podla Malwarebytes' udajne Trojan.Vundo.H Vyřešeno

[hulvius]

Aj ked som investoval do NOD32, ktory je udajne najlepsi, zacal mi stroj zadrhat.
ako sa ukazalo bol asi napadnuty s Trojan.Vundo.H
akurat Malwarebytes' ho nevie odstranit, a ani nic z toho co som skusil a co viem nepomohlo.
kedze okrem trojana nechcem zrusit aj system, poprosil by som o pomoc.

tu je hijacktis.log =>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:50, on 30.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Applications\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Applications\Analog Devices\Core\smax4pnp.exe
D:\Applications\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
D:\Applications\iTunes\iTunesHelper.exe
D:\Applications\Creative\Creative Media Lite\CTZDetec.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Applications\Creative\Shared Files\CTDevSrv.exe
D:\Applications\ESET\ESET Smart Security\ekrn.exe
D:\Applications\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Applications\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Applications\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
D:\Applications\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Applications\Spyware Doctor\pctsAuxs.exe
D:\Applications\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\Applications\MagicTune Premium\MagicTune.exe
D:\Applications\Spyware Doctor\pctsTray.exe
D:\Applications\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\Applications\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
D:\Applications\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
D:\Applications\Mozilla Firefox\firefox.exe
D:\Applications\TotalCmd\TOTALCMD.EXE
D:\Applications\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Applications\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: (no name) - {D3A100C7-AE17-47A5-A36A-9A3248F30108} - c:\windows\system32\ds16gtf.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Applications\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [egui] "D:\Applications\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Applications\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ISTray] "D:\Applications\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Applications\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTZDetec.exe] D:\Applications\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Applications\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Applications\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Applications\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\APPLIC~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Applications\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Applications\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APPLIC~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - D:\Applications\WinSysClean 2008 Trial\UDManager\UDManager.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Applications\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Applications\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9180095312
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08F68155-EB65-4B83-9FE4-22CCA1C49624}: NameServer = 81.27.192.33,81.27.192.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{08F68155-EB65-4B83-9FE4-22CCA1C49624}: NameServer = 81.27.192.33,81.27.192.97
O17 - HKLM\System\CS2\Services\Tcpip\..\{08F68155-EB65-4B83-9FE4-22CCA1C49624}: NameServer = 81.27.192.33,81.27.192.97
O17 - HKLM\System\CS3\Services\Tcpip\..\{08F68155-EB65-4B83-9FE4-22CCA1C49624}: NameServer = 81.27.192.33,81.27.192.97
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Applications\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ipekpdme - C:\WINDOWS\SYSTEM32\ds16gtf.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Applications\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - D:\Applications\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Applications\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Applications\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Applications\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MagicTuneEngine - Unknown owner - D:\Applications\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NBService - Nero AG - D:\Applications\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Applications\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Applications\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Applications\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10937 bytes

[Reklama]

[fredik]

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna, vypni rezidentní ochranu u antiviru/antispyware a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Pokud budeš vyzván k nainstalování Konzole pro zotavení tak zvol Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[hulvius]

