Prosím o kontrolu logu z HJT

[Angada]

Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:03, on 25.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\User\Plocha\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {85DD4E0D-2B01-4D4D-9E66-3A165AB6EDA4} - C:\WINDOWS\system32\qoMfcBTj.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [wextract_cleanup2] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ONDEJP~1\LOCALS~1\Temp\IXP002.TMP\"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: qoMfcBTj - C:\WINDOWS\SYSTEM32\qoMfcBTj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8715 bytes

Nejdříve jsem ho chtěl poslat jako preventivku, ale od včerejška mám problém s tímhle:
O4 - HKLM\..\RunOnce: [wextract_cleanup2] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ONDEJP~1\LOCALS~1\Temp\IXP002.TMP\"

Tak jestli byste se na tohle i na zbytek logu někdo kouknul.

Předem dík.

[Reklama]

[jaro3]

Vypni rez. ochranu u NOD32 a vypni rez. ochranu u SpyBota: postupuj podle fredika zde:
viewtopic.php?f=70&t=31077
Stáhni si ComboFix (by sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Angada]

Tady je ten log:

ComboFix 08-10-24.02 - Ondřej Pátek 2008-10-26 13:06:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.514 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Ondřej Pátek\Plocha\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\lrqpymax.dll
C:\WINDOWS\system32\qoMdCuvW.dll
C:\WINDOWS\system32\sjyxtpxi.exe
C:\WINDOWS\system32\WvuCdMoq.ini
C:\WINDOWS\system32\WvuCdMoq.ini2
C:\WINDOWS\system32\xamypqrl.ini

----- BITS: Možné infikované stránky -----

hxxp://www.grabyourphone.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-09-26 do 2008-10-26 )))))))))))))))))))))))))))))))
.

