HiJackThis log pls kontrola Vyřešeno

[jaro3]

No toto vypadá...
To se Ti tam muselo dostat v průběhu čištění , v první logu to nebylo...
Takže :
Stáhni si program OTMoveIt3 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
C:\WINDOWS\system32\lkanfl.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Poté:
Vypni rez. ochranu u NOD32+ firewall Comodo.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Reklama]

[Mous]

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\system32\lkanfl.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Mous\LOCALS~1\Temp\~DFC38B.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Mous\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4d0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04112009_102451

Files moved on Reboot...
C:\DOCUME~1\Mous\LOCALS~1\Temp\~DFC38B.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdat

[Mous]

ComboFix 09-04-04.01 - Mous 2009-04-11 10:32:03.7 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2047.1571 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mous\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-03-11 do 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-04-11 10:24 . 2009-04-11 10:24 <DIR> d-------- C:\_OTMoveIt
2009-04-10 19:58 . 2009-04-10 19:58 <DIR> d-------- c:\program files\VirusTotalUploader
2009-04-10 18:54 . 2009-04-10 18:54 <DIR> d-------- C:\VerTerm
2009-04-10 00:04 . 2009-04-10 00:04 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-04-09 08:32 . 2009-01-22 02:40 163,840 --a------ c:\windows\system32\SecureNet.dll
2009-04-09 08:31 . 2009-04-10 17:14 <DIR> d-------- c:\program files\Hide My IP 2009
2009-04-09 08:31 . 2008-11-03 05:45 1,126,400 --a------ c:\windows\system32\libeay32.dll
2009-04-09 08:31 . 2008-11-03 05:45 204,800 --a------ c:\windows\system32\ssleay32.dll
2009-04-08 23:41 . 2009-04-08 23:41 33,280 ---h----- c:\documents and settings\Mous\mej.exe
2009-04-07 17:23 . 2003-07-08 10:13 28,672 --a------ c:\windows\system32\sizelimit.ocx
2009-04-06 20:49 . 2009-04-07 16:24 155,384 --a------ c:\windows\system32\guard32.dll
2009-04-06 20:49 . 2009-04-07 16:25 110,992 --a------ c:\windows\system32\drivers\cmdguard.sys
2009-04-06 20:49 . 2009-04-07 16:25 24,336 --a------ c:\windows\system32\drivers\cmdhlp.sys
2009-04-03 18:59 . 2009-04-03 18:59 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\RunOff
2009-03-31 17:05 . 2009-04-01 16:19 <DIR> d-------- c:\windows\FFTemp
2009-03-31 17:05 . 2009-03-31 17:05 115,016 --a------ c:\windows\system32\MSINET.OCX
2009-03-31 17:01 . 2009-03-31 17:01 226 --a------ c:\documents and settings\Mous\Data aplikací\asd.bat
2009-03-28 14:16 . 2009-03-28 14:18 <DIR> d-------- C:\rings
2009-03-26 15:12 . 2009-03-26 15:12 <DIR> d-------- c:\program files\Cenega Czech
2009-03-24 17:45 . 2009-03-24 17:46 <DIR> d-------- C:\Warhammer Online - Age of Reckoning
2009-03-21 00:25 . 2009-03-21 00:25 41,808 --a------ c:\windows\system32\xfcodec.dll
2009-03-20 17:05 . 2009-03-20 17:05 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-20 00:17 . 2005-11-16 17:05 1,056,768 --a------ c:\windows\system32\ROBOEX32.DLL
2009-03-20 00:17 . 2005-11-16 17:05 49,152 --a------ c:\windows\system32\INETWH32.DLL
2009-03-20 00:16 . 2009-03-20 00:16 <DIR> d-------- c:\program files\NetObjects
2009-03-15 22:47 . 2009-03-15 22:47 <DIR> d-------- C:\videooutput
2009-03-15 22:47 . 2009-03-15 22:47 <DIR> d-------- c:\program files\Free FLV to AVI Converter
2009-03-15 22:47 . 2007-03-07 01:45 3,086,336 --a------ c:\windows\system32\NCMedia.dll
2009-03-15 22:47 . 2007-03-07 01:45 3,086,336 --a------ c:\windows\system32\flvvideo.dll
2009-03-15 22:47 . 2006-11-01 15:52 765,952 --a------ c:\windows\system32\xvidcore.dll
2009-03-15 22:47 . 2007-02-25 16:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
2009-03-15 21:31 . 2009-03-15 21:31 <DIR> d-------- c:\program files\Moyea
2009-03-15 21:31 . 2009-03-15 21:31 <DIR> d-------- c:\documents and settings\Mous\Data aplikací\Moyea
2009-03-13 22:01 . 2009-03-13 22:01 <DIR> d-------- c:\program files\Blast! Entertainment Ltd
2009-03-13 21:59 . 2009-02-22 21:25 329,959,728 --a------ c:\temp\rld-bean.bin
2009-03-12 23:43 . 2009-03-12 23:43 <DIR> d-------- c:\program files\MySQL
2009-03-11 20:31 . 2009-03-11 20:31 <DIR> d-------- c:\program files\PremiumSoft
2009-03-11 20:31 . 2006-04-13 12:30 1,073,152 --a------ c:\windows\system32\libmysql_c.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 08:28 22,528 ----a-w c:\windows\system32\drivers\nhcDriver.sys
2009-04-11 08:28 --------- d-----w c:\documents and settings\Mous\Data aplikací\Hamachi
2009-04-10 16:51 --------- d-----w c:\documents and settings\Mous\Data aplikací\Skype