ComboFix 08-12-29.02 - Hulvius 2008-12-30 21:30:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3138 [GMT 1:00]
Running from: d:\users\Hulvius\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\Cache
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com
E:\Autorun.inf
E:\resycled
e:\resycled\boot.com
G:\Autorun.inf
G:\resycled
g:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-30 20:41 . 2008-12-30 20:41 <DIR> d-------- d:\applications\Trend Micro
2008-12-30 19:24 . 2008-12-30 19:24 <DIR> d-------- d:\users\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-30 18:44 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2008-12-30 18:43 . 2008-12-30 18:43 <DIR> d-------- d:\applications\Panda Security
2008-12-30 18:38 . 2008-12-30 18:40 <DIR> d-------- d:\users\All Users\Application Data\Lavasoft
2008-12-30 18:38 . 2008-12-30 18:38 <DIR> d-------- d:\applications\Lavasoft
2008-12-30 18:27 . 2008-12-30 18:27 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2008-12-30 18:26 . 2008-12-30 19:50 <DIR> d-------- d:\users\Hulvius\Application Data\Spyware Terminator
2008-12-30 18:26 . 2008-12-30 20:33 <DIR> d-------- d:\users\All Users\Application Data\Spyware Terminator
2008-12-30 18:26 . 2008-12-30 20:33 <DIR> d-------- d:\applications\Spyware Terminator
2008-12-30 10:12 . 2008-12-30 10:12 <DIR> d-------- d:\users\All Users\Application Data\PC Tools
2008-12-30 10:12 . 2008-12-30 10:12 <DIR> d-------- c:\program files\Common Files\PC Tools
2008-12-30 10:12 . 2008-12-30 10:12 160,792 --a------ c:\windows\system32\drivers\pctfw2.sys
2008-12-30 09:48 . 2008-12-30 09:48 <DIR> d-------- d:\users\Hulvius\Application Data\PC Tools
2008-12-30 09:48 . 2008-12-30 21:26 <DIR> d-------- d:\applications\Spyware Doctor
2008-12-30 09:48 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-30 09:48 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-30 09:48 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-30 09:48 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-30 03:05 . 2008-12-30 03:05 <DIR> d-------- d:\users\Administrator\Application Data\Malwarebytes
2008-12-30 03:04 . 2008-12-30 03:04 <DIR> d-------- d:\users\Administrator
2008-12-30 01:59 . 2008-12-30 01:59 <DIR> d-------- d:\applications\MSXML 4.0
2008-12-30 01:07 . 2008-12-30 01:07 <DIR> d-------- d:\users\Hulvius\Application Data\Malwarebytes
2008-12-30 01:07 . 2008-12-30 01:07 <DIR> d-------- d:\users\All Users\Application Data\Malwarebytes
2008-12-30 01:07 . 2008-12-30 01:07 <DIR> d-------- d:\applications\Malwarebytes' Anti-Malware
2008-12-30 01:07 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 01:07 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-28 11:58 . 2004-11-12 19:31 402 --a------ c:\windows\system32\msxml4.inf
2008-12-21 22:44 . 2008-12-21 22:58 <DIR> d-------- d:\applications\Monkey's Audio
2008-12-21 22:33 . 2008-12-21 22:33 <DIR> d-------- d:\applications\Medieval Software
2008-12-21 22:14 . 2008-12-21 22:14 <DIR> d-------- d:\applications\NCH Software
2008-12-21 22:04 . 2008-12-21 22:05 <DIR> d-------- d:\users\Hulvius\Application Data\NCH Swift Sound
2008-12-21 22:04 . 2008-12-21 22:17 <DIR> d-------- d:\users\All Users\Application Data\NCH Swift Sound
2008-12-21 22:04 . 2008-12-28 21:40 <DIR> d-------- d:\applications\NCH Swift Sound
2008-12-12 16:01 . 2008-12-12 16:01 <DIR> dr------- d:\applications\Skype
2008-12-12 16:01 . 2008-12-12 16:01 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-10 22:28 . 2008-12-10 22:28 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-07 13:52 . 2008-12-07 13:52 <DIR> d-------- d:\users\All Users\Application Data\ALM
2008-12-07 13:27 . 2008-12-07 13:27 <DIR> d-------- d:\applications\Adobe Media Player
2008-12-07 12:32 . 2008-12-07 12:32 <DIR> d-------- d:\users\All Users\Application Data\FLEXnet
2008-12-07 12:30 . 2008-12-07 12:30 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-12-07 12:29 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll
2008-12-07 12:29 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll
2008-12-01 18:41 . 2008-12-01 18:41 <DIR> d-------- d:\users\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-01 18:41 . 2008-12-01 18:41 <DIR> d-------- d:\applications\iTunes
2008-12-01 18:41 . 2008-12-01 18:41 <DIR> d-------- d:\applications\iPod
2008-12-01 18:39 . 2008-12-01 18:40 <DIR> d-------- d:\applications\QuickTime
2008-11-30 00:43 . 2008-11-30 00:43 <DIR> d-------- d:\users\Hulvius\Application Data\SI Swimsuit Calendar
2008-11-30 00:43 . 2008-11-30 00:43 <DIR> d-------- d:\users\All Users\Application Data\SI Swimsuit Calendar
2008-11-28 00:25 . 2008-11-28 00:25 <DIR> d-------- d:\users\Hulvius\Application Data\CD-LabelPrint
2008-11-16 23:59 . 2008-11-16 23:59 <DIR> d-------- d:\users\Hulvius\Application Data\NSBackup
2008-11-16 23:25 . 2008-11-16 23:25 <DIR> d-------- d:\applications\Avanquest update
2008-11-16 23:24 . 2008-11-16 23:24 <DIR> d-------- d:\users\All Users\Application Data\BVRP Software
2008-11-16 18:23 . 2008-11-16 18:23 44,876 --ah----- c:\windows\system32\mlfcache.dat
2008-11-15 23:27 . 2008-11-15 23:27 2,285,056 --a------ c:\windows\system32\TUKernel.exe
2008-11-15 23:23 . 2008-11-15 23:24 <DIR> d--h----- c:\windows\Icons
2008-11-15 01:06 . 2008-11-15 01:06 <DIR> d-------- d:\users\Hulvius\Application Data\TuneUp Software
2008-11-15 01:06 . 2008-11-15 01:06 <DIR> d-------- d:\users\All Users\Application Data\TuneUp Software
2008-11-15 01:06 . 2008-11-15 01:08 <DIR> d-------- d:\applications\TuneUp Utilities 2008
2008-11-15 01:06 . 2008-11-15 01:06 354,560 --a------ c:\windows\system32\TuneUpDefragService.exe
2008-11-15 01:06 . 2008-04-04 14:51 28,416 --a------ c:\windows\system32\uxtuneup.dll
2008-11-12 21:28 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 21:28 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\system32\QuickTime.qts
2008-11-02 17:25 . 2008-11-20 23:32 <DIR> d-------- d:\users\Hulvius\Application Data\Delicious IE Extension

