Prosím o pomoc s trojským koňom Vyřešeno

[JANíčOK]

Veľmi pekne prosím o pomoc!!!
Eset Smart Security mi detekoval tieto trojské kone
Win/32TrojanDownloader.Agent.OWB trójsky kôň
variant infiltrácie Win32/TrojanDownloader.Wigon.BS trójsky kôň

Windows vyhadzuje hlášku: system32/digeste.dll neni platnou kopii

Posielam log z HJT a veľmi pekne prosím o kontrolu a pomoc. Ďakujem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:57, on 23.3.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Manažer instalací SolidWorks\Scheduler\sldIMScheduler.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\Ján Beňo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\EPC\BHROOT\BIN\NT611SVC.EXE
C:\Program Files\EPC\BHROOT\BIN\monitor.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\EPC\BHROOT\BIN\PORTMAP.EXE
C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\BHPS\JRE142\bin\javaw.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
C:\Program Files\BHPS\Gmg\bin\tbmux32.exe
C:\Program Files\BHPS\JRE142\bin\java.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\Documents and Settings\Ján Beňo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ján Beňo\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\b8f61bf80d61d8a4ce0e4d02c389ec84\update\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PC Translator\webie.dll
O4 - HKLM\..\Run: [pdfFactory Pro Dispečér v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common Files\Manažer instalací SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ján Beňo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Prevziať cez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Prevziať cez IDM všetky prepojenia - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Prevziať obsah FLV cez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} (Cnsweb3d Control) - http://sp02.partcommunity.com/PARTcommu ... sweb3d.cab
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} (ProductView Express) - file://C:\Applic\proeWildfire2\i486_nt\obj\pvx_install.exe
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp04.photoprintit.de/microsite/ ... loader.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: bh611 - Bell& Howell - C:\Program Files\EPC\BHROOT\BIN\NT611SVC.EXE
O23 - Service: Bell & Howell Monitor Service (BHMonitorService) - Bell & Howell - C:\Program Files\EPC\BHROOT\BIN\monitor.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell - C:\Program Files\EPC\BHROOT\BIN\PORTMAP.EXE
O23 - Service: pqeauto.database.dbmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
O23 - Service: pqeauto.energy.mappermonitor - ProQuest Business Solutions - C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
O23 - Service: pqeauto.engine.tomcatmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 9841 bytes

[Reklama]

[jaro3]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[JANíčOK]

Malwarebytes' Anti-Malware mám nainštalovaný stále tak hneď keď začali problémy som s ním PC vyčistil. Dal som odstrániť všetko čo našiel a vypísal, že potrebuje reštartovať systém na to aby sa čistenie mohlo dokončiť potvrdil som a po reštarte sa už MbAM nespustil.
Posielam log z prvého čistenia a hneď za ním z druhého.
Prosím o kontrolu! Vopred ďakujem.

[JANíčOK]

Log MbAM z prvého čistenia

Malwarebytes' Anti-Malware 1.34
Verzia databázy: 1888
Windows 5.1.2600 Service Pack 2

23.3.2009 15:52:12
mbam-log-2009-03-23 (15-52-12).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 77366
Uplynutý cas: 2 minute(s), 58 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 1
Infikovaných registracných klúcov: 2
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 2
Infikovaných priecinkov: 0
Infikovaných súborov: 6

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.

Infikovaných registracných klúcov:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> Quarantined and deleted successfully.

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ján Beňo\Local Settings\temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ján Beňo\Local Settings\temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ján Beňo\Local Settings\temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv891237410850.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.

[JANíčOK]

Log MbAM z druhého čistenia

Malwarebytes' Anti-Malware 1.34
Verzia databázy: 1888
Windows 5.1.2600 Service Pack 2

23.3.2009 18:40:15
mbam-log-2009-03-23 (18-40-11).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 77404
Uplynutý cas: 3 minute(s), 4 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 1
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochrany u ESS.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[JANíčOK]

Posielam log z MbAM a ComboFix a opäť veľmi pekne prosím o kontrolu.
Vopred ďakujem!