2009-04-10 16:37 --------- d-----w c:\documents and settings\Mous\Data aplikací\skypePM
2009-04-10 12:52 --------- d-----w c:\documents and settings\All Users\Data aplikací\Google Updater
2009-04-08 21:59 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-07 17:25 --------- d-----w c:\documents and settings\All Users\Data aplikací\Comodo
2009-04-06 18:49 --------- d-----w c:\documents and settings\Mous\Data aplikací\Comodo
2009-04-06 18:37 --------- d-----w c:\program files\VoipCheapCom
2009-04-06 17:50 --------- d-----w c:\program files\Doom 3
2009-04-06 12:38 --------- d-----w c:\program files\Kopie - WoW
2009-04-05 12:20 --------- d-----w c:\program files\Java
2009-04-03 12:18 --------- d-----w c:\documents and settings\Mous\Data aplikací\Free Download Manager
2009-04-02 21:14 --------- d-----w c:\program files\World of Warcraft
2009-03-31 14:59 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-03-31 14:48 --------- d-----r c:\program files\Age Of Empires 2 & The Conquerors Expansion - Full Game - [HUSSEY]
2009-03-31 14:05 --------- d-----w c:\documents and settings\Mous\Data aplikací\Xfire
2009-03-31 13:56 --------- d-----w c:\program files\Teamspeak2_RC2
2009-03-28 10:53 --------- d-----w c:\program files\Xfire
2009-03-26 14:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 14:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-19 22:16 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-14 21:07 --------- d-----w c:\program files\ICQ6 cz
2009-03-13 14:38 --------- d-----w c:\program files\Warcraft III
2009-03-09 03:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-04 14:23 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-02-27 12:45 --------- d-----w c:\program files\MobMapUpdater
2009-02-25 20:53 --------- d-----w c:\documents and settings\Mous\Data aplikací\MobMapUpdater
2009-02-12 18:36 --------- d-----w c:\program files\Pět kouzelných amuletů
2008-09-01 22:32 1,935,872 ----a-w c:\program files\tvsetup.msi
2008-01-26 10:48 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-11-25 19:02 22,328 ----a-w c:\documents and settings\Mous\Data aplikací\PnkBstrK.sys
2007-10-13 22:36 47,360 ----a-w c:\documents and settings\Mous\Data aplikací\pcouffin.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2008-02-27 26624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"mspwr"="c:\windows\system32\PuXpMan2.exe" [2005-09-29 110592]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\cfp.exe" [2009-04-07 1851128]
"COMODO Internet Security"="c:\program files\Comodo\Firewall\cfp.exe" [2009-04-07 1851128]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-03-26 401040]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Mous\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-08-27 624416]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-04-04 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0crcnat.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\STRONG+\\StrongDC.exe"=
"c:\\Program Files\\STRONG (Mous)\\StrongDC.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Doom 3\\Doom3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\ICQ6 cz\\ICQ.exe"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Mous\\mej.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:UDP"= 80:UDP:127.0.0.1
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3306:TCP"= 3306:TCP:MySQL Server
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-04-06 110992]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-04-06 24336]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24:04 41456]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-01-06 179856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-01-06 15504]
R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;c:\windows\system32\drivers\ncfvsbus.sys [2008-09-03 25088]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-04 69120]
S2 gupdate1c9861fd4020982;Google Update Service (gupdate1c9861fd4020982);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 133104]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);c:\windows\system32\sfrem02.exe svc --> c:\windows\system32\sfrem02.exe svc [?]
S3 WLAN; Wireless LAN Driver;c:\windows\system32\DRIVERS\wlanNDS.sys --> c:\windows\system32\DRIVERS\wlanNDS.sys [?]
S4 FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe;FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe;c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart --> c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart [?]
S4 FAH@C:+Program Files+Fallout 3+FAH.exe;FAH@C:+Program Files+Fallout 3+FAH.exe;c:\program files\Fallout 3\FAH.exe -svcstart --> c:\program files\Fallout 3\FAH.exe -svcstart [?]
.
Obsah adresáře 'Naplánované úlohy'

