ICQ
2008-12-07 12:40 --------- d-----w c:\program files\PC Washer
2008-11-28 20:04 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-11-27 20:56 --------- d-----w c:\program files\The KMPlayer1431
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-11-15 11:59 219,648 ----a-w c:\windows\system32\uxtheme.dll
2006-06-23 22:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\PcwBak ----



(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2007-10-15 2582288]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-12-19 1434864]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2007-12-10 1412608]
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"ASUS Energy Saving"="c:\program files\ASUS\AI Suite\EnergySaving\PwSave.exe" [2008-01-24 1352192]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"Spyhunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 851968]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2008-02-01 439568]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Lunaris^Nabídka Start^Programy^Po spuštění^Automize8.lnk]
backup=c:\windows\pss\Automize8.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Lunaris^Nabídka Start^Programy^Po spuštění^hamachi.lnk]
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Lunaris^Nabídka Start^Programy^Po spuštění^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Lunaris^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-11-09 20:41 2356088 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EZEHM]
--a------ 2007-04-27 13:31 1884160 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
--a------ 2006-05-31 16:05 18550784 c:\program files\CounterPath\X-Lite\x-lite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 16:50 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-11-30 14:41 172792 c:\program files\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 14:30 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 14:30 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2008-08-14 17:11 565008 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2008-08-14 17:15 2407184 c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-09-23 14:17 21755688 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-10-10 13:29 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-11-02 17:57 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"getPlus(R) Helper"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
"aawservice"=2 (0x2)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"ICQ Service"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"DUMeterSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-26 84992]
R3 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2008-10-05 1382672]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddfb5240-8c5f-11dd-8cab-0050fc9791fe}]
\Shell\AutoRun\command - e:\wd_windows_tools\WDEULA.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-01-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 09:59]

2008-10-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-25 c:\windows\Tasks\SpyHunter Scanner.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2008-06-19 16:48]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uInternet Settings,ProxyServer = socks=
IE: &Stáhnout &vše FlashGetem - c:\progra~1\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\progra~1\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} -
TCP: {8B10A4CD-6A74-4229-8E7F-20F6293E26B4} = 217.117.216.72,217.117.216.7
DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} - hxxp://www.o2c.de/download/o2cplayerac.cab
FF - ProfilePath - c:\documents and settings\Lunaris\Data aplikací\Mozilla\Firefox\Profiles\2lvqro7w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://temp.daemonicmu.com/forum/

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 20:08:03
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1624)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-01-26 20:09:49
ComboFix-quarantined-files.txt 2009-01-26 19:09:47
ComboFix2.txt 2009-01-24 11:05:29

Před spuštěním: Volných bajtů: 50 174 320 640
Po spuštění: Volných bajtů: 50,159,599,616

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

300 --- E O F --- 2009-01-14 20:37:49

____________________________________________________


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:12:08, on 26.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [Spyhunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" -minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.70.1193.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092f -f video -m logitech -d 11.70.1193.0 (User 'Default user')
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2467910578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2468721531
O16 - DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} (O2C-Player - area constructor view (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayerac.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL ... 586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B10A4CD-6A74-4229-8E7F-20F6293E26B4}: NameServer = 217.117.216.72,217.117.216.7
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 10781 bytes


tak prosím :)

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.

Aktualizuj javu:
Java SE Runtime Environment 6u11
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u11-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Pokud nejsou problémy , je to vše.

[Lunaris]

Dobrý den, velice se omlouvám, ale do dnešního odpoledne jsem neměl přístup k internetu a tudíž jsem Vám nemohl poděkovat za pomoc při řešení mého problému.

Děkuji Vám mnoho krát tedy za pomoc a ještě jednou se omlouvám , Lunaris.

/vyřešeno