2008-10-25 21:29 . 2008-10-25 21:29 316,536 --a------ C:\WINDOWS\system32\nnnmmmMD.dll
2008-10-25 19:29 . 2008-10-25 19:29 316,536 --a------ C:\WINDOWS\system32\cbXNDUOe.dll
2008-10-25 17:29 . 2008-10-25 17:29 316,536 --a------ C:\WINDOWS\system32\ddcCUmKD.dll
2008-10-25 15:28 . 2008-10-25 15:28 315,664 --a------ C:\WINDOWS\system32\xxywuVMg.dll
2008-10-25 14:25 . 2008-10-25 14:25 316,536 --a------ C:\WINDOWS\system32\vtUkkhGx.dll
2008-10-25 13:25 . 2008-10-25 13:25 316,536 --a------ C:\WINDOWS\system32\cbXPhiFX.dll
2008-10-25 13:23 . 2008-10-25 13:23 <DIR> d-------- C:\Program Files\COMODO
2008-10-25 13:23 . 2008-10-25 13:23 <DIR> d-------- C:\Documents and Settings\Ondřej Pátek\Data aplikací\Comodo
2008-10-25 13:23 . 2008-10-25 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\comodo
2008-10-25 13:23 . 2008-10-25 13:23 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-10-25 13:23 . 2008-10-25 13:23 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-10-25 13:23 . 2008-10-25 13:23 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-10-25 11:25 . 2008-10-25 11:25 316,536 --a------ C:\WINDOWS\system32\byXnoliF.dll
2008-10-25 11:06 . 2008-10-25 11:06 33,792 --a------ C:\WINDOWS\system32\qoMfcBTj.dll
2008-10-25 11:06 . 2008-10-25 11:06 33,792 --a------ C:\WINDOWS\system32\jkkkKcaB.dll
2008-10-25 10:52 . 2008-10-25 10:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\MailFrontier
2008-10-25 10:52 . 2004-04-27 03:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-10-25 10:51 . 2008-10-25 11:11 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-10-25 08:10 . 2008-10-25 08:44 <DIR> d-------- C:\Program Files\RegCleaner
2008-10-25 08:05 . 2008-10-25 08:05 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-10-25 08:05 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-10-25 07:14 . 2008-10-26 13:14 11,493 --a------ C:\WINDOWS\system32\oodbs.lor
2008-10-25 07:07 . 2008-03-03 13:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-10-25 07:07 . 2008-03-03 17:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-10-25 07:06 . 2008-10-25 07:06 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2008-10-24 20:43 . 2008-10-24 20:48 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-24 20:43 . 2008-10-25 06:51 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-10-24 15:24 . 2008-10-24 15:24 135,168 --a------ C:\WINDOWS\system32\New.exe
2008-10-24 15:24 . 2008-10-24 15:24 135,168 --ah----- C:\WINDOWS\system32\BITA.tmp
2008-10-24 12:19 . 2008-10-24 13:15 <DIR> d-------- C:\Documents and Settings\Ondřej Pátek\Data aplikací\PLANStudio Setup
2008-10-24 09:22 . 2008-10-15 17:38 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-23 22:27 . 2008-10-23 22:27 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-10-17 01:41 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-17 01:40 . 2008-08-14 14:26 2,191,360 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-17 01:40 . 2008-08-14 14:26 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-17 01:40 . 2008-08-14 14:26 2,068,224 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-17 01:40 . 2008-08-14 14:26 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-17 01:40 . 2008-09-15 16:27 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 17:57 --------- d-----w C:\Documents and Settings\Ondřej Pátek\Data aplikací\uTorrent
2008-10-25 07:05 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-10-25 06:06 --------- d-----w C:\Program Files\ESET
2008-10-25 05:56 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-10-25 05:55 --------- d-----w C:\Program Files\Java
2008-10-24 19:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-24 19:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-24 08:31 --------- d-----w C:\Program Files\Opera
2008-09-19 11:30 --------- d-----w C:\Program Files\ASUS
2008-09-15 15:27 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-07 15:27 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-09-04 04:02 730,368 ----a-w C:\WINDOWS\system32\oodsvct.exe
2008-09-04 04:02 1,295,616 ----a-w C:\WINDOWS\system32\oodag.exe
2008-09-04 04:01 2,524,416 ----a-w C:\WINDOWS\system32\oodtray.exe
2008-09-04 04:01 194,816 ----a-w C:\WINDOWS\system32\oodbs.exe
2008-09-04 03:58 9,984 ----a-w C:\WINDOWS\system32\oodbsrs.dll
2008-09-04 03:58 894,208 ----a-w C:\WINDOWS\system32\oodtrrs.dll
2008-09-04 03:58 8,448 ----a-w C:\WINDOWS\system32\oodagrs.dll
2008-09-04 03:58 15,616 ----a-w C:\WINDOWS\system32\oodagmg.dll
2008-08-30 03:21 37,896 ----a-w C:\WINDOWS\system32\drivers\oobctm.sys
2008-08-30 03:20 15,104 ----a-w C:\WINDOWS\system32\ootmapi.dll
2008-08-27 19:43 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-27 19:42 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Nokia
2008-08-27 19:29 --------- d-----w C:\Program Files\Nokia
2008-08-27 19:29 --------- d-----w C:\Program Files\Common Files\Nokia
2008-08-27 19:28 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Installations
2008-08-26 08:27 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:26 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:26 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2006-12-05 16:48 0 ----a-w C:\Documents and Settings\Ondřej Pátek\Data aplikací\wklnhst.dat
2008-05-10 12:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051020080511\index.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85DD4E0D-2B01-4D4D-9E66-3A165AB6EDA4}]
2008-10-25 11:06 33792 --a------ C:\WINDOWS\system32\qoMfcBTj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 737369]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 40960]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2008-09-04 2524416]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-10-25 1655552]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-20 C:\WINDOWS\RTHDCPL.EXE]
"SMSERIAL"="sm56hlpr.exe" [2005-09-16 C:\WINDOWS\sm56hlpr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{85DD4E0D-2B01-4D4D-9E66-3A165AB6EDA4}"= "C:\WINDOWS\system32\qoMfcBTj.dll" [2008-10-25 33792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMfcBTj]
2008-10-25 11:06 33792 C:\WINDOWS\system32\qoMfcBTj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\ASUS\\WL-520GC Wireless Router Utilities\\Discovery.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-10-25 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-10-25 24208]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 69120]
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2004-08-18 3584]
S3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 16269]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);C:\WINDOWS\system32\drivers\averhbtv.sys [2007-04-30 302848]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-25 306432]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2008-10-24 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]