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 20:27 --------- d---a-w d:\users\All Users\Application Data\TEMP
2008-12-30 18:49 --------- d-----w d:\users\Hulvius\Application Data\Skype
2008-12-30 18:47 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2008-12-30 18:47 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2008-12-30 18:45 --------- d-----w d:\users\Hulvius\Application Data\uTorrent
2008-12-30 17:37 --------- d-----w d:\applications\FontExpert
2008-12-30 17:34 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-30 16:28 --------- d-----w d:\users\Hulvius\Application Data\skypePM
2008-12-29 01:36 --------- d-----w c:\program files\Common Files\Adobe
2008-12-28 22:06 --------- d-----w d:\applications\MagicTune Premium
2008-12-28 20:43 --------- d-----w d:\users\All Users\Application Data\WinZip
2008-12-28 20:40 --------- d-----w c:\program files\Common Files\Apple
2008-12-21 20:29 --------- d-----w d:\applications\Winamp
2008-12-17 16:19 --------- d-----w d:\users\All Users\Application Data\Microsoft Help
2008-12-12 15:01 --------- d-----w d:\users\All Users\Application Data\Skype
2008-12-11 15:19 --------- d-----w d:\users\Hulvius\Application Data\Canon
2008-12-01 17:36 --------- d-----w d:\applications\Safari
2008-11-27 19:54 --------- d-----w d:\users\Hulvius\Application Data\XnView
2008-11-16 23:19 --------- d--h--w d:\applications\InstallShield Installation Information
2008-11-16 20:15 --------- d-----w d:\applications\PC-Linq
2008-11-15 00:32 --------- d--h--w d:\users\All Users\Application Data\{004D2F01-7C4F-4B48-AB03-8679ED5D1F61}
2008-11-06 21:06 --------- d-----w d:\users\All Users\Application Data\Viewpoint
2008-11-06 21:05 --------- d-----w d:\applications\Java
2008-11-05 22:21 --------- d-----w d:\users\Hulvius\Application Data\Apple Computer
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-01-20 16:00 32 ----a-w d:\users\All Users\Application Data\ezsid.dat
2007-12-15 17:06 87,608 ----a-w d:\users\Hulvius\Application Data\ezpinst.exe
2007-12-15 17:06 47,360 ----a-w d:\users\Hulvius\Application Data\pcouffin.sys
2008-09-21 19:13 61,440 ----a-w d:\applications\mozilla firefox\components\gemgecko.dll
1999-07-07 00:00 6 --sh--r c:\windows\@@desktop.dat
2008-05-26 22:44 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052720080528\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3A100C7-AE17-47A5-A36A-9A3248F30108}]
2002-08-29 13:00 104960 --a------ c:\windows\system32\ds16gtf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="d:\applications\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"CTZDetec.exe"="d:\applications\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 98304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="d:\applications\Skype\Phone\Skype.exe" [2008-12-08 26499880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"SoundMAXPnP"="d:\applications\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"egui"="d:\applications\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"iTunesHelper"="d:\applications\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

