Prosím o kontrolu logu HiJackThis (nutně) děkuji Vyřešeno

[liRik]

Dobrý den. Prudce se mi zbrzdilo načítání internetových stránek a nadto mi něco blokuje 6MB internet na 2MB. Prosím o pomoc! Děkuji.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:17, on 29.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/runonce3.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: S&end to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7384932562
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate1c9c8e665607ba8) (gupdate1c9c8e665607ba8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6880 bytes

[Reklama]

[Damned]

Nevidím tam problém.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[liRik]

Malwarebytes' Anti-Malware 1.38
Verze databáze: 2350
Windows 5.1.2600 Service Pack 3

29.6.2009 15:47:48
mbam-log-2009-06-29 (15-47-48).txt

Typ skenu: Rychlý sken
Objektu skenováno: 85289
Uplynulý cas: 5 minute(s), 53 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[Damned]

Asi na tvé straně nebude problém.


Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[liRik]

ComboFix 09-06-28.04 - liRik 29.06.2009 16:14.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1271.790 [GMT 2:00]
Spuštěný z: c:\documents and settings\liRik\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-28 do 2009-06-29 )))))))))))))))))))))))))))))))
.

2009-06-27 09:58 . 2009-06-27 09:58 -------- d-----w- c:\program files\ESET
2009-06-25 21:56 . 2009-06-25 21:56 -------- d-----w- c:\documents and settings\LocalService\Plocha
2009-06-25 21:40 . 2009-06-25 22:49 -------- d-----w- c:\program files\Lavasoft
2009-06-25 11:19 . 2009-06-25 11:19 -------- d-----w- c:\program files\Babylon
2009-06-25 11:11 . 2009-06-25 11:11 -------- d-----w- c:\program files\Opera
2009-06-24 21:25 . 2009-06-24 21:25 -------- d---a-w- c:\windows\system32\runouce.exe
2009-06-24 21:23 . 2009-06-24 21:23 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-06-24 21:23 . 2009-06-24 21:23 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-06-24 21:23 . 2009-06-24 21:23 28672 ----a-w- c:\windows\system32\eEmpty.exe
2009-06-24 21:23 . 2008-04-14 08:52 137216 ----a-w- c:\windows\system32\T.COM
2009-06-24 21:23 . 2008-04-14 08:52 147968 ----a-w- c:\windows\R.COM
2009-06-24 21:23 . 2009-06-24 21:23 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-06-23 21:47 . 2009-06-23 21:47 -------- d-----w- c:\program files\CoreCodec
2009-06-23 21:34 . 2009-06-23 22:50 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-06-23 21:19 . 2009-06-23 21:19 -------- d-----w- c:\program files\VS Revo Group
2009-06-21 17:39 . 2009-06-21 17:40 -------- d-----w- c:\program files\Hamachi
2009-06-21 16:28 . 2009-06-21 16:28 -------- d-----w- c:\program files\Microsoft Works
2009-06-21 16:27 . 2009-06-21 16:27 -------- d-----w- c:\program files\Microsoft.NET
2009-06-21 16:24 . 2009-06-21 16:24 -------- d-----w- c:\windows\SHELLNEW
2009-06-21 16:23 . 2009-06-21 16:23 -------- d--h--r- C:\MSOCache
2009-06-21 15:28 . 2009-06-21 15:28 -------- d-----w- c:\program files\microsoft frontpage
2009-06-19 22:48 . 2009-06-19 22:48 -------- d-----w- c:\program files\uTorrent
2009-06-19 19:26 . 2009-06-19 19:26 -------- d-----w- c:\windows\Eurobattle.net
2009-06-19 08:25 . 2009-06-19 08:25 -------- d-----w- c:\program files\Lavalys
2009-06-15 19:21 . 2009-06-15 19:21 -------- d--h--w- c:\windows\PIF
2009-06-14 19:51 . 2009-06-15 06:10 -------- d-sh--w- C:\Boot
2009-06-12 09:56 . 2009-06-12 09:56 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-12 09:56 . 2009-06-12 09:56 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-12 09:55 . 2009-06-12 09:55 -------- d-----w- c:\program files\DIFX
2009-06-12 09:55 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-12 09:55 . 2009-06-12 09:55 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-12 09:55 . 2008-09-15 05:56 8064 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-06-12 09:55 . 2008-09-15 05:56 8064 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-06-12 09:55 . 2008-09-15 05:56 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-06-12 09:55 . 2008-09-15 05:56 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-06-12 09:55 . 2008-09-15 05:56 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-06-12 09:55 . 2008-09-15 05:29 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-06-12 09:55 . 2009-06-12 09:56 -------- d-----w- c:\program files\Nokia
2009-06-12 09:05 . 2009-06-12 09:09 35346 ----a-w- c:\windows\scunin.dat
2009-06-12 09:05 . 2009-06-12 09:09 967 ----a-w- c:\windows\ScUnin.pif
2009-06-12 09:05 . 2009-06-12 09:09 94208 ----a-w- c:\windows\ScUnin.exe
2009-06-11 22:08 . 2009-06-11 22:08 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-11 22:08 . 2008-12-11 11:31 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-11 22:08 . 2009-06-11 22:08 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-11 22:07 . 2009-06-25 11:36 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-11 20:33 . 2009-06-11 20:33 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-06-11 20:13 . 2009-06-24 16:52 -------- d-----w- c:\program files\VideoConverterPortable