2008-10-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2007-12-24 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 12:01]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{573A930F-A3B8-4512-9224-BAD9AD0ED5DA} - C:\WINDOWS\system32\qoMdCuvW.dll
HKLM-Run-f0a9aaa2 - C:\WINDOWS\system32\lrqpymax.dll


.
------- Doplňkový sken -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.msn.com
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 13:16:19
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

PROCES: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\qoMfcBTj.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Celkový čas: 2008-10-26 13:34:10 - počítač byl restartován [Ondřej Pátek]
ComboFix-quarantined-files.txt 2008-10-26 12:34:01

Před spuštěním: Volných bajtů: 86,214,455,296
Po spuštění: Volných bajtů: 86,233,280,512

223 --- E O F --- 2008-10-24 15:16:15

[jaro3]

Ke ComboFixu se ještě vrátíme.
Stáhni si Malwarebytes' Anti-Malware
http://www.besttechie.net/tools/mbam-setup.exe

Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Angada]

Tady je log:

Malwarebytes' Anti-Malware 1.30
Verze databáze: 1322
Windows 5.1.2600 Service Pack 3

26.10.2008 15:37:40
mbam-log-2008-10-26 (15-37-36).txt

Typ skenu: Rychlý sken
Objektu skenováno: 53920
Uplynulý cas: 6 minute(s), 0 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 3
Infikované klíce registru: 11
Infikované hodnoty registru: 2
Infikované položky dat registru: 2
Infikované složky: 0
Infikované soubory: 19

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
C:\WINDOWS\system32\gsqbawao.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\opnkihef.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\qoMfcBTj.dll (Trojan.Vundo) -> No action taken.

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e8f4034-bebf-4dae-80b1-e606f248c3ca} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7e8f4034-bebf-4dae-80b1-e606f248c3ca} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85dd4e0d-2b01-4d4d-9e66-3a165ab6eda4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomfcbtj (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{85dd4e0d-2b01-4d4d-9e66-3a165ab6eda4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{85dd4e0d-2b01-4d4d-9e66-3a165ab6eda4} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7e8f4034-bebf-4dae-80b1-e606f248c3ca} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f0a9aaa2 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{85dd4e0d-2b01-4d4d-9e66-3a165ab6eda4} (Trojan.Vundo) -> No action taken.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnkihef -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnkihef -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\system32\opnkihef.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fehiknpo.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fehiknpo.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\qoMfcBTj.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gsqbawao.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\oawabqsg.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ddcCUmKD.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vtUkkhGx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nnnmmmMD.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kqtvrufl.exe (Trojan.LowZones) -> No action taken.
C:\WINDOWS\system32\byXnoliF.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cbXNDUOe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cbXPhiFX.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jkkkKcaB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xxywuVMg.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Ondřej Pátek\Local Settings\Temporary Internet Files\Content.IE5\7JPHIMEZ\upd105320[2] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Ondřej Pátek\Local Settings\Temporary Internet Files\Content.IE5\AWVW28XC\cntr[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Ondřej Pátek\Local Settings\Temporary Internet Files\Content.IE5\PJQGSEXZ\kb20010911[1] (Trojan.LowZones) -> No action taken.
C:\WINDOWS\system32\wddgbanj.dll (Trojan.Vundo) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

[Angada]

Tady je :) :

Malwarebytes' Anti-Malware 1.30
Verze databáze: 1322
Windows 5.1.2600 Service Pack 3