d:\users\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - d:\applications\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-02 67128]
Logitech SetPoint.lnk - d:\applications\Logitech\SetPoint\SetPoint.exe [2007-05-15 598016]
NCProTray.lnk - d:\applications\SEC\Natural Color Pro\NCProTray.exe [2007-08-31 49220]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ipekpdme]
2002-08-29 13:00 104960 c:\windows\system32\ds16gtf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TomTomHOME.exe"="d:\applications\TomTom HOME 2\HOMERunner.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="d:\applications\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"QuickTime Task"="d:\applications\QuickTime\QTTask.exe" -atboottime
"Acrobat Assistant 8.0"="d:\applications\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Applications\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Applications\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Applications\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"d:\\Applications\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Applications\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Applications\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Applications\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"e:\\Torrent\\utorrent.exe"=
"d:\\Applications\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57090:TCP"= 57090:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 gxmozidz;gxmozidz;c:\windows\system32\drivers\gxmozidz.sys [2002-08-29 23424]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-30 28544]
R1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys [2008-12-30 160792]
R2 ekrn;Eset Service;"d:\applications\ESET\ESET Smart Security\ekrn.exe" [2008-03-13 472320]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-06-23 13352]
S3 sdAuxService;PC Tools Auxiliary Service;d:\applications\Spyware Doctor\pctsAuxs.exe [2008-12-30 356920]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\Drivers\usbbc.sys [2008-02-07 15576]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
xyfdxxte

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14976cf8-24fa-11dd-920e-0018f3ca8061}]
\Shell\AutoRun\command - Q:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{700d1ccc-07b4-11dc-9056-0018f3ca8061}]
\Shell\AutoRun\command - k:\wd_windows_tools\setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PAVBOOT
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-12-30 c:\windows\Tasks\1-Click Maintenance.job
- d:\applications\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 09:59]

2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- d:\applications\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-30 c:\windows\Tasks\User_Feed_Synchronization-{C95A93DF-BFBA-4B13-95F2-65942B3FF8B8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-ID - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = localhost
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - d:\applic~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - d:\applications\WinSysClean 2008 Trial\UDManager\UDManager.exe
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
TCP: {08F68155-EB65-4B83-9FE4-22CCA1C49624} = 81.27.192.33,81.27.192.97
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\applications\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - d:\users\Hulvius\Application Data\Mozilla\Firefox\Profiles\pvarhsbt.default\
FF - component: d:\applications\Mozilla Firefox\components\gemgecko.dll
FF - component: d:\applications\Mozilla Firefox\components\iamfamous.dll
FF - plugin: d:\applications\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: d:\applications\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: d:\applications\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: d:\applications\Yahoo!\Shared\npYState.dll
FF - plugin: d:\users\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: browser.tabs.closeButtons - 0
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 21:31:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(788)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
Completion time: 2008-12-30 21:33:02
ComboFix-quarantined-files.txt 2008-12-30 20:32:25

Pre-Run: 19,776,016,384 bytes free
Post-Run: 20,134,285,312 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=2GQFP4 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=2GQFP4-BAK

294 --- E O F --- 2008-12-30 02:41:12

[fredik]

Doporučil bych ti odinstalovat přes Přidat nebo odebrat programy pokud tam budou:

• Viewpoint
• Viewpoint Manager
• Viewpoint Media Player
• Viewpoint Toolbar

a také jeho plugin z Firefoxu.

Také bych ti doporučil odinstalovat Spyware Doctora, jelikož tam máš kompletní balík o Esetu.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Driver::
gxmozidz

Collect::
c:\windows\system32\ds16gtf.dll
c:\windows\system32\drivers\gxmozidz.sys

NetSvc::
xyfdxxte

DirLook::
c:\windows\Icons
d:\users\All Users\Application Data\{004D2F01-7C4F-4B48-AB03-8679ED5D1F61}
d:\users\All Users\Application Data\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3A100C7-AE17-47A5-A36A-9A3248F30108}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ipekpdme]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
- Po zobrazení logu, se ti také objeví hláška o zaslání vzorků. Tu potvrď přes Ok. Otevře se ti okno prohlížeče a v něm bude formulář pro zaslání vzorku, tak ho jen zavři.

Na disku C se ti vytvoří adresář/složka pojmenovaná Qoobox a v ní bude další adresář Quarantine a v ní najdeš archiv v podobném tvaru [4]-Submit_2008-12-30@12.54.zip kde čísla za @ znamenají aktuální čas vytvoření souboru. Pošli mi ho jako přílohu přes SZ. Dík.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Dej sem pak nový log z HJT.