Malwarebytes' Anti-Malware 1.34
Verzia databázy: 1888
Windows 5.1.2600 Service Pack 2

23.3.2009 20:50:13
mbam-log-2009-03-23 (20-50-13).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 77485
Uplynutý cas: 2 minute(s), 36 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 1
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)



ComboFix 09-03-22.01 - Ján Beňo 2009-03-23 20:55:21.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.1023.469 [GMT 1:00]
Running from: c:\documents and settings\Ján Beňo\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\msvrc20.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-23 to 2009-03-23 )))))))))))))))))))))))))))))))
.

2009-03-15 21:18 . 2009-03-15 21:18 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-15 21:18 . 2009-03-15 21:18 1,409 --a------ c:\windows\QTFont.for
2009-03-09 21:59 . 2009-03-09 21:59 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-03-09 21:59 . 2009-03-09 21:59 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-03-09 21:59 . 2008-12-11 13:31 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-03-09 21:56 . 2009-03-09 22:25 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-03-09 21:56 . 2009-03-09 21:56 <DIR> d--hs---- c:\documents and settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-09 21:28 . 2009-03-09 21:28 <DIR> d-------- c:\windows\system32\config\systemprofile\Data aplikací\ESET
2009-03-08 14:41 . 2009-03-08 14:41 <DIR> d-------- c:\program files\QIP Infium
2009-03-06 17:18 . 2009-03-06 17:18 <DIR> d-------- c:\program files\QIP
2009-03-03 06:05 . 2009-03-03 06:23 <DIR> d-------- c:\program files\Solid Edge V19
2009-02-28 23:08 . 2009-02-28 23:08 2,544 --a------ c:\windows\system32\settings.aaw
2009-02-28 23:08 . 2009-02-28 23:08 960 --a------ c:\windows\system32\history.aaw
2009-02-26 16:46 . 2009-02-26 16:46 <DIR> d-------- c:\temp\tmpsmazat
2009-02-26 16:46 . 2009-02-26 16:46 <DIR> d-------- C:\Temp
2009-02-26 16:46 . 2003-03-19 12:41 708,608 --a------ c:\temp\cpu_id.exe
2009-02-26 16:46 . 2003-05-09 09:55 172,124 --a------ c:\temp\test_html.exe
2009-02-26 16:46 . 1997-06-22 19:17 967 --a------ c:\temp\HOTOVO.PIF
2009-02-26 16:46 . 2009-02-26 16:46 55 --a------ c:\temp\hotovo.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 19:51 --------- d-----w c:\documents and settings\Ján Beňo\Data aplikací\IM
2009-03-23 19:46 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-23 14:50 --------- d-----w c:\documents and settings\Ján Beňo\Data aplikací\DMCache
2009-03-23 14:48 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-23 14:24 --------- d-----w c:\documents and settings\Ján Beňo\Data aplikací\Skype
2009-03-18 11:17 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-03-18 11:17 --------- d-----r c:\program files\Skype
2009-03-18 11:05 --------- d-----w c:\documents and settings\Ján Beňo\Data aplikací\skypePM
2009-03-09 20:56 --------- d-----w c:\documents and settings\All Users\Data aplikací\TuneUp Software
2009-03-02 18:49 --------- d-----w c:\program files\Common Files\Manažer instalací SolidWorks
2009-03-01 10:35 --------- d-----w c:\documents and settings\Ján Beňo\Data aplikací\SolidWorks
2009-02-23 17:02 --------- d-----w c:\documents and settings\Ján Beňo\Data aplikací\Download Manager
2009-02-17 14:43 --------- d-----w c:\program files\CD Recovery Toolbox Free
2009-02-13 13:01 --------- d-----w c:\program files\totalcmd
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-07 20:09 --------- d-----w c:\program files\STP14
2009-02-07 20:08 --------- d-----w c:\program files\AnyReader
2009-02-06 13:24 56,280 ----a-w c:\windows\system32\drivers\epfwtdi.sys
