Total Security Vyřešeno

[emil1960]

Dobrý deň.
Niečo sa mi dostalo do PC a neviem to odstrániť.Vedeli by ste mi pomôcľ?
Stále mi vyskakujú tieto okná



Prikladám aj svoj log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:39, on 21.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\Temp\_ex-68.exe
C:\Documents and Settings\All Users\Application Data\16622654\16622654.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-68.exe
O4 - HKLM\..\Run: [16622654] C:\Documents and Settings\All Users\Application Data\16622654\16622654.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: rncsys32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 5290 bytes

[Reklama]

[jaro3]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

[emil1960]

Prikladám ten log
Malwarebytes' Anti-Malware 1.40
Verzia databázy: 2667
Windows 5.1.2600 Service Pack 3

21.8.2009 9:15:43
mbam-log-2009-08-21 (09-15-31).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 89728
Uplynutý cas: 3 minute(s), 59 second(s)

Infikovaných procesov pamäte: 2
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 4
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 14
Infikovaných súborov: 45

Infikovaných procesov pamäte:
C:\Documents and Settings\All Users\Application Data\16622654\16622654.exe (Rogue.Multiple.H) -> No action taken.
C:\WINDOWS\Temp\_ex-68.exe (Trojan.Dropper) -> No action taken.

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\16622654 (Rogue.Multiple.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\promoreg (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\MyID (Malware.Trace) -> No action taken.

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
C:\Documents and Settings\All Users\Application Data\16622654 (Rogue.Multiple.H) -> No action taken.
C:\Program Files\Comet (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\72b.j (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\FF2DataBase (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\Juh (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\OSA (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\OSK (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\OSM (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\Park (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\PK-2 (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\PK-3 (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\Sever (Spyware.Comet.Cursor) -> No action taken.

Infikovaných súborov:
C:\Documents and Settings\All Users\Application Data\16622654\16622654 (Rogue.Multiple.H) -> No action taken.
C:\Documents and Settings\All Users\Application Data\16622654\16622654.exe (Rogue.Multiple.H) -> No action taken.
C:\Documents and Settings\All Users\Application Data\16622654\pc16622654ins (Rogue.Multiple.H) -> No action taken.
C:\Documents and Settings\pc3\Start Menu\Programs\Startup\rncsys32.exe (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\Temp\TMP62D.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\pc3\Local Settings\Temp\TMP12.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\pc3\Local Settings\Temp\TMP804.tmp (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\pc3\Local Settings\Temp\~TM206.tmp (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\H9YPR1KZ\load[1].exe (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\KYSQC5Y4\sys[1].exe (Trojan.Dropper) -> No action taken.
C:\Program Files\Comet\Commeter\1.gtd (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\11.gtd (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\13.gtd (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\14.gtd (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\2.gtd (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\2.gtp (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\4.gtd (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\5.gtd (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\comm.hlp (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\commeter.CSY (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Commeter.exe (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Commeter.ico (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\FFSALIAS.FF2 (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\FFSINFO.FF2 (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\FFSTRAN.CFG (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\licence_free.txt (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\unins000.dat (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\unins000.exe (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\FF2DataBase\DATA.FF2 (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\FF2DataBase\FFSTRAN.CFG (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\FF2DataBase\Kanaly.FF2 (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\FF2DataBase\kanalys.FF2 (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\FF2DataBase\kanRefresh.FF2 (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\FF2DataBase\parRefresh.FF2 (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\FF2DataBase\useky.FF2 (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\FF2DataBase\Zazn_par.FF2 (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\FF2DataBase\zazn_pars.FF2 (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\Park\2009_06_15_no00.msb (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\PK-3\2009-6-11-00.msb (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\PK-3\2009_06_19_no00.msb (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\PK-3\2009_06_26_no00.msb (Spyware.Comet.Cursor) -> No action taken.
C:\Program Files\Comet\Commeter\Data\PK-3\DOST-2221164-TUV-Farkaš (Spyware.Comet.Cursor) -> No action taken.
C:\Documents and Settings\pc3\Application Data\wiaserva.log (Malware.Trace) -> No action taken.
C:\WINDOWS\Temp\_ex-68.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\Temp\wpv471243627542.exe (Trojan.Agent) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u NOD32.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[emil1960]

Malwarebytes' Anti-Malware 1.40
Verzia databázy: 2667
Windows 5.1.2600 Service Pack 3

21.8.2009 9:51:01
mbam-log-2009-08-21 (09-51-01).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 89758
Uplynutý cas: 3 minute(s), 30 second(s)

Infikovaných procesov pamäte: 2
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 4
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 14
Infikovaných súborov: 45

Infikovaných procesov pamäte:
C:\Documents and Settings\All Users\Application Data\16622654\16622654.exe (Rogue.Multiple.H) -> Unloaded process successfully.
C:\WINDOWS\Temp\_ex-68.exe (Trojan.Dropper) -> Unloaded process successfully.

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\16622654 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\promoreg (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\MyID (Malware.Trace) -> Quarantined and deleted successfully.

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
C:\Documents and Settings\All Users\Application Data\16622654 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Program Files\Comet (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\72b.j (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\FF2DataBase (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\Juh (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\OSA (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\OSK (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\OSM (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\Park (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\PK-2 (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\PK-3 (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\Sever (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.