[hulvius]

novy log z hijacku:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:41:40, on 30.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
D:\Applications\Creative\Shared Files\CTDevSrv.exe
D:\Applications\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
D:\Applications\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Applications\MagicTune Premium\MagicTune.exe
D:\Applications\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
D:\Applications\iTunes\iTunesHelper.exe
D:\Applications\Creative\Creative Media Lite\CTZDetec.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Applications\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Applications\Logitech\SetPoint\SetPoint.exe
D:\Applications\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\Applications\iPod\bin\iPodService.exe
D:\Applications\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
D:\Applications\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Applications\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Applications\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Applications\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [egui] "D:\Applications\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Applications\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [MsnMsgr] "D:\Applications\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTZDetec.exe] D:\Applications\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Applications\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Applications\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Applications\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\APPLIC~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Applications\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Applications\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\APPLIC~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - D:\Applications\WinSysClean 2008 Trial\UDManager\UDManager.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Applications\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Applications\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9180095312
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08F68155-EB65-4B83-9FE4-22CCA1C49624}: NameServer = 81.27.192.33,81.27.192.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{08F68155-EB65-4B83-9FE4-22CCA1C49624}: NameServer = 81.27.192.33,81.27.192.97
O17 - HKLM\System\CS2\Services\Tcpip\..\{08F68155-EB65-4B83-9FE4-22CCA1C49624}: NameServer = 81.27.192.33,81.27.192.97
O17 - HKLM\System\CS3\Services\Tcpip\..\{08F68155-EB65-4B83-9FE4-22CCA1C49624}: NameServer = 81.27.192.33,81.27.192.97
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Applications\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - D:\Applications\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Applications\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Applications\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Applications\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MagicTuneEngine - Unknown owner - D:\Applications\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NBService - Nero AG - D:\Applications\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9480 bytes

[fredik]

Dík za nahrání archivu.

Nevložil jsi sem ještě ten log z ComboFixu, tak ho sem vlož. Najdeš ho opět na C v souboru ComboFix.txt.
Budeme pokračovat ráno.

[hulvius]

combofix log:

ComboFix 08-12-29.02 - Hulvius 2008-12-31 1:13:43.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3116 [GMT 1:00]
Running from: d:\users\Hulvius\Desktop\ComboFix.exe
Command switches used :: d:\users\Hulvius\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GXMOZIDZ


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-31 )))))))))))))))))))))))))))))))
.