26.10.2008 16:09:46
mbam-log-2008-10-26 (16-09-46).txt

Typ skenu: Rychlý sken
Objektu skenováno: 54219
Uplynulý cas: 6 minute(s), 30 second(s)

Infikované procesy pameti: 2
Infikované pametové moduly: 5
Infikované klíce registru: 12
Infikované hodnoty registru: 2
Infikované položky dat registru: 2
Infikované složky: 0
Infikované soubory: 27

Infikované procesy pameti:
C:\WINDOWS\system32\dpfqgclt.exe (Trojan.LowZones) -> Unloaded process successfully.
C:\WINDOWS\system32\kqoucgvd.exe (Trojan.LowZones) -> Unloaded process successfully.

Infikované pametové moduly:
C:\WINDOWS\system32\dpvrbshu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\opnkihef.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tfrtfybv.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wddgbanj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMfcBTj.dll (Trojan.Vundo) -> Delete on reboot.

Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d4a48ad-2f5c-484c-82f0-0aae954828da} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3d4a48ad-2f5c-484c-82f0-0aae954828da} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85dd4e0d-2b01-4d4d-9e66-3a165ab6eda4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomfcbtj (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{85dd4e0d-2b01-4d4d-9e66-3a165ab6eda4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{85dd4e0d-2b01-4d4d-9e66-3a165ab6eda4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3d4a48ad-2f5c-484c-82f0-0aae954828da} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4165c9aa-5d7c-436a-bfa7-838c3dbccc81} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4165c9aa-5d7c-436a-bfa7-838c3dbccc81} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f0a9aaa2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{85dd4e0d-2b01-4d4d-9e66-3a165ab6eda4} (Trojan.Vundo) -> Delete on reboot.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnkihef -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnkihef -> Delete on reboot.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\system32\opnkihef.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fehiknpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fehiknpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMfcBTj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dpvrbshu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uhsbrvpd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gsqbawao.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oawabqsg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tfrtfybv.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vbyftrft.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wddgbanj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jnabgddw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpfqgclt.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcCUmKD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUkkhGx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnmmmMD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kqoucgvd.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kqtvrufl.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXnoliF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXNDUOe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXPhiFX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkkKcaB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxywuVMg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yubrvuma.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ondřej Pátek\Local Settings\Temporary Internet Files\Content.IE5\AWVW28XC\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ondřej Pátek\Local Settings\Temporary Internet Files\Content.IE5\PJQGSEXZ\kb20010911[1] (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ondřej Pátek\Local Settings\Temporary Internet Files\Content.IE5\PJQGSEXZ\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

[jaro3]

Pokud neproběhl restart , tak proveď ručně.
Znovu rozjeď Combofix a vlož sem nový log.

[Angada]

:) Další log:

ComboFix 08-10-25.01 - Ondřej Pátek 2008-10-26 16:40:14.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.561 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Ondřej Pátek\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
* Resident AV is active

.

((((((((((((((((((((((((( Soubory vytvořené od 2008-09-26 do 2008-10-26 )))))))))))))))))))))))))))))))
.