Infikovaných súborov:
C:\Documents and Settings\All Users\Application Data\16622654\16622654 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\16622654\16622654.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\16622654\pc16622654ins (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc3\Start Menu\Programs\Startup\rncsys32.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TMP62D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc3\Local Settings\Temp\TMP12.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc3\Local Settings\Temp\TMP804.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc3\Local Settings\Temp\~TM206.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\H9YPR1KZ\load[1].exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc3\Local Settings\Temporary Internet Files\Content.IE5\KYSQC5Y4\sys[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\1.gtd (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\11.gtd (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\13.gtd (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\14.gtd (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\2.gtd (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\2.gtp (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\4.gtd (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\5.gtd (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\comm.hlp (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\commeter.CSY (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Commeter.exe (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Commeter.ico (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\FFSALIAS.FF2 (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\FFSINFO.FF2 (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\FFSTRAN.CFG (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\licence_free.txt (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\unins000.dat (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\unins000.exe (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\FF2DataBase\DATA.FF2 (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\FF2DataBase\FFSTRAN.CFG (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\FF2DataBase\Kanaly.FF2 (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\FF2DataBase\kanalys.FF2 (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\FF2DataBase\kanRefresh.FF2 (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\FF2DataBase\parRefresh.FF2 (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\FF2DataBase\useky.FF2 (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\FF2DataBase\Zazn_par.FF2 (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\FF2DataBase\zazn_pars.FF2 (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\Park\2009_06_15_no00.msb (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\PK-3\2009-6-11-00.msb (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\PK-3\2009_06_19_no00.msb (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\PK-3\2009_06_26_no00.msb (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Program Files\Comet\Commeter\Data\PK-3\DOST-2221164-TUV-Farkaš (Spyware.Comet.Cursor) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc3\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_ex-68.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv471243627542.exe (Trojan.Agent) -> Quarantined and deleted successfully.

[emil1960]

Obsah z combofixu
ComboFix 09-08-20.03 - pc3 21.08.2009 10:15.1.2 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1033.18.1015.618 [GMT 2:00]
Spuštěný z: c:\documents and settings\pc3\Desktop\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\77d6a0c8.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_npf
-------\Service_77d6a0c8


((((((((((((((((((((((((( Soubory vytvořené od 2009-07-21 do 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-21 07:08 . 2009-08-21 07:08 -------- d-----w- c:\documents and settings\pc3\Application Data\Malwarebytes
2009-08-21 07:08 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-21 07:08 . 2009-08-21 07:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-21 07:08 . 2009-08-21 07:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-21 07:08 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-21 06:22 . 2009-08-21 06:22 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 05:45 . 2008-06-09 11:41 -------- d-----w- c:\documents and settings\pc3\Application Data\Hamachi
2009-07-31 08:25 . 2008-06-05 12:38 -------- d-----w- c:\program files\Eset
2009-07-17 10:54 . 2009-07-17 10:54 -------- d-----w- c:\documents and settings\pc3\Application Data\Naviextras
2009-07-17 10:54 . 2009-07-17 10:54 -------- d-----w- c:\program files\Naviextras
2009-05-28 09:04 . 2008-06-03 13:39 26288 ----a-w- c:\documents and settings\pc3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-14 136600]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-06-05 949376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:UDP"= 53:UDP:Promo

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [5.6.2008 14:49 15424]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPortIO.SYS [28.4.2009 10:24 3584]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [25.9.2007 16:59 15152]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [11.6.2008 12:35 29292]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-WEBTRAN - (no file)
HKCU-Run-OEXPRESS - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\pc3\Application Data\Mozilla\Firefox\Profiles\dtcmlwc2.default\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 10:20
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Eset\nod32krn.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2009-08-21 10:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-21 08:22

Před spuštěním: 158 661 697 536 bytes free
Po spuštění: 10 adresárov, 159 809 548 288 voľných bajtov

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

128 --- E O F --- 2009-06-11 01:02

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[emil1960]

ComboFix 09-08-20.03 - pc3 21.08.2009 10:53.2.2 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1033.18.1015.605 [GMT 2:00]
Spuštěný z: c:\documents and settings\pc3\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\pc3\Desktop\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-07-21 do 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-21 07:08 . 2009-08-21 07:08 -------- d-----w- c:\documents and settings\pc3\Application Data\Malwarebytes
2009-08-21 07:08 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-21 07:08 . 2009-08-21 07:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-21 07:08 . 2009-08-21 07:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-21 07:08 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-21 06:22 . 2009-08-21 06:22 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 05:45 . 2008-06-09 11:41 -------- d-----w- c:\documents and settings\pc3\Application Data\Hamachi
2009-07-31 08:25 . 2008-06-05 12:38 -------- d-----w- c:\program files\Eset
2009-07-17 10:54 . 2009-07-17 10:54 -------- d-----w- c:\documents and settings\pc3\Application Data\Naviextras
2009-07-17 10:54 . 2009-07-17 10:54 -------- d-----w- c:\program files\Naviextras
2009-05-28 09:04 . 2008-06-03 13:39 26288 ----a-w- c:\documents and settings\pc3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-14 136600]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-06-05 949376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:UDP"= 53:UDP:Promo

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [5.6.2008 14:49 15424]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPortIO.SYS [28.4.2009 10:24 3584]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [25.9.2007 16:59 15152]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [11.6.2008 12:35 29292]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\pc3\Application Data\Mozilla\Firefox\Profiles\dtcmlwc2.default\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 10:55
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2009-08-21 10:56
ComboFix-quarantined-files.txt 2009-08-21 08:56
ComboFix2.txt 2009-08-21 08:22

Před spuštěním: 159 813 808 128 bytes free
Po spuštění: 10 adresárov, 159 801 257 984 voľných bajtov

91 --- E O F --- 2009-06-11 01:02




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:10, on 21.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4829 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod: viewtopic.php?f=70&t=5119

Kód: Vybrat vše

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Pokud nejspou problémy , je to vše a můžeš dát vyřešeno, fajfku.