2008-12-31 01:02 . 2008-12-31 01:02 <DIR> dr------- c:\windows\AsDmiHtm
2008-12-30 20:41 . 2008-12-30 20:41 <DIR> d-------- d:\applications\Trend Micro
2008-12-30 19:24 . 2008-12-30 19:24 <DIR> d-------- d:\users\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-30 18:38 . 2008-12-30 22:35 <DIR> d-------- d:\users\All Users\Application Data\Lavasoft
2008-12-30 10:12 . 2008-12-30 10:12 <DIR> d-------- d:\users\All Users\Application Data\PC Tools
2008-12-30 09:48 . 2008-12-30 23:20 <DIR> d-------- d:\applications\Spyware Doctor
2008-12-30 03:05 . 2008-12-30 03:05 <DIR> d-------- d:\users\Administrator\Application Data\Malwarebytes
2008-12-30 03:04 . 2008-12-30 03:04 <DIR> d-------- d:\users\Administrator
2008-12-30 01:59 . 2008-12-30 01:59 <DIR> d-------- d:\applications\MSXML 4.0
2008-12-30 01:07 . 2008-12-30 01:07 <DIR> d-------- d:\users\Hulvius\Application Data\Malwarebytes
2008-12-30 01:07 . 2008-12-30 01:07 <DIR> d-------- d:\users\All Users\Application Data\Malwarebytes
2008-12-28 11:58 . 2004-11-12 19:31 402 --a------ c:\windows\system32\msxml4.inf
2008-12-21 22:33 . 2008-12-21 22:33 <DIR> d-------- d:\applications\Medieval Software
2008-12-21 22:14 . 2008-12-21 22:14 <DIR> d-------- d:\applications\NCH Software
2008-12-21 22:04 . 2008-12-21 22:05 <DIR> d-------- d:\users\Hulvius\Application Data\NCH Swift Sound
2008-12-21 22:04 . 2008-12-21 22:17 <DIR> d-------- d:\users\All Users\Application Data\NCH Swift Sound
2008-12-21 22:04 . 2008-12-28 21:40 <DIR> d-------- d:\applications\NCH Swift Sound
2008-12-12 16:01 . 2008-12-12 16:01 <DIR> dr------- d:\applications\Skype
2008-12-12 16:01 . 2008-12-12 16:01 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-10 22:28 . 2008-12-10 22:28 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-07 13:52 . 2008-12-07 13:52 <DIR> d-------- d:\users\All Users\Application Data\ALM
2008-12-07 13:27 . 2008-12-07 13:27 <DIR> d-------- d:\applications\Adobe Media Player
2008-12-07 12:32 . 2008-12-07 12:32 <DIR> d-------- d:\users\All Users\Application Data\FLEXnet
2008-12-07 12:30 . 2008-12-07 12:30 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-12-07 12:29 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll
2008-12-07 12:29 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll
2008-12-01 18:41 . 2008-12-01 18:41 <DIR> d-------- d:\users\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-01 18:41 . 2008-12-01 18:41 <DIR> d-------- d:\applications\iTunes
2008-12-01 18:41 . 2008-12-01 18:41 <DIR> d-------- d:\applications\iPod
2008-12-01 18:39 . 2008-12-01 18:40 <DIR> d-------- d:\applications\QuickTime
2008-11-30 00:43 . 2008-11-30 00:43 <DIR> d-------- d:\users\Hulvius\Application Data\SI Swimsuit Calendar
2008-11-30 00:43 . 2008-11-30 00:43 <DIR> d-------- d:\users\All Users\Application Data\SI Swimsuit Calendar
2008-11-28 00:25 . 2008-11-28 00:25 <DIR> d-------- d:\users\Hulvius\Application Data\CD-LabelPrint
2008-11-16 23:59 . 2008-11-16 23:59 <DIR> d-------- d:\users\Hulvius\Application Data\NSBackup
2008-11-16 18:23 . 2008-11-16 18:23 44,876 --ah----- c:\windows\system32\mlfcache.dat
2008-11-15 23:27 . 2008-11-15 23:27 2,285,056 --a------ c:\windows\system32\TUKernel.exe
2008-11-15 23:23 . 2008-11-15 23:24 <DIR> d--h----- c:\windows\Icons
2008-11-15 01:06 . 2008-11-15 01:06 <DIR> d-------- d:\users\Hulvius\Application Data\TuneUp Software
2008-11-15 01:06 . 2008-11-15 01:06 <DIR> d-------- d:\users\All Users\Application Data\TuneUp Software
2008-11-15 01:06 . 2008-11-15 01:08 <DIR> d-------- d:\applications\TuneUp Utilities 2008
2008-11-15 01:06 . 2008-11-15 01:06 354,560 --a------ c:\windows\system32\TuneUpDefragService.exe
2008-11-15 01:06 . 2008-04-04 14:51 28,416 --a------ c:\windows\system32\uxtuneup.dll
2008-11-12 21:28 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 21:28 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\system32\QuickTime.qts
2008-11-02 17:25 . 2008-11-20 23:32 <DIR> d-------- d:\users\Hulvius\Application Data\Delicious IE Extension

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 00:15 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2008-12-31 00:15 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2008-12-30 23:33 --------- d-----w d:\users\Hulvius\Application Data\Skype
2008-12-30 23:30 --------- d-----w d:\users\Hulvius\Application Data\uTorrent
2008-12-30 22:20 --------- d---a-w d:\users\All Users\Application Data\TEMP
2008-12-30 22:16 --------- d-----w d:\users\Hulvius\Application Data\skypePM
2008-12-30 21:45 --------- d-----w d:\applications\Canon
2008-12-30 21:39 --------- d-----w d:\applications\Winamp
2008-12-30 21:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-29 01:36 --------- d-----w c:\program files\Common Files\Adobe
2008-12-28 20:43 --------- d-----w d:\users\All Users\Application Data\WinZip
2008-12-28 20:40 --------- d-----w c:\program files\Common Files\Apple
2008-12-17 16:19 --------- d-----w d:\users\All Users\Application Data\Microsoft Help
2008-12-12 15:01 --------- d-----w d:\users\All Users\Application Data\Skype
2008-12-11 15:19 --------- d-----w d:\users\Hulvius\Application Data\Canon
2008-11-27 19:54 --------- d-----w d:\users\Hulvius\Application Data\XnView
2008-11-16 23:19 --------- d--h--w d:\applications\InstallShield Installation Information
2008-11-16 20:15 --------- d-----w d:\applications\PC-Linq
2008-11-15 00:32 --------- d--h--w d:\users\All Users\Application Data\{004D2F01-7C4F-4B48-AB03-8679ED5D1F61}
2008-11-06 21:06 --------- d-----w d:\users\All Users\Application Data\Viewpoint
2008-11-06 21:05 --------- d-----w d:\applications\Java
2008-11-05 22:21 --------- d-----w d:\users\Hulvius\Application Data\Apple Computer
2008-01-20 16:00 32 ----a-w d:\users\All Users\Application Data\ezsid.dat
2007-12-15 17:06 87,608 ----a-w d:\users\Hulvius\Application Data\ezpinst.exe
2007-12-15 17:06 47,360 ----a-w d:\users\Hulvius\Application Data\pcouffin.sys
2008-09-21 19:13 61,440 ----a-w d:\applications\mozilla firefox\components\gemgecko.dll
1999-07-07 00:00 6 --sh--r c:\windows\@@desktop.dat
2008-05-26 22:44 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052720080528\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\windows\Icons ----