2008-10-26 15:28 . 2008-10-26 15:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-26 15:28 . 2008-10-26 15:28 <DIR> d-------- C:\Documents and Settings\Ondřej Pátek\Data aplikací\Malwarebytes
2008-10-26 15:28 . 2008-10-26 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2008-10-26 15:28 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-26 15:28 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-25 13:23 . 2008-10-25 13:23 <DIR> d-------- C:\Program Files\COMODO
2008-10-25 13:23 . 2008-10-25 13:23 <DIR> d-------- C:\Documents and Settings\Ondřej Pátek\Data aplikací\Comodo
2008-10-25 13:23 . 2008-10-25 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\comodo
2008-10-25 13:23 . 2008-10-25 13:23 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-10-25 13:23 . 2008-10-25 13:23 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-10-25 13:23 . 2008-10-25 13:23 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-10-25 10:52 . 2008-10-25 10:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\MailFrontier
2008-10-25 10:52 . 2004-04-27 03:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-10-25 10:51 . 2008-10-25 11:11 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-10-25 08:10 . 2008-10-25 08:44 <DIR> d-------- C:\Program Files\RegCleaner
2008-10-25 08:05 . 2008-10-25 08:05 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-10-25 08:05 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-10-25 07:14 . 2008-10-26 16:13 12,770 --a------ C:\WINDOWS\system32\oodbs.lor
2008-10-25 07:07 . 2008-03-03 13:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-10-25 07:07 . 2008-03-03 17:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-10-25 07:06 . 2008-10-25 07:06 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2008-10-24 20:43 . 2008-10-24 20:48 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-24 20:43 . 2008-10-25 06:51 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-10-24 15:24 . 2008-10-24 15:24 135,168 --a------ C:\WINDOWS\system32\New.exe
2008-10-24 15:24 . 2008-10-24 15:24 135,168 --ah----- C:\WINDOWS\system32\BITA.tmp
2008-10-24 12:19 . 2008-10-24 13:15 <DIR> d-------- C:\Documents and Settings\Ondřej Pátek\Data aplikací\PLANStudio Setup
2008-10-24 09:22 . 2008-10-15 17:38 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-23 22:27 . 2008-10-23 22:27 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-10-17 01:41 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-17 01:40 . 2008-08-14 14:26 2,191,360 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-17 01:40 . 2008-08-14 14:26 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-17 01:40 . 2008-08-14 14:26 2,068,224 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-17 01:40 . 2008-08-14 14:26 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-17 01:40 . 2008-09-15 16:27 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 15:11 --------- d-----w C:\Documents and Settings\Ondřej Pátek\Data aplikací\uTorrent
2008-10-25 07:05 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-10-25 06:06 --------- d-----w C:\Program Files\ESET
2008-10-25 05:56 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-10-25 05:55 --------- d-----w C:\Program Files\Java
2008-10-24 19:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-24 19:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-24 08:31 --------- d-----w C:\Program Files\Opera
2008-09-19 11:30 --------- d-----w C:\Program Files\ASUS
2008-09-15 15:27 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-07 15:27 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-09-04 04:02 730,368 ----a-w C:\WINDOWS\system32\oodsvct.exe
2008-09-04 04:02 1,295,616 ----a-w C:\WINDOWS\system32\oodag.exe
2008-09-04 04:01 2,524,416 ----a-w C:\WINDOWS\system32\oodtray.exe
2008-09-04 04:01 194,816 ----a-w C:\WINDOWS\system32\oodbs.exe
2008-09-04 03:58 9,984 ----a-w C:\WINDOWS\system32\oodbsrs.dll
2008-09-04 03:58 894,208 ----a-w C:\WINDOWS\system32\oodtrrs.dll
2008-09-04 03:58 8,448 ----a-w C:\WINDOWS\system32\oodagrs.dll
2008-09-04 03:58 15,616 ----a-w C:\WINDOWS\system32\oodagmg.dll
2008-08-30 03:21 37,896 ----a-w C:\WINDOWS\system32\drivers\oobctm.sys
2008-08-30 03:20 15,104 ----a-w C:\WINDOWS\system32\ootmapi.dll
2008-08-27 19:43 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-27 19:42 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Nokia
2008-08-27 19:29 --------- d-----w C:\Program Files\Nokia
2008-08-27 19:29 --------- d-----w C:\Program Files\Common Files\Nokia
2008-08-27 19:28 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Installations
2008-08-26 08:27 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:26 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:26 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2006-12-05 16:48 0 ----a-w C:\Documents and Settings\Ondřej Pátek\Data aplikací\wklnhst.dat
2008-05-10 12:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051020080511\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-26_13.33.32.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-26 12:01:02 77,280 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2008-10-26 15:17:38 77,280 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2008-10-26 12:01:02 65,378 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-26 15:17:38 65,378 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-26 12:01:02 408,682 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2008-10-26 15:17:38 408,682 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2008-10-26 12:01:02 410,908 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-26 15:17:38 410,908 ----a-w C:\WINDOWS\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 737369]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 40960]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2008-09-04 2524416]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-10-25 1655552]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-20 C:\WINDOWS\RTHDCPL.EXE]
"SMSERIAL"="sm56hlpr.exe" [2005-09-16 C:\WINDOWS\sm56hlpr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\ASUS\\WL-520GC Wireless Router Utilities\\Discovery.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-10-25 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-10-25 24208]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 69120]
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2004-08-18 3584]
S3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 16269]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);C:\WINDOWS\system32\drivers\averhbtv.sys [2007-04-30 302848]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-25 306432]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2008-10-24 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]