2009-06-11 16:56 . 2009-06-11 16:57 7299223 ----a-w- c:\windows\!!zaloha.zip
2009-06-02 16:36 . 2009-06-02 16:36 -------- d-----w- c:\windows\system32\LogFiles
2009-06-02 16:35 . 2008-04-13 20:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2009-06-02 16:35 . 2008-04-13 20:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-06-02 16:35 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-06-02 16:32 . 2008-09-15 05:56 91136 ----a-w- c:\windows\system32\nmwcdcls.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 14:13 . 2009-03-17 21:59 -------- d-----w- c:\program files\PeerGuardian2
2009-06-27 08:49 . 2009-05-03 13:36 -------- d-----w- c:\program files\DVDFab 6
2009-06-21 17:39 . 2009-03-18 15:16 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-19 22:41 . 2009-04-23 13:25 -------- d-----w- c:\program files\FileZilla FTP Client
2009-06-18 16:24 . 2009-03-17 21:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 09:27 . 2009-03-17 21:35 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-03-17 21:35 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-11 20:35 . 2009-03-17 20:58 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-02 16:36 . 2001-10-25 16:00 79324 ----a-w- c:\windows\system32\perfc005.dat
2009-06-02 16:36 . 2001-10-25 16:00 432454 ----a-w- c:\windows\system32\perfh005.dat
2009-06-02 16:35 . 2009-06-02 16:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-02 16:35 . 2009-06-02 16:35 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-28 17:13 . 2009-03-17 19:49 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-28 17:13 . 2009-05-02 16:50 -------- d-----w- c:\program files\PokerStars
2009-05-26 00:13 . 2009-03-17 22:34 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-25 12:01 . 2009-05-25 12:01 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-05-23 17:30 . 2009-05-23 17:30 -------- d-----w- c:\program files\PowerISO
2009-05-22 20:05 . 2009-03-17 22:08 -------- d-----w- c:\program files\Google
2009-05-22 19:03 . 2009-05-22 19:03 -------- d-----w- c:\program files\MSBuild
2009-05-16 20:35 . 2009-05-08 07:36 -------- d-----w- c:\program files\Total Commander 7.50
2009-05-14 13:49 . 2009-05-14 13:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 13:49 . 2009-05-14 13:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 13:49 . 2009-05-14 13:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-12 19:39 . 2009-03-17 20:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-10 08:39 . 2009-05-10 08:39 -------- d-----w- c:\program files\SlySoft
2009-05-08 22:58 . 2009-03-17 20:49 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-08 22:48 . 2009-03-17 20:48 -------- d-----w- c:\program files\CCleaner
2009-05-07 15:33 . 2008-04-14 08:51 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 15:00 . 2009-05-06 15:00 39424 ----a-w- c:\windows\zipinst.exe
2009-05-05 13:08 . 2009-05-05 13:08 -------- d-----w- c:\program files\esmska-0.15.0
2009-05-02 18:35 . 2009-05-02 16:16 -------- d-----w- c:\program files\PartyGaming
2009-05-01 22:23 . 2009-05-01 22:24 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-05-01 22:23 . 2009-05-01 22:24 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-01 22:23 . 2009-05-01 22:24 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-01 07:02 . 2009-05-01 07:02 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-04-29 04:47 . 2008-03-01 13:02 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:47 . 2008-04-27 10:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 15:06 . 2009-03-17 23:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-19 19:52 . 2008-04-14 07:45 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2008-04-14 08:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 21:03 . 2009-04-10 21:03 52736 ----a-w- c:\windows\ipuninst.exe
2009-04-08 13:26 . 2009-04-08 13:26 31616 ----a-w- c:\windows\system32\FM20ENU.DLL
2009-04-08 13:26 . 2009-04-08 13:26 1204072 ----a-w- c:\windows\system32\FM20.DLL
2009-04-07 23:41 . 2009-04-07 23:41 1316096 ----a-w- c:\windows\system32\ooscrsav.scr
2009-04-07 23:41 . 2009-04-07 23:41 730368 ----a-w- c:\windows\system32\oodsvct.exe
2009-04-07 23:40 . 2009-04-07 23:40 1377536 ----a-w- c:\windows\system32\oodag.exe
2009-04-07 23:39 . 2009-04-07 23:39 2553088 ----a-w- c:\windows\system32\oodtray.exe
2009-04-07 23:39 . 2009-04-07 23:39 194816 ----a-w- c:\windows\system32\oodbs.exe
2009-04-07 23:35 . 2009-04-07 23:35 951552 ----a-w- c:\windows\system32\oodtrrs.dll
2009-04-07 23:35 . 2009-04-07 23:35 541952 ----a-w- c:\windows\system32\oodssrs.dll
2009-04-07 23:34 . 2009-04-07 23:34 9984 ----a-w- c:\windows\system32\oodbsrs.dll
2009-04-07 23:34 . 2009-04-07 23:34 8448 ----a-w- c:\windows\system32\OODAGRS.DLL
2009-04-07 23:34 . 2009-04-07 23:34 15616 ----a-w- c:\windows\system32\OODAGMG.DLL
2009-04-07 12:59 . 2009-04-07 12:59 15104 ----a-w- c:\windows\system32\ootmapi.dll
2009-04-04 19:20 . 2009-03-18 16:04 105052 ----a-w- c:\windows\War3Unin.dat
.

------- Sigcheck -------

[-] 2008-04-13 23:12 798208 F255341FE726A28085A3C717635C26C9 c:\windows\system32\user32.dll
[-] 2008-04-13 23:12 798208 F255341FE726A28085A3C717635C26C9 c:\windows\system32\dllcache\user32.dll

[-] 2008-04-27 10:22 1571840 1E603EA2A3FDBAE9E5B88A8CB3C03124 c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-04-07 2553088]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"d:\\Program Files\\Warcraft III\\war3.exe"=
"d:\\Program Files\\14 Degrees East\\Fallout Tactics\\BOS.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
S2 gupdate1c9c8e665607ba8;Služba Google Update (gupdate1c9c8e665607ba8);c:\program files\Google\Update\GoogleUpdate.exe [29.4.2009 18:20 133104]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [12.6.2009 0:08 603904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-06-29 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: S&end to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
FF - ProfilePath - c:\documents and settings\liRik\Data aplikací\Mozilla\Firefox\Profiles\1z726srg.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 16:16
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-507921405-606747145-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="8BFE45AEB1CDA49632C007E751AE4B9AB0DCE45BEA4150C0D8CB2330A4ADEF35180812B8411098D2D2F4D3A6E8ABD77210DF66E0B92F10B7F60089602EFD7F029B9B6AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5C8EDD5E5BE2F6E6676FE4974C7D9CF70195FD6D9150C6E21DEEA0D0842D73ED26288ABE81F686D24F86B9C744C7CAE294CAD05B6D593E9FEA9D49B1DC79B06AC08C7DBBD812B0BC4999F52407BEC56F255C14E1B5737C99CDAC80DF70B3C5FA57E0F5A56F5823708022D2264A669F8815C37D848274A0151B3596845C23FD59568103F2072275C416DA3BAA1447DE3C5ABCF42A42B5BCF63E1790B193129A663C0DE47A37CAB5AF3F45CEF341EF7C3CFE4A971BB41559CBB773A9595A4ECDA520E5147869B1655145A5E02701ED67DD2331B5076F7470C198304ED14CACC04028343A8EDD3B77688482784D5759021CF679537FDA39F0AA0AF720D85502108011E1B6C0A74ED6D9EE2951D49B4721134170AAFCB24DBD00C739F30D382A4AD72B1F1B77AAD6DF300A29DB8DFAD78F07DCA926D70A9E2F5A9F26D4F00A8274585ADE2E7E254464176FD7BAADF2A98B5BB676684E431E8EF974347F6CB56E863C19586B85A40B285FCBCB45CF59E0C61C5373430598C11DC0401E664BF754EBDD70077F240BA1E4FEE06288EFD4286676C67AC10096030CB60B61AD3C649F053D82294FCF1084C68D82BB42EE612B863CBC309F2B1DDF8285F6C0AE535EBD267E04C2EE653EB370489BBA66934F99B3E173F74CD4E1591CFC35C1F707A02297683C1AAA267432F590A8091E07C1A96F04BBF9EDAE6EF5E78F0EAF4B35B8C394E8083B00B56587616CBB91C2D4B013B0DEFD25DB4E9DBE68D35B171D99899C4D0FD674A11E973F2E0278066471681361D4B22AA330A0C295070FCB97D9C72B658F2DD9F649E5E9CD9F9A58C630086ADFEC697D05317E90D884A96398FD7D73F54024C299897F1A25376DC2E14B035C7E4EC359F4158DC092524437316F88FA8A1EE7C8589167680E5BD240E0DFA1B201C878B91B017B6C96940AE6267F9ACBA34938CB36FBF3EFD4C74011A36F01B9A3CDD060558048AF2998B9D2F2E0B875B386686FE8C2CE51BA56BDBA3CDF8D4394F3AC5333014A2E874B26A2C3293E8AA4BB629A5BC8792EF48A6B8375798E22F3F37C5A7A54280DE04138BF79D6D8A152752279ACD0C32F2C88F7F8C6E99AB0D9AC4882A132E0F4D5B0E858ABC709568A65B7F72D045681FE9829E9E2C31CCACF1F299ED6B5C314807449DF223F2445935DC74DE6EDAA52FBA659EB2B7A54D05272CCC17ADA761C698B7C0ADA645613A555896E910091D6A946755538E9D6A655EFF7472006F043"