2005-05-17 17:10 4393474 --a------ c:\windows\Icons\Windows-Black\Windows Black.icl

---- Directory of d:\users\All Users\Application Data\{004D2F01-7C4F-4B48-AB03-8679ED5D1F61} ----

2007-07-12 10:48 579156 --------- d:\users\All Users\Application Data\{004D2F01-7C4F-4B48-AB03-8679ED5D1F61}\mia.lib
2007-07-12 10:48 2343904 --------- d:\users\All Users\Application Data\{004D2F01-7C4F-4B48-AB03-8679ED5D1F61}\wsc.exe

---- Directory of d:\users\All Users\Application Data\Viewpoint ----



((((((((((((((((((((((((((((( snapshot@2008-12-30_21.32.12.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="d:\applications\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"CTZDetec.exe"="d:\applications\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 98304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="d:\applications\Skype\Phone\Skype.exe" [2008-12-08 26499880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"SoundMAXPnP"="d:\applications\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"egui"="d:\applications\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"iTunesHelper"="d:\applications\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

d:\users\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - d:\applications\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-02 67128]
Logitech SetPoint.lnk - d:\applications\Logitech\SetPoint\SetPoint.exe [2007-05-15 598016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TomTomHOME.exe"="d:\applications\TomTom HOME 2\HOMERunner.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="d:\applications\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"QuickTime Task"="d:\applications\QuickTime\QTTask.exe" -atboottime
"Acrobat Assistant 8.0"="d:\applications\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Applications\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Applications\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Applications\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"d:\\Applications\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Applications\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Applications\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Applications\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"e:\\Torrent\\utorrent.exe"=
"d:\\Applications\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57090:TCP"= 57090:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 ekrn;Eset Service;"d:\applications\ESET\ESET Smart Security\ekrn.exe" [2008-03-13 472320]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-06-23 13352]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\Drivers\usbbc.sys [2008-02-07 15576]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14976cf8-24fa-11dd-920e-0018f3ca8061}]
\Shell\AutoRun\command - Q:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{700d1ccc-07b4-11dc-9056-0018f3ca8061}]
\Shell\AutoRun\command - k:\wd_windows_tools\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-12-30 c:\windows\Tasks\1-Click Maintenance.job
- d:\applications\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 09:59]

2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- d:\applications\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-30 c:\windows\Tasks\User_Feed_Synchronization-{C95A93DF-BFBA-4B13-95F2-65942B3FF8B8}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = localhost
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - d:\applic~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {08F68155-EB65-4B83-9FE4-22CCA1C49624} = 81.27.192.33,81.27.192.97
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\applications\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - d:\users\Hulvius\Application Data\Mozilla\Firefox\Profiles\pvarhsbt.default\
FF - component: d:\applications\Mozilla Firefox\components\gemgecko.dll
FF - component: d:\applications\Mozilla Firefox\components\iamfamous.dll
FF - plugin: d:\applications\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: d:\applications\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: d:\applications\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: d:\applications\Yahoo!\Shared\npYState.dll
FF - plugin: d:\users\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: browser.tabs.closeButtons - 0
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 01:16:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
d:\applications\Creative\Shared Files\CTDevSrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
d:\applications\iPod\bin\iPodService.exe
c:\windows\system32\rundll32.exe
d:\applications\Windows Live\Messenger\usnsvc.exe
d:\applications\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-12-31 1:19:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-31 00:19:31
ComboFix2.txt 2008-12-30 20:33:03