2009-02-06 13:24 33,096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-02-06 13:24 130,952 ----a-w c:\windows\system32\drivers\epfw.sys
2009-02-06 13:23 106,208 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-02-06 13:19 113,448 ----a-w c:\windows\system32\drivers\eamon.sys
2009-02-03 19:49 --------- d-----w c:\program files\Internet Download Manager
2009-02-01 18:12 --------- d-----w c:\documents and settings\All Users\Data aplikací\SolidWorks
2009-02-01 17:44 --------- d-----w c:\program files\MSECache
2009-02-01 17:43 --------- d-----w c:\program files\MSBuild
2009-02-01 17:39 --------- d-----w c:\program files\Reference Assemblies
2009-01-22 14:49 206,256 ----a-w c:\windows\system32\idmmbc.dll
2008-05-21 20:41 241 ----a-w c:\documents and settings\Ján Beňo\SR.vbs
2008-05-21 20:41 241 ----a-w c:\documents and settings\Ján Beňo\SR.vbs
2008-03-02 20:48 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"Google Update"="c:\documents and settings\Ján Beňo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-12-13 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfFactory Pro Dispečér v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-03-29 483328]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\Manažer instalací SolidWorks\Scheduler\sldIMScheduler.exe" [2008-09-15 7218472]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ATI CATALYST System Tray.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ATI CATALYST System Tray.lnk
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\JustVoip\\JustVoip\\JustVoip.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\applic\\proeWildfire2\\i486_nt\\obj\\pro_comm_msg.exe"=
"c:\\applic\\proeWildfire2\\i486_nt\\obj\\xtop.exe"=
"c:\\applic\\proeWildfire2\\i486_nt\\nms\\nmsd.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\applic\\cadenas\\partsolutions\\software\\lic\\x86\\64\\cnslocal.exe"=
"c:\\applic\\cadenas\\partsolutions\\software\\libs\\x86\\websrv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2003-07-11 14912]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51:58 13560]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 pqeauto.database.dbmonitor.GMG;pqeauto.database.dbmonitor.GMG;c:\program files\BHPS\Gmg\bin\DBMonService.exe -sn"pqeauto.database.dbmonitor.GMG" -f"c:\program files\BHPS\Gmg\bin\DBMonitorCmds.ini" --> c:\program files\BHPS\Gmg\bin\DBMonService.exe -snpqeauto.database.dbmonitor.GMG [?]
R2 pqeauto.energy.mappermonitor;pqeauto.energy.mappermonitor;c:\program files\BHPS\Pmap1\bin\MapperMonService.exe -sn"pqeauto.energy.mappermonitor" -f"c:\program files\BHPS\Pmap1\bin\MapperMonitorCmds.ini" --> c:\program files\BHPS\Pmap1\bin\MapperMonService.exe -snpqeauto.energy.mappermonitor [?]
R2 pqeauto.engine.tomcatmonitor.GMG;pqeauto.engine.tomcatmonitor.GMG;c:\program files\BHPS\Gmg\bin\TomcatMonService.exe -sn"pqeauto.engine.tomcatmonitor.GMG" --> c:\program files\BHPS\Gmg\bin\TomcatMonService.exe -snpqeauto.engine.tomcatmonitor.GMG [?]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-03-09 603904]
R3 dsnpfd;DeskSoft Service;c:\windows\system32\drivers\dsnpfd.sys [2007-03-15 16896]
R3 PAC207;Trust WB-1200p Mini Webcam;c:\windows\system32\drivers\PFC027.sys [2005-02-24 162176]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2001-10-25 69120]
S2 port135sik;port135sik;\??\c:\windows\system32\drivers\port135sik.sys --> c:\windows\system32\drivers\port135sik.sys [?]
S3 FlarionDTM;Flarion DTM Network Interface;c:\windows\system32\drivers\FlrnDTM.sys [2006-08-20 24706]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2004-06-24 23552]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\SETUP.EXE
\Shell\configure\command - G:\SETUP.EXE
\Shell\install\command - G:\SETUP.EXE
.
Contents of the 'Scheduled Tasks' folder