2008-10-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2007-12-24 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 12:01]
.
.
------- Doplňkový sken -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.msn.com
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 16:44:17
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

PROCES: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCES: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Celkový čas: 2008-10-26 16:48:21
ComboFix-quarantined-files.txt 2008-10-26 15:47:15
ComboFix2.txt 2008-10-26 12:34:11

Před spuštěním: Volných bajtů: 84 560 240 640
Po spuštění: Volných bajtů: 84,552,081,408

195 --- E O F --- 2008-10-24 15:16:15

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\New.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Angada]

Log - ComboFix

ComboFix 08-10-25.01 - Ondřej Pátek 2008-10-26 17:31:41.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.215 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Ondřej Pátek\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Ondřej Pátek\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active


FILE ::
C:\WINDOWS\system32\New.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\New.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-09-26 do 2008-10-26 )))))))))))))))))))))))))))))))
.

2008-10-26 15:28 . 2008-10-26 15:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-26 15:28 . 2008-10-26 15:28 <DIR> d-------- C:\Documents and Settings\Ondřej Pátek\Data aplikací\Malwarebytes
2008-10-26 15:28 . 2008-10-26 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2008-10-26 15:28 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-26 15:28 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-25 13:23 . 2008-10-25 13:23 <DIR> d-------- C:\Program Files\COMODO
2008-10-25 13:23 . 2008-10-25 13:23 <DIR> d-------- C:\Documents and Settings\Ondřej Pátek\Data aplikací\Comodo
2008-10-25 13:23 . 2008-10-25 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\comodo
2008-10-25 13:23 . 2008-10-25 13:23 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-10-25 13:23 . 2008-10-25 13:23 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-10-25 13:23 . 2008-10-25 13:23 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-10-25 10:52 . 2008-10-25 10:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\MailFrontier
2008-10-25 10:52 . 2004-04-27 03:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-10-25 10:51 . 2008-10-25 11:11 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-10-25 08:10 . 2008-10-25 08:44 <DIR> d-------- C:\Program Files\RegCleaner
2008-10-25 08:05 . 2008-10-25 08:05 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-10-25 08:05 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-10-25 07:14 . 2008-10-26 16:13 12,770 --a------ C:\WINDOWS\system32\oodbs.lor
2008-10-25 07:07 . 2008-03-03 13:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-10-25 07:07 . 2008-03-03 17:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-10-25 07:06 . 2008-10-25 07:06 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2008-10-24 20:43 . 2008-10-24 20:48 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-24 20:43 . 2008-10-26 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-10-24 15:24 . 2008-10-24 15:24 135,168 --ah----- C:\WINDOWS\system32\BITA.tmp
2008-10-24 12:19 . 2008-10-24 13:15 <DIR> d-------- C:\Documents and Settings\Ondřej Pátek\Data aplikací\PLANStudio Setup
2008-10-24 09:22 . 2008-10-15 17:38 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-23 22:27 . 2008-10-23 22:27 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-10-17 01:41 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-17 01:40 . 2008-08-14 14:26 2,191,360 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-17 01:40 . 2008-08-14 14:26 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-17 01:40 . 2008-08-14 14:26 2,068,224 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-17 01:40 . 2008-08-14 14:26 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-17 01:40 . 2008-09-15 16:27 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 16:36 --------- d-----w C:\Documents and Settings\Ondřej Pátek\Data aplikací\uTorrent
2008-10-25 07:05 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-10-25 06:06 --------- d-----w C:\Program Files\ESET
2008-10-25 05:56 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-10-25 05:55 --------- d-----w C:\Program Files\Java
2008-10-24 19:40 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-24 19:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-24 08:31 --------- d-----w C:\Program Files\Opera