Pre-Run: 20,411,363,328 bytes free
Post-Run: 20,343,951,360 bytes free

246 --- E O F --- 2008-12-30 02:41:12

[fredik]

Pokud sis ještě nezapnul zpět rezidentní ochranu u Eset Smart Sec., tak si ji zapni.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Spusť znovu HijackThis a zaškrtni v něm čtverečky před těmito řádky:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O9 - Extra button: (no name) - {AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - D:\Applications\WinSysClean 2008 Trial\UDManager\UDManager.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Applications\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Applications\ICQLite\ICQLite.exe (file missing)
po zaškrtnutí klikni na tlačítko Fix Checked

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pokud jsi odinstaloval všechny položky patřící k Viewpointu, tak smaž ještě ručně jejich adresáře/složky:
d:\applications\Viewpoint
d:\users\All Users\Application Data\Viewpoint

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otestuj tento soubor na VirusTotal
d:\users\All Users\Application Data\{004D2F01-7C4F-4B48-AB03-8679ED5D1F61}\wsc.exe
stačí jen zkopírovat na té stránce do toho prázdného okénka celou cestu a dát odeslat. Pak sem vlož výsledek.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
ComboFix /u
a dej Ok.
- mezi ComboFix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Doporučil bych ti aktualizovat Javu:
- Stáhni si poslední verzi Java SE Runtime Environment (JRE) 6 Update 11
- Vedle nápisu kde je napsáno Java SE Runtime Environment (JRE) 6 Update 11 klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation a ulož si ho na disk

- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy

Stáhni si JavaRa, rozbal si ho do vlastní složky a spusť ho.

• vyber si jazyka a potvrď ho přes tlačítko Select
• pak zvol možnost Remove Older Versions a postupuj podle instrukcí programu
• na konci program zobrazí log, tak ho zavři a program ukonči

Poté restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u11-windows-i586-p.exe, který sis stáhl na začátku


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si ATF-Cleaner (by Atribune) a spusť ho

Pod položkou Main zatrhni možnost: Select All
Pak klikni na tlačítko: Empty Selected

Pokud používáš jako prohlížeč FireFox:

- Zvol nahoře možnost Firefox
- Zatrhni možnost: Select All
- Budeš dotázán na to zda si přeješ odstranit uložené hesla z Firefoxu, podle potřeby zvol buď Ano nebo Ne
- Pak klikni na tlačítko: Empty Selected

Pokud používáš jako prohlížeč Operu:

- Zvol nahoře možnost Opera
- Zatrhni možnost: Select All
- Budeš dotázán na to zda si přeješ odstranit uložené hesla z Opery, podle potřeby zvol buď Ano nebo Ne
- Pak klikni na tlačítko: Empty Selected

Pak můžeš program zavřít.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Vlož sem pak ten výsledek z VirusTotal a řekni jestli máš ještě nějaké problémy.

[hulvius]

VirusTotal d:\users\All Users\Application Data\{004D2F01-7C4F-4B48-AB03-8679ED5D1F61}\wsc.exe:
http://www.virustotal.com/cs/analisis/2 ... 7eeaf2332c


vsetko vypada dobre. potvrdim to tak za 1-2h ak sa nic nebude zadrhavat.

vdaka za cenne rady a pomoc.
chcel by som sa este opytat, cim by som mal vystuzit obranu okrem NOD32?
zda sa, ze najma internet security nie je moc dobra. preto som aj skusil pridat spyware doctor.

[fredik]

Na tom VirusTotal jsi měl dát, Reanalyse file now. To je už krapet starší výsledek, ale to nevadí.

Problém je v tom, že více programů stejného zaměření (antiviry, antispyware, ...) spuštěných rezidentně, může způsobit víc problému jak užitku.
Vzhledem k tomu, že tam máš kompletní balík, tak bych už tam nic dalšího nedával. Pokud by jsi i přesto chtěl nějaký program na občasnou kontrolu, tak nějaký nerezidentní jako např. SUPERAntiSpyware free, nebo jako prevenci SpywareBlaster

Není zač , kdyby se vyskytl nějaký problém tak dej vědět.

[hulvius]

vsetko funguje fajn, skoro ako keby som stroj preinstaloval.
vdaka je to vyriesene