2009-03-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]

2009-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1563985344-839522115-1003.job
- c:\documents and settings\J []

2009-03-22 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 03:08]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSConfigStartUp-Ján Beňo - c:\documents and settings\Ján Beňo\Ján Beňo.exe
MSConfigStartUp-Uniblue SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Prevziať cez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PC Translator\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PC Translator\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PC Translator\webie.dll
DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://sp02.partcommunity.com/PARTcommu ... sweb3d.cab
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://c:\applic\proeWildfire2\i486_nt\obj\pvx_install.exe
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp04.photoprintit.de/microsite/ ... loader.cab
FF - ProfilePath - c:\documents and settings\Ján Beňo\Data aplikací\Mozilla\Firefox\Profiles\l3jey79q.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\documents and settings\Ján Beňo\Data aplikací\IDM\idmmzcc2\components\idmmzcc.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 20:58:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4e04119c-efc1-4c92-86db-375ac6847d1e}]
@Denied: (Full) (Everyone)
"Model"=dword:0000013f
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,29,53,01,52,53,ee,8c,54,b5,66,4a,d0,23,02,d0,61,d7,63,05,2a,87,9b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):95,aa,0a,16,51,e4,11,56,c4,24,24,f4,4a,64,f3,58,e0,e1,6f,c6,9e,
57,2c,75,0e,7a,3f,f0,e8,af,74,13,44,fd,9c,28,7c,4c,4e,42,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):28,b1,41,f9,f5,6c,f4,f2,90,78,c1,14,47,48,41,8d,72,6e,dc,b0,91,
b9,47,c9,91,9e,51,e4,0c,9a,61,ea,f8,b7,6c,8b,33,6e,ca,74,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{82bb2091-a981-49cc-aff4-e5cbeecdcbb0}]
@Denied: (Full) (Everyone)
"Model"=dword:0000016b
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,8c,ba,85,41,2a,
07,85,02,05,98,32,02,34,2b,da,61,60,da,cb,83,a1,ae,d5,9a,31,b7,d4,37,62,ea,\

[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\ACPI\PNP0F13\3&13c0b0c5&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1436)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-23 21:04:29
ComboFix-quarantined-files.txt 2009-03-23 20:03:45

Pre-Run: 9 932 931 072
Post-Run: 9,923,301,376

219

[jaro3]

START-spustit-napiš= cmd.exe -dej OK- v dosovém okně vlož myší celý text:
sc stop port135sik
sc delete port135sik
exit
Restart PC
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\Tasks\Norton Security Scan.job
c:\program files\Norton Security Scan\Nss.exe
c:\windows\system32\drivers\port135sik.sys

Driver::
port135sik

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto znáš:
c:\temp\tmpsmazat
c:\temp\hotovo.bat
c:\temp\HOTOVO.PIF
c:\program files\STP14 ??

[JANíčOK]

Ďakujem za odpoveď. Hneď prvý krok v dosovskom okne sa mi vôbec nedá urobiť. Skúšal som príkazy napísať samostatne, lebo myšou som ich tam nedostal.
Ako na to?

[jaro3]

Toto celé zkopíruj myší:
sc stop port135sik
sc delete port135sik
exit
a pak klikni v dosovém okně na blikající kurzor pravým a vyber vložit.

[JANíčOK]

Tu je výsledok z toho prvého kroku:


Okrem c:\program files\STP14 ani jeden súbor neviem čo je.

Posielam log z ComboFix a HJT. Prosím o kontrolu. Vopred ďakujem!

ComboFix 09-03-22.01 - Ján Beňo 2009-03-24 10:02:23.7 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1023.476 [GMT 1:00]
Running from: c:\documents and settings\Ján Beňo\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Ján Beňo\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\program files\Norton Security Scan\Nss.exe
c:\windows\system32\drivers\port135sik.sys
c:\windows\Tasks\Norton Security Scan.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Norton Security Scan\Nss.exe
c:\windows\Tasks\Norton Security Scan.job

.
((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.