"OOCC06.00.00.01WSSV"="33F0EA747743079918404F001E7E105CF9543659FA97182B268AC857FEC2E29C42465C5C50A7A7F7A6DEC95E2FAFAB6ACF4FC6B96E21EE87DEBA61DFF589E1942343FBCD5D8037AE3CAD6353102CB737C7D2F02E04A32F971F6AB96E821A69502798D833FB57B658ABD737B2EC0B8DD054A9760D5BE4AF001B9EE0FDD50266286128EA4D8CA8CCA409BDC41E7A572D592AD001FE171D65F7C81445DB2249E809298A092FF3E8C254AD74EC106B10B88B44F91C83DDF56ECCE2363B2C9EE726F59C8BF2C11CFC07FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6A0AC4980AC7933A2D97226D213B5551F8E9333922456EF348B42321260F50DE54BACFC81DB75C56CAC2B3091F08066F17E518D97E11C7BE8923F7D02EB6524A8D8469E227519E5DC0FE070C83C759A4AFEF1FC28A26366DACD5F21947E71CA80596FDD018927B7E5A60537E64E193CEC631DAB60365BBE03EFA7B4A8193B46BC80A959E4E94BD9C84A364D376943643244ABACADEF2A33EE724D3174BE5182BEC8A813E3EBA38F5E13455FD7D440CD07FAAC715228E89B40913F73FDF83C8AFD6D55F1EDE8433F905F38FAB9DACF59EAA763D4673A24EDABCB1A3EA156F49103F1CB40C0403274DFD0C814A2C9250BF1ACC5915685DC497BE5B2B48EE369EE6D9ADC2C72D1EA5D5E4E6382AD7469094532FD495DEE09ED0BE81061C939FC1A70EF0C486B835BCDB4822A81C6B139A120A2EB80105C903F4EA0EDB129EC043350BE930C69BFE83C1D597330B05C2242D32DA09ED4BA50C8481D3CF75B1EC879E619DECFFB74E8C3E608C69200D2AA81C2456270E6F899B513B21E67DCEA8AD5A5D48ED3881226A2F582E40F21F74A95E722AC26540BB2575B796A9B83F87ACF8B8978B8480EDF3C4004BB714FB16B594D3FAED4816953A2E3CC2E90F671BD96B116230747644A97538973E99E6BEF4F945AC9F3230E29B0004D28A8B180707CBF9ACBA6E68F8B5FCCD6648A72932B99F1781560C4F855BD9ADF4B2985D61EF5F47BE3E7DA143FE1DF709BCB051DE5012D5FD9DA45AE6B2BB02C40B91429CB9DA4620FFC2DF57313D4A15C88E5FEDAF0A19A9808D737757E539DE16AD6306CB1343DA5FBB9BE2B8985789A81F5B2BA7942F883EE829C715FA7E53F2B98286C939D3D34DD32FC5E0163C68157E9B7294E908E00FC22EFCE1B66779CD1F953A8496F567C049A4277566F22EB94CC103F47A6B1A80362C4F2A3DD0C71976DF372FC4C4371AECBA3D58E42E56D22FB4308E0AFFD4C34C7B1388CEE1E6999BB5312FC6AFE3D06723B4C4E86AF4CD0295B843BEB536D2A28D26A8F0F6F6459803F3FB9924D3B128FA522637C61FE5359E6A698B15343E0AFC74A88C7"
.
Celkový čas: 2009-06-29 16:18
ComboFix-quarantined-files.txt 2009-06-29 14:18

Před spuštěním: Volných bajtů: 18 592 120 832
Po spuštění: Volných bajtů: 18 575 196 160

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT /TUTAG=ANMGIF /KERNEL=TUKERNEL.EXE
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Záloha)" /NOEXECUTE=OPTIN /FASTDETECT /TUTAG=ANMGIF-BAK

232 --- E O F --- 2009-06-26 18:27

[liRik]

Je tedy vypis z ComboFix v poradku? Poradte nekdo. Diky

[Damned]

Složku C:\Boot si tvořil sám?