2009-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-179605362-839522115-1003.job
- c:\documents and settings\Mous\Local Settings\Data aplikac []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-lkanfl - c:\windows\system32\lkanfl.exe


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.tiscali.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
FF - ProfilePath - c:\documents and settings\Mous\Data aplikací\Mozilla\Firefox\Profiles\q5s4rbic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.cz/home/
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.proxy.type - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 10:35:57
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+DOCUME~1+Mous+LOCALS~1+Temp+Rar$EX06.625+FAH.exe]
"ImagePath"="c:\docume~1\Mous\LOCALS~1\Temp\Rar$EX06.625\FAH.exe -svcstart"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Program Files+Fallout 3+FAH.exe]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(884)
c:\windows\system32\guard32.dll
.
Celkový čas: 2009-04-11 10:38:13
ComboFix-quarantined-files.txt 2009-04-11 08:38:06

Před spuštěním: Volných bajtů: 17 179 537 408
Po spuštění: Volných bajtů: 17,163,915,264

242 --- E O F --- 2008-09-20 08:09:01

[jaro3]

Log O.K:, můžeš ještě vložit nový log z hJT.

[Mous]

Podle toho jak to fixujete se mi nezdá (asi to už chápu ) O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE (file missing)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:11, on 11.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\PuXpMan2.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Mous\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Documents and Settings\Mous\Plocha\přídavky\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6 cz\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6 cz\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9861fd4020982) (gupdate1c9861fd4020982) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem02.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: USBest Service Zero (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE (file missing)

--
End of file - 10789 bytes

[jaro3]

To není nákaza , jen chybějící soubor ve službách.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Máš tam dva antiviry:
COMODO Internet Security (antivir+firewall)
ESET NOD32 Antivirus (antivir)
Jeden odinstaluj.

Pokud nejspou problémy, je to vše.

[Mous]

fixnuto nevíš náhodou jak se zapíná v Comodu scan PC ??

[jaro3]

No to nevím , COMODo jsem neměl, zkus zadat téma do sekce Viry , antiviry firewally, někdo Ti rád poradí.