2008-09-19 11:30 --------- d-----w C:\Program Files\ASUS
2008-09-15 15:27 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-07 15:27 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-09-04 04:02 730,368 ----a-w C:\WINDOWS\system32\oodsvct.exe
2008-09-04 04:02 1,295,616 ----a-w C:\WINDOWS\system32\oodag.exe
2008-09-04 04:01 2,524,416 ----a-w C:\WINDOWS\system32\oodtray.exe
2008-09-04 04:01 194,816 ----a-w C:\WINDOWS\system32\oodbs.exe
2008-09-04 03:58 9,984 ----a-w C:\WINDOWS\system32\oodbsrs.dll
2008-09-04 03:58 894,208 ----a-w C:\WINDOWS\system32\oodtrrs.dll
2008-09-04 03:58 8,448 ----a-w C:\WINDOWS\system32\oodagrs.dll
2008-09-04 03:58 15,616 ----a-w C:\WINDOWS\system32\oodagmg.dll
2008-08-30 03:21 37,896 ----a-w C:\WINDOWS\system32\drivers\oobctm.sys
2008-08-30 03:20 15,104 ----a-w C:\WINDOWS\system32\ootmapi.dll
2008-08-27 19:43 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-27 19:42 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Nokia
2008-08-27 19:29 --------- d-----w C:\Program Files\Nokia
2008-08-27 19:29 --------- d-----w C:\Program Files\Common Files\Nokia
2008-08-27 19:28 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Installations
2008-08-26 08:27 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:26 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:26 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2006-12-05 16:48 0 ----a-w C:\Documents and Settings\Ondřej Pátek\Data aplikací\wklnhst.dat
2008-05-10 12:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051020080511\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-26_13.33.32.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-26 12:01:02 77,280 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2008-10-26 15:17:38 77,280 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2008-10-26 12:01:02 65,378 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-26 15:17:38 65,378 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-26 12:01:02 408,682 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2008-10-26 15:17:38 408,682 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2008-10-26 12:01:02 410,908 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-26 15:17:38 410,908 ----a-w C:\WINDOWS\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 737369]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 40960]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2008-09-04 2524416]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-10-25 1655552]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-20 C:\WINDOWS\RTHDCPL.EXE]
"SMSERIAL"="sm56hlpr.exe" [2005-09-16 C:\WINDOWS\sm56hlpr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\ASUS\\WL-520GC Wireless Router Utilities\\Discovery.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-10-25 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-10-25 24208]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 69120]
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2004-08-18 3584]
S3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 16269]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);C:\WINDOWS\system32\drivers\averhbtv.sys [2007-04-30 302848]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-25 306432]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
.
Obsah adresáře 'Naplánované úlohy'

2008-10-24 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]

2008-10-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2007-12-24 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 12:01]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 17:34:51
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

PROCES: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCES: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Celkový čas: 2008-10-26 17:38:45
ComboFix-quarantined-files.txt 2008-10-26 16:37:39
ComboFix2.txt 2008-10-26 15:48:22
ComboFix3.txt 2008-10-26 12:34:11

Před spuštěním: Volných bajtů: 84 535 693 312
Po spuštění: Volných bajtů: 84,521,488,384

190 --- E O F --- 2008-10-24 15:16:15



Log - HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:20, on 26.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Ondřej Pátek\Plocha\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7551 bytes

[jaro3]

Fix v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

Logy O.K:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Aktualizuj javu:
Java SE Runtime Environment 6u10

Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u10-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.