Prosim kontrolu,pomale pc,zamrza pri nacitani stranok... Vyřešeno

[Melania]

Prikladam log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:37:49, on 1.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SpeedSim\SpeedSim.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\9F9CE45F74274F5689DEAD48836386CA\MusicMaestro.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.arcadelots.com/play/quad-racer"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Prevziať cez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Prevziať cez IDM všetky prepojenia - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Prevziať obsah FLV cez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Plánovač automatické aktualizace LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 9129 bytes
Dakujem.

[Reklama]

[jaro3]

2 antiviry...
K odinstalaci Symantec/Norton použij toto:
ftp://ftp.symantec.com/public/english_u ... l_Tool.exe

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -http://www.arcadelots.com/play/quad-racer
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Melania]

Takze tu je obsah logu:

Malwarebytes' Anti-Malware 1.43
Verzia databázy: 3458
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1.1.2010 20:59:04
mbam-log-2010-01-01 (20-58-53).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 106932
Uplynutý cas: 5 minute(s), 13 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 2
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 2

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\Documents and Settings\admin\desktop\Patch 5.xx (2008-12-06).exe (Trojan.Agent) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u NOD32+deaktivuj Spybot.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Melania]

Log MbAM:

Malwarebytes' Anti-Malware 1.43
Verzia databázy: 3458
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1.1.2010 21:39:46
mbam-log-2010-01-01 (21-39-46).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 107177
Uplynutý cas: 6 minute(s), 0 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 2
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 2

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\Documents and Settings\admin\desktop\Patch 5.xx (2008-12-06).exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Delete on reboot.

-----------------------------------------------------------------------------------------------------------------------------------------------------------

Log CF:

ComboFix 09-12-31.A1 - admin 01.01.2010 22:01:39.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1007.616 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Files Created from 2009-12-01 to 2010-01-01 )))))))))))))))))))))))))))))))
.

2009-12-25 22:56 . 2009-12-25 22:57 11650440 ----a-w- C:\Opera_1010_in_Setup.exe
2009-12-25 17:48 . 2009-12-25 17:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-25 17:40 . 2009-12-25 17:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-25 16:59 . 2010-01-01 19:26 -------- d-----w- c:\documents and settings\admin\Application Data\IDM
2009-12-25 16:59 . 2010-01-01 19:23 -------- d-----w- c:\documents and settings\admin\Application Data\DMCache
2009-12-25 16:59 . 2010-01-01 19:26 -------- d-----w- c:\program files\Internet Download Manager
2009-12-25 16:54 . 2009-12-25 16:54 2350496 ----a-w- C:\flashplayer10_1_p1_plugin_111709.exe
2009-12-20 18:06 . 2009-12-20 18:06 3326576 ----a-w- C:\ccsetup226.exe
2009-12-13 12:38 . 2009-12-13 12:47 9751789568 ----a-w- C:\AionFullInstaller_1.5.0.1.zip
2009-12-11 17:02 . 2009-12-11 17:02 -------- d-----w- c:\windows\system32\drivers\NSS
2009-12-05 05:57 . 2008-03-05 15:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2009-12-05 05:57 . 2008-03-05 15:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2009-12-05 05:57 . 2008-03-05 15:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2009-12-05 05:57 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-12-05 05:57 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-12-05 05:57 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 20:54 . 2008-12-22 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-01 20:53 . 2008-12-23 19:30 -------- d-----w- c:\documents and settings\admin\Application Data\Skype
2010-01-01 20:41 . 2009-09-09 11:34 -------- d-----w- c:\program files\ICQToolbar
2010-01-01 19:49 . 2009-01-17 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 19:27 . 2008-12-23 19:32 -------- d-----w- c:\documents and settings\admin\Application Data\skypePM
2010-01-01 15:35 . 2008-12-22 16:41 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-30 13:55 . 2009-01-17 19:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54 . 2009-01-17 19:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-25 23:01 . 2008-12-24 13:38 -------- d-----w- c:\program files\Opera
2009-12-16 07:45 . 2008-12-22 16:27 -------- d-----w- c:\program files\ESET
2009-12-16 07:44 . 2009-06-19 13:59 31604224 ----a-w- C:\eav_nt32_csy.msi
2009-12-11 17:02 . 2009-07-15 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-12-11 17:02 . 2009-05-06 12:00 -------- d-----w- c:\program files\Norton Security Scan
2009-12-11 17:02 . 2009-07-15 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-12-05 23:20 . 2009-11-01 22:48 -------- d-----w- c:\program files\DivX
2009-12-05 06:00 . 2009-12-01 15:22 -------- d-----w- c:\program files\Play
2009-12-02 17:10 . 2008-12-22 18:42 64368 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-02 02:06 . 2009-12-02 02:06 -------- d-----w- c:\program files\MSBuild
2009-12-02 02:06 . 2009-12-02 02:06 -------- d-----w- c:\program files\Reference Assemblies
2009-11-25 15:57 . 2009-09-20 10:03 -------- d-----w- c:\documents and settings\admin\Application Data\Nokia Multimedia Player
2009-11-24 15:53 . 2009-01-10 06:11 -------- d-----w- c:\program files\Fishdom
2009-11-24 15:51 . 2009-08-04 13:34 -------- d-----w- c:\program files\trailer park tycoon
2009-11-24 12:00 . 2009-11-24 12:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software
2009-11-24 11:09 . 2009-11-24 11:08 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-11-24 11:08 . 2009-01-16 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-11-24 11:08 . 2009-01-23 20:48 -------- d-----w- c:\program files\Google
2009-11-24 10:43 . 2009-11-24 10:43 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-11-24 10:40 . 2009-07-10 13:19 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-11-22 09:01 . 2009-11-22 08:49 -------- d-----w- c:\program files\GP Vs Superbike
2009-11-21 17:11 . 2009-11-02 18:05 -------- d-----w- c:\documents and settings\admin\Application Data\DivX
2009-11-03 14:40 . 2008-12-22 16:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-01 22:47 . 2009-11-01 22:42 21603248 ----a-w- C:\DivXInstaller.exe
2009-10-30 14:08 . 2009-11-24 11:09 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2009-10-30 14:01 . 2009-11-24 11:09 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-10-29 07:46 . 2008-04-23 00:16 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2008-07-12 19:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2008-07-12 19:09 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2008-04-14 08:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 08:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 08:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2008-04-14 08:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 08:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 08:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-06 07:10 . 2009-01-20 09:08 230432 ----a-w- C:\StiImg.dat
2009-01-18 15:30 . 2009-01-18 15:30 16168344 ----a-w- c:\program files\jre-6u11-windows-i586-p.exe
.

------- Sigcheck -------

[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3Trayp"="S3trayp.exe" [2007-09-30 200704]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-02 16049664]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 1122304]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [29.7.2004 0:03 138780]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.9.2009 13:02 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29.9.2009 13:05 96408]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [29.7.2004 0:43 46779]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29.9.2009 13:03 735960]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256]
R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [8.4.2005 7:16 162176]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [10.11.2006 6:36 603648]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [16.12.2008 15:55 21656]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-01 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]

2010-01-01 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-12-27 15:58]

2010-01-01 c:\windows\Tasks\Norton Security Scan for admin.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-11 17:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\wsinwa0q.default\
FF - prefs.js: browser.search.selectedEngine - Zoznam
FF - prefs.js: browser.startup.homepage - hxxp://www.zoznam.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 600000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CTFMON - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 22:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2524)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2010-01-01 22:06:39
ComboFix-quarantined-files.txt 2010-01-01 21:06

Pre-Run: 554 287 104 bytes free
Post-Run: 610 746 368 bytes free

- - End Of File - - 83A7D0B4F1FB38D71E660A43DB5085FA

[jaro3]

ten Norton si zkoušela odinstalovat?

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
C:\StiImg.dat
c:\windows\Tasks\Norton Security Scan for admin.job
c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe

Folder::
c:\program files\Common Files\Symantec Shared
c:\program files\ICQToolbar
c:\documents and settings\All Users\Application Data\Norton
c:\program files\Norton Security Scan
c:\documents and settings\All Users\Application Data\NortonInstaller

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

Firefox::
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\wsinwa0q.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\system32\sfcfiles.dll
Vlož sem pak odkaz na stránku s výsledky.

[Melania]

ComboFix 09-12-31.A1 - admin 01.01.2010 23:44:04.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1007.598 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


FILE ::
"c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe"
"C:\StiImg.dat"
"c:\windows\Tasks\