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\runouce.exe
c:\windows\system32\eEmpty.exe

Folder::
c:\windows\system32\runouce.exe
c:\windows\system32\eEmpty.exe




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování PC

[liRik]

Složka Boot se mi vytvořila od té doby co jsem měl problém s bootováním a musel jsem spustit opravnou konzoli a zadat příkazy fixmbr a fixboot, mj. jak mi poradili: http://www.pc-help.cz/viewtopic.php?f=7&t=41514


ComboFix 09-06-28.04 - liRik 29.06.2009 20:55.4 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1271.768 [GMT 2:00]
Spuštěný z: c:\documents and settings\liRik\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\liRik\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\windows\system32\eEmpty.exe"
"c:\windows\system32\runouce.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\eEmpty.exe
c:\windows\system32\runouce.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-28 do 2009-06-29 )))))))))))))))))))))))))))))))
.

2009-06-27 09:58 . 2009-06-27 09:58 -------- d-----w- c:\program files\ESET
2009-06-25 21:56 . 2009-06-25 21:56 -------- d-----w- c:\documents and settings\LocalService\Plocha
2009-06-25 11:19 . 2009-06-25 11:19 -------- d-----w- c:\program files\Babylon
2009-06-25 11:11 . 2009-06-25 11:11 -------- d-----w- c:\program files\Opera
2009-06-24 21:23 . 2009-06-24 21:23 626688 ----a-w- c:\windows\system32\msvcr80.dll
2009-06-24 21:23 . 2009-06-24 21:23 548864 ----a-w- c:\windows\system32\msvcp80.dll
2009-06-24 21:23 . 2008-04-14 08:52 137216 ----a-w- c:\windows\system32\T.COM
2009-06-24 21:23 . 2008-04-14 08:52 147968 ----a-w- c:\windows\R.COM
2009-06-24 21:23 . 2009-06-24 21:23 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-06-23 21:47 . 2009-06-23 21:47 -------- d-----w- c:\program files\CoreCodec
2009-06-23 21:34 . 2009-06-23 22:50 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-06-23 21:19 . 2009-06-23 21:19 -------- d-----w- c:\program files\VS Revo Group
2009-06-21 17:39 . 2009-06-21 17:40 -------- d-----w- c:\program files\Hamachi
2009-06-21 16:28 . 2009-06-21 16:28 -------- d-----w- c:\program files\Microsoft Works
2009-06-21 16:27 . 2009-06-21 16:27 -------- d-----w- c:\program files\Microsoft.NET
2009-06-21 16:24 . 2009-06-21 16:24 -------- d-----w- c:\windows\SHELLNEW
2009-06-21 16:23 . 2009-06-21 16:23 -------- d--h--r- C:\MSOCache
2009-06-21 15:28 . 2009-06-21 15:28 -------- d-----w- c:\program files\microsoft frontpage
2009-06-19 22:48 . 2009-06-19 22:48 -------- d-----w- c:\program files\uTorrent
2009-06-19 19:26 . 2009-06-19 19:26 -------- d-----w- c:\windows\Eurobattle.net
2009-06-19 08:25 . 2009-06-19 08:25 -------- d-----w- c:\program files\Lavalys
2009-06-15 19:21 . 2009-06-15 19:21 -------- d--h--w- c:\windows\PIF
2009-06-14 19:51 . 2009-06-15 06:10 -------- d-sh--w- C:\Boot
2009-06-12 09:56 . 2009-06-12 09:56 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-12 09:56 . 2009-06-12 09:56 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-12 09:55 . 2009-06-12 09:55 -------- d-----w- c:\program files\DIFX
2009-06-12 09:55 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-06-12 09:55 . 2009-06-12 09:55 -------- d-----w- c:\program files\PC Connectivity Solution
2009-06-12 09:55 . 2008-09-15 05:56 8064 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-06-12 09:55 . 2008-09-15 05:56 8064 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-06-12 09:55 . 2008-09-15 05:56 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-06-12 09:55 . 2008-09-15 05:56 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-06-12 09:55 . 2008-09-15 05:56 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-06-12 09:55 . 2008-09-15 05:29 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-06-12 09:55 . 2009-06-12 09:56 -------- d-----w- c:\program files\Nokia
2009-06-12 09:05 . 2009-06-12 09:09 35346 ----a-w- c:\windows\scunin.dat
2009-06-12 09:05 . 2009-06-12 09:09 967 ----a-w- c:\windows\ScUnin.pif
2009-06-12 09:05 . 2009-06-12 09:09 94208 ----a-w- c:\windows\ScUnin.exe
2009-06-11 22:08 . 2009-06-11 22:08 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-11 22:08 . 2008-12-11 11:31 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-11 22:08 . 2009-06-11 22:08 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-11 22:07 . 2009-06-25 11:36 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-11 20:33 . 2009-06-11 20:33 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-06-11 20:13 . 2009-06-24 16:52 -------- d-----w- c:\program files\VideoConverterPortable
2009-06-11 16:56 . 2009-06-11 16:57 7299223 ----a-w- c:\windows\!!zaloha.zip
2009-06-02 16:36 . 2009-06-02 16:36 -------- d-----w- c:\windows\system32\LogFiles
2009-06-02 16:35 . 2008-04-13 20:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2009-06-02 16:35 . 2008-04-13 20:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-06-02 16:35 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-06-02 16:32 . 2008-09-15 05:56 91136 ----a-w- c:\windows\system32\nmwcdcls.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 18:54 . 2009-03-17 21:59 -------- d-----w- c:\program files\PeerGuardian2
2009-06-27 08:49 . 2009-05-03 13:36 -------- d-----w- c:\program files\DVDFab 6
2009-06-21 17:39 . 2009-03-18 15:16 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-19 22:41 . 2009-04-23 13:25 -------- d-----w- c:\program files\FileZilla FTP Client
2009-06-18 16:24 . 2009-03-17 21:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 09:27 . 2009-03-17 21:35 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-03-17 21:35 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-11 20:35 . 2009-03-17 20:58 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-02 16:36 . 2001-10-25 16:00 79324 ----a-w- c:\windows\system32\perfc005.dat
2009-06-02 16:36 . 2001-10-25 16:00 432454 ----a-w- c:\windows\system32\perfh005.dat
2009-06-02 16:35 . 2009-06-02 16:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-06-02 16:35 . 2009-06-02 16:35 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-28 17:13 . 2009-03-17 19:49 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-28 17:13 . 2009-05-02 16:50 -------- d-----w- c:\program files\PokerStars
2009-05-26 00:13 . 2009-03-17 22:34 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-25 12:01 . 2009-05-25 12:01 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-05-23 17:30 . 2009-05-23 17:30 -------- d-----w- c:\program files\PowerISO
2009-05-22 20:05 . 2009-03-17 22:08 -------- d-----w- c:\program files\Google
2009-05-22 19:03 . 2009-05-22 19:03 -------- d-----w- c:\program files\MSBuild
2009-05-16 20:35 . 2009-05-08 07:36 -------- d-----w- c:\program files\Total Commander 7.50
2009-05-14 13:49 . 2009-05-14 13:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 13:49 . 2009-05-14 13:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 13:49 . 2009-05-14 13:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-12 19:39 . 2009-03-17 20:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-10 08:39 . 2009-05-10 08:39 -------- d-----w- c:\program files\SlySoft
2009-05-08 22:58 . 2009-03-17 20:49 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-08 22:48 . 2009-03-17 20:48 -------- d-----w- c:\program files\CCleaner
2009-05-07 15:33 . 2008-04-14 08:51 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 15:00 . 2009-05-06 15:00 39424 ----a-w- c:\windows\zipinst.exe
2009-05-05 13:08 . 2009-05-05 13:08 -------- d-----w- c:\program files\esmska-0.15.0
2009-05-02 18:35 . 2009-05-02 16:16 -------- d-----w- c:\program files\PartyGaming
2009-05-01 22:23 . 2009-05-01 22:24 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-05-01 22:23 . 2009-05-01 22:24 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-01 22:23 . 2009-05-01 22:24 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-05-01 07:02 . 2009-05-01 07:02 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-04-29 04:47 . 2008-03-01 13:02 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:47 . 2008-04-27 10:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 15:06 . 2009-03-17 23:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-19 19:52 . 2008-04-14 07:45 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2008-04-14 08:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 21:03 . 2009-04-10 21:03 52736 ----a-w- c:\windows\ipuninst.exe
2009-04-08 13:26 . 2009-04-08 13:26 31616 ----a-w- c:\windows\system32\FM20ENU.DLL
2009-04-08 13:26 . 2009-04-08 13:26 1204072 ----a-w- c:\windows\system32\FM20.DLL
2009-04-07 23:41 . 2009-04-07 23:41 1316096 ----a-w- c:\windows\system32\ooscrsav.scr
2009-04-07 23:41 . 2009-04-07 23:41 730368 ----a-w- c:\windows\system32\oodsvct.exe
2009-04-07 23:40 . 2009-04-07 23:40 1377536 ----a-w- c:\windows\system32\oodag.exe
2009-04-07 23:39 . 2009-04-07 23:39 2553088 ----a-w- c:\windows\system32\oodtray.exe
2009-04-07 23:39 . 2009-04-07 23:39 194816 ----a-w- c:\windows\system32\oodbs.exe
2009-04-07 23:35 . 2009-04-07 23:35 951552 ----a-w- c:\windows\system32\oodtrrs.dll
2009-04-07 23:35 . 2009-04-07 23:35 541952 ----a-w- c:\windows\system32\oodssrs.dll
2009-04-07 23:34 . 2009-04-07 23:34 9984 ----a-w- c:\windows\system32\oodbsrs.dll
2009-04-07 23:34 . 2009-04-07 23:34 8448 ----a-w- c:\windows\system32\OODAGRS.DLL
2009-04-07 23:34 . 2009-04-07 23:34 15616 ----a-w- c:\windows\system32\OODAGMG.DLL
2009-04-07 12:59 . 2009-04-07 12:59 15104 ----a-w- c:\windows\system32\ootmapi.dll
2009-04-04 19:20 . 2009-03-18 16:04 105052 ----a-w- c:\windows\War3Unin.dat
.

------- Sigcheck -------

[-] 2008-04-13 23:12 798208 F255341FE726A28085A3C717635C26C9 c:\windows\system32\user32.dll
[-] 2008-04-13 23:12 798208 F255341FE726A28085A3C717635C26C9 c:\windows\system32\dllcache\user32.dll

[-] 2008-04-27 10:22 1571840 1E603EA2A3FDBAE9E5B88A8CB3C03124 c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-04-07 2553088]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"d:\\Program Files\\Warcraft III\\war3.exe"=
"d:\\Program Files\\14 Degrees East\\Fallout Tactics\\BOS.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
S2 gupdate1c9c8e665607ba8;Služba Google Update (gupdate1c9c8e665607ba8);c:\program files\Google\Update\GoogleUpdate.exe [29.4.2009 18:20 133104]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [12.6.2009 0:08 603904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-06-29 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: S&end to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
FF - ProfilePath - c:\documents and settings\liRik\Data aplikací\Mozilla\Firefox\Profiles\1z726srg.default\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 20:57
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-507921405-606747145-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="8BFE45AEB1CDA49632C007E751AE4B9AB0DCE45BEA4150C0D8CB2330A4ADEF35180812B8411098D2D2F4D3A6E8ABD77210DF66E0B92F10B7F60089602EFD7F029B9B6AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5C8EDD5E5BE2F6E6676FE4974C7D9CF70195FD6D9150C6E21DEEA0D0842D73ED26288ABE81F686D24F86B9C744C7CAE294CAD05B6D593E9FEA9D49B1DC79B06AC08C7DBBD812B0BC4999F52407BEC56F255C14E1B5737C99CDAC80DF70B3C5FA57E0F5A56F5823708022D2264A669F8815C37D848274A0151B3596845C23FD59568103F2072275C416DA3BAA1447DE3C5ABCF42A42B5BCF63E1790B193129A663C0DE47A37CAB5AF3F45CEF341EF7C3CFE4A971BB41559CBB773A9595A4ECDA520E5147869B1655145A5E02701ED67DD2331B5076F7470C198304ED14CACC04028343A8EDD3B77688482784D5759021CF679537FDA39F0AA0AF720D85502108011E1B6C0A74ED6D9EE2951D49B4721134170AAFCB24DBD00C739F30D382A4AD72B1F1B77AAD6DF300A29DB8DFAD78F07DCA926D70A9E2F5A9F26D4F00A8274585ADE2E7E254464176FD7BAADF2A98B5BB676684E431E8EF974347F6CB56E863C19586B85A40B285FCBCB45CF59E0C61C5373430598C11DC0401E664BF754EBDD70077F240BA1E4FEE06288EFD4286676C67AC10096030CB60B61AD3C649F053D82294FCF1084C68D82BB42EE612B863CBC309F2B1DDF8285F6C0AE535EBD267E04C2EE653EB370489BBA66934F99B3E173F74CD4E1591CFC35C1F707A02297683C1AAA267432F590A8091E07C1A96F04BBF9EDAE6EF5E78F0EAF4B35B8C394E8083B00B56587616CBB91C2D4B013B0DEFD25DB4E9DBE68D35B171D99899C4D0FD674A11E973F2E0278066471681361D4B22AA330A0C295070FCB97D9C72B658F2DD9F649E5E9CD9F9A58C630086ADFEC697D05317E90D884A96398FD7D73F54024C299897F1A25376DC2E14B035C7E4EC359F4158DC092524437316F88FA8A1EE7C8589167680E5BD240E0DFA1B201C878B91B017B6C96940AE6267F9ACBA34938CB36FBF3EFD4C74011A36F01B9A3CDD060558048AF2998B9D2F2E0B875B386686FE8C2CE51BA56BDBA3CDF8D4394F3AC5333014A2E874B26A2C3293E8AA4BB629A5BC8792EF48A6B8375798E22F3F37C5A7A54280DE04138BF79D6D8A152752279ACD0C32F2C88F7F8C6E99AB0D9AC4882A132E0F4D5B0E858ABC709568A65B7F72D045681FE9829E9E2C31CCACF1F299ED6B5C314807449DF223F2445935DC74DE6EDAA52FBA659EB2B7A54D05272CCC17ADA761C698B7C0ADA645613A555896E910091D6A946755538E9D6A655EFF7472006F043"
"OOCC06.00.00.01WSSV"="33F0EA747743079918404F001E7E105CF9543659FA97182B268AC857FEC2E29C42465C5C50A7A7F7A6DEC95E2FAFAB6ACF4FC6B96E21EE87DEBA61DFF589E1942343FBCD5D8037AE3CAD6353102CB737C7D2F02E04A32F971F6AB96E821A69502798D833FB57B658ABD737B2EC0B8DD054A9760D5BE4AF001B9EE0FDD50266286128EA4D8CA8CCA409BDC41E7A572D592AD001FE171D65F7C81445DB2249E809298A092FF3E8C254AD74EC106B10B88B44F91C83DDF56ECCE2363B2C9EE726F59C8BF2C11CFC07FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808A6A0AC4980AC7933A2D97226D213B5551F8E9333922456EF348B42321260F50DE54BACFC81DB75C56CAC2B3091F08066F17E518D97E11C7BE8923F7D02EB6524A8D8469E227519E5DC0FE070C83C759A4AFEF1FC28A26366DACD5F21947E71CA80596FDD018927B7E5A60537E64E193CEC631DAB60365BBE03EFA7B4A8193B46BC80A959E4E94BD9C84A364D376943643244ABACADEF2A33EE724D3174BE5182BEC8A813E3EBA38F5E13455FD7D440CD07FAAC715228E89B40913F73FDF83C8AFD6D55F1EDE8433F905F38FAB9DACF59EAA763D4673A24EDABCB1A3EA156F49103F1CB40C0403274DFD0C814A2C9250BF1ACC5915685DC497BE5B2B48EE369EE6D9ADC2C72D1EA5D5E4E6382AD7469094532FD495DEE09ED0BE81061C939FC1A70EF0C486B835BCDB4822A81C6B139A120A2EB80105C903F4EA0EDB129EC043350BE930C69BFE83C1D597330B05C2242D32DA09ED4BA50C8481D3CF75B1EC879E619DECFFB74E8C3E608C69200D2AA81C2456270E6F899B513B21E67DCEA8AD5A5D48ED3881226A2F582E40F21F74A95E722AC26540BB2575B796A9B83F87ACF8B8978B8480EDF3C4004BB714FB16B594D3FAED4816953A2E3CC2E90F671BD96B116230747644A97538973E99E6BEF4F945AC9F3230E29B0004D28A8B180707CBF9ACBA6E68F8B5FCCD6648A72932B99F1781560C4F855BD9ADF4B2985D61EF5F47BE3E7DA143FE1DF709BCB051DE5012D5FD9DA45AE6B2BB02C40B91429CB9DA4620FFC2DF57313D4A15C88E5FEDAF0A19A9808D737757E539DE16AD6306CB1343DA5FBB9BE2B8985789A81F5B2BA7942F883EE829C715FA7E53F2B98286C939D3D34DD32FC5E0163C68157E9B7294E908E00FC22EFCE1B66779CD1F953A8496F567C049A4277566F22EB94CC103F47A6B1A80362C4F2A3DD0C71976DF372FC4C4371AECBA3D58E42E56D22FB4308E0AFFD4C34C7B1388CEE1E6999BB5312FC6AFE3D06723B4C4E86AF4CD0295B843BEB536D2A28D26A8F0F6F6459803F3FB9924D3B128FA522637C61FE5359E6A698B15343E0AFC74A88C7"
.
Celkový čas: 2009-06-29 20:59
ComboFix-quarantined-files.txt 2009-06-29 18:59
ComboFix2.txt 2009-06-29 14:18

Před spuštěním: Volných bajtů: 18 620 547 072
Po spuštění: Volných bajtů: 18 610 483 200

220 --- E O F --- 2009-06-26 18:27





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:01:48, on 29.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/runonce3.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: S&end to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7384932562
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate1c9c8e665607ba8) (gupdate1c9c8e665607ba8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6508 bytes

[Damned]

Z hlediska viru tam problém nemáš.

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, následně T-Cleaner smaž
a zapni si AVG.)


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Označ topic za vyřešený (zelená fajfka) a měj se.

[liRik]

Dobře, díky mockrát za pomoc. Problém je tedy jinde. Je možný, aby mi poskytovatel internetu O2 zpomalil cíleně rychlost? Není to tak dlouho co O2 zrychloval všem internet z 2MB na 8MB, proto jsem si pořídil ADSL2+/ISDN modem ZyXEL P600 series, který by mi 8MB mohl plně podporovat, ale od začátku jsem více jak 6MB nevdosáhl a dokonce teď poslední 2 týdny mám rychlost 2MB...

[Damned]

Netuším zda cíleně, ale je určitě možné, že se jim něco vymrví, ale tvrdí, že chyba není u nich.