2009-03-15 21:18 . 2009-03-15 21:18 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-15 21:18 . 2009-03-15 21:18 1,409 --a------ c:\windows\QTFont.for
2009-03-09 21:59 . 2009-03-09 21:59 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-03-09 21:59 . 2009-03-09 21:59 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-03-09 21:59 . 2008-12-11 13:31 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-03-09 21:56 . 2009-03-09 22:25 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-03-09 21:56 . 2009-03-09 21:56 <DIR> d--hs---- c:\documents and settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-09 21:28 . 2009-03-09 21:28 <DIR> d-------- c:\windows\system32\config\systemprofile\Data aplikací\ESET
2009-03-08 14:41 . 2009-03-08 14:41 <DIR> d-------- c:\program files\QIP Infium
2009-03-06 17:18 . 2009-03-06 17:18 <DIR> d-------- c:\program files\QIP
2009-03-03 06:05 . 2009-03-03 06:23 <DIR> d-------- c:\program files\Solid Edge V19a
2009-02-28 23:08 . 2009-02-28 23:08 2,544 --a------ c:\windows\system32\settings.aaw
2009-02-28 23:08 . 2009-02-28 23:08 960 --a------ c:\windows\system32\history.aaw
2009-02-26 16:46 . 2009-02-26 16:46 <DIR> d-------- c:\temp\tmpsmazat
2009-02-26 16:46 . 2009-02-26 16:46 <DIR> d-------- C:\Temp
2009-02-26 16:46 . 2003-03-19 12:41 708,608 --a------ c:\temp\cpu_id.exe
2009-02-26 16:46 . 2003-05-09 09:55 172,124 --a------ c:\temp\test_html.exe
2009-02-26 16:46 . 1997-06-22 19:17 967 --a------ c:\temp\HOTOVO.PIF
2009-02-26 16:46 . 2009-02-26 16:46 55 --a------ c:\temp\hotovo.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 09:02 --------- d-----w c:\program files\Norton Security Scan
2009-03-24 09:00 --------- d-----w c:\documents and settings\Ján Beňo\Data aplikací\IM
2009-03-24 08:49 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-23 14:50 --------- d-----w c:\documents and settings\Ján Beňo\Data aplikací\DMCache
2009-03-23 14:48 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-23 14:24 --------- d-----w c:\documents and settings\Ján Beňo\Data aplikací\Skype
2009-03-18 11:17 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2009-03-18 11:17 --------- d-----r c:\program files\Skype
2009-03-18 11:05 --------- d-----w c:\documents and settings\Ján Beňo\Data aplikací\skypePM
2009-03-09 20:56 --------- d-----w c:\documents and settings\All Users\Data aplikací\TuneUp Software
2009-03-02 18:49 --------- d-----w c:\program files\Common Files\Manažer instalací SolidWorks
2009-03-01 10:35 --------- d-----w c:\documents and settings\Ján Beňo\Data aplikací\SolidWorks
2009-02-28 21:02 --------- d-----w c:\documents and settings\All Users\Data aplikací\SolidWorks
2009-02-23 17:02 --------- d-----w c:\documents and settings\Ján Beňo\Data aplikací\Download Manager
2009-02-17 14:43 --------- d-----w c:\program files\CD Recovery Toolbox Free
2009-02-13 13:01 --------- d-----w c:\program files\totalcmd
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-07 20:09 --------- d-----w c:\program files\STP14
2009-02-07 20:08 --------- d-----w c:\program files\AnyReader
2009-02-06 13:24 56,280 ----a-w c:\windows\system32\drivers\epfwtdi.sys
2009-02-06 13:24 33,096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-02-06 13:24 130,952 ----a-w c:\windows\system32\drivers\epfw.sys
2009-02-06 13:23 106,208 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-02-06 13:19 113,448 ----a-w c:\windows\system32\drivers\eamon.sys
2009-02-03 19:49 --------- d-----w c:\program files\Internet Download Manager
2009-02-01 17:44 --------- d-----w c:\program files\MSECache
2009-02-01 17:43 --------- d-----w c:\program files\MSBuild
2009-02-01 17:39 --------- d-----w c:\program files\Reference Assemblies
2009-01-22 14:49 206,256 ----a-w c:\windows\system32\idmmbc.dll
2008-05-21 20:41 241 ----a-w c:\documents and settings\Ján Beňo\SR.vbs
2008-05-21 20:41 241 ----a-w c:\documents and settings\Ján Beňo\SR.vbs
2008-03-02 20:48 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-23_21.01.23,81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-24 09:00:35 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_15c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 139264]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"Google Update"="c:\documents and settings\Ján Beňo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-12-13 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfFactory Pro Dispečér v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-03-29 483328]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\Manažer instalací SolidWorks\Scheduler\sldIMScheduler.exe" [2008-09-15 7218472]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ATI CATALYST System Tray.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\ATI CATALYST System Tray.lnk
backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\JustVoip\\JustVoip\\JustVoip.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\applic\\proeWildfire2\\i486_nt\\obj\\pro_comm_msg.exe"=
"c:\\applic\\proeWildfire2\\i486_nt\\obj\\xtop.exe"=
"c:\\applic\\proeWildfire2\\i486_nt\\nms\\nmsd.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\applic\\cadenas\\partsolutions\\software\\lic\\x86\\64\\cnslocal.exe"=
"c:\\applic\\cadenas\\partsolutions\\software\\libs\\x86\\websrv.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2003-07-11 14912]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51:58 13560]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 pqeauto.database.dbmonitor.GMG;pqeauto.database.dbmonitor.GMG;c:\program files\BHPS\Gmg\bin\DBMonService.exe -sn"pqeauto.database.dbmonitor.GMG" -f"c:\program files\BHPS\Gmg\bin\DBMonitorCmds.ini" --> c:\program files\BHPS\Gmg\bin\DBMonService.exe -snpqeauto.database.dbmonitor.GMG [?]
R2 pqeauto.energy.mappermonitor;pqeauto.energy.mappermonitor;c:\program files\BHPS\Pmap1\bin\MapperMonService.exe -sn"pqeauto.energy.mappermonitor" -f"c:\program files\BHPS\Pmap1\bin\MapperMonitorCmds.ini" --> c:\program files\BHPS\Pmap1\bin\MapperMonService.exe -snpqeauto.energy.mappermonitor [?]
R2 pqeauto.engine.tomcatmonitor.GMG;pqeauto.engine.tomcatmonitor.GMG;c:\program files\BHPS\Gmg\bin\TomcatMonService.exe -sn"pqeauto.engine.tomcatmonitor.GMG" --> c:\program files\BHPS\Gmg\bin\TomcatMonService.exe -snpqeauto.engine.tomcatmonitor.GMG [?]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-03-09 603904]
R3 dsnpfd;DeskSoft Service;c:\windows\system32\drivers\dsnpfd.sys [2007-03-15 16896]
R3 PAC207;Trust WB-1200p Mini Webcam;c:\windows\system32\drivers\PFC027.sys [2005-02-24 162176]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2001-10-25 69120]
S3 FlarionDTM;Flarion DTM Network Interface;c:\windows\system32\drivers\FlrnDTM.sys [2006-08-20 24706]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2004-06-24 23552]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\SETUP.EXE
\Shell\configure\command - G:\SETUP.EXE
\Shell\install\command - G:\SETUP.EXE
.
Contents of the 'Scheduled Tasks' folder

2009-03-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]

2009-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1563985344-839522115-1003.job
- c:\documents and settings\J []
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Prevziať cez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PC Translator\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PC Translator\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PC Translator\webie.dll
DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://sp02.partcommunity.com/PARTcommu ... sweb3d.cab
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://c:\applic\proeWildfire2\i486_nt\obj\pvx_install.exe
DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp04.photoprintit.de/microsite/ ... loader.cab
FF - ProfilePath - c:\documents and settings\Ján Beňo\Data aplikací\Mozilla\Firefox\Profiles\l3jey79q.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\documents and settings\Ján Beňo\Data aplikací\IDM\idmmzcc2\components\idmmzcc.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 10:05:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4e04119c-efc1-4c92-86db-375ac6847d1e}]
@Denied: (Full) (Everyone)
"Model"=dword:0000013f
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,29,53,01,52,53,ee,8c,54,b5,66,4a,d0,23,02,d0,61,d7,63,05,2a,87,9b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):95,aa,0a,16,51,e4,11,56,c4,24,24,f4,4a,64,f3,58,e0,e1,6f,c6,9e,
57,2c,75,0e,7a,3f,f0,e8,af,74,13,44,fd,9c,28,7c,4c,4e,42,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):28,b1,41,f9,f5,6c,f4,f2,90,78,c1,14,47,48,41,8d,72,6e,dc,b0,91,
b9,47,c9,91,9e,51,e4,0c,9a,61,ea,f8,b7,6c,8b,33,6e,ca,74,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{82bb2091-a981-49cc-aff4-e5cbeecdcbb0}]
@Denied: (Full) (Everyone)
"Model"=dword:0000016b
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,8c,ba,85,41,2a,
07,85,02,05,98,32,02,34,2b,da,61,60,da,cb,83,a1,ae,d5,9a,31,b7,d4,37,62,ea,\

[HKEY_LOCAL_MACHINE\System\ControlSet003\Enum\ACPI\PNP0F13\3&13c0b0c5&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1436)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-24 10:10:25
ComboFix-quarantined-files.txt 2009-03-24 09:09:08
ComboFix2.txt 2009-03-23 20:04:30

Pre-Run: 9 858 809 856
Post-Run: 9,841,397,760

220



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:15, on 24.3.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Manažer instalací SolidWorks\Scheduler\sldIMScheduler.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\Ján Beňo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\EPC\BHROOT\BIN\NT611SVC.EXE
C:\Program Files\EPC\BHROOT\BIN\monitor.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\EPC\BHROOT\BIN\PORTMAP.EXE
C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\BHPS\JRE142\bin\javaw.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
C:\Program Files\BHPS\Gmg\bin\tbmux32.exe
C:\Program Files\BHPS\JRE142\bin\java.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\Program Files\BHPS\Gmg\bin\tbkern32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PC Translator\webie.dll
O4 - HKLM\..\Run: [pdfFactory Pro Dispečér v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common Files\Manažer instalací SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ján Beňo\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Prevziať cez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Prevziať cez IDM všetky prepojenia - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Prevziať obsah FLV cez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PC Translator\webie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} (Cnsweb3d Control) - http://sp02.partcommunity.com/PARTcommu ... sweb3d.cab
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} (ProductView Express) - file://C:\Applic\proeWildfire2\i486_nt\obj\pvx_install.exe
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp04.photoprintit.de/microsite/ ... loader.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: bh611 - Bell& Howell - C:\Program Files\EPC\BHROOT\BIN\NT611SVC.EXE
O23 - Service: Bell & Howell Monitor Service (BHMonitorService) - Bell & Howell - C:\Program Files\EPC\BHROOT\BIN\monitor.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell - C:\Program Files\EPC\BHROOT\BIN\PORTMAP.EXE
O23 - Service: pqeauto.database.dbmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\DBMonService.exe
O23 - Service: pqeauto.energy.mappermonitor - ProQuest Business Solutions - C:\Program Files\BHPS\Pmap1\bin\MapperMonService.exe
O23 - Service: pqeauto.engine.tomcatmonitor.GMG - ProQuest Business Solutions - C:\Program Files\BHPS\Gmg\bin\TomcatMonService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 9746 bytes

[jaro3]

Je to správně , služba je pryč..

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Aktualizuj javu:
Java SE Runtime Environment 6u12
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u12-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.

Pokud nejsou problémy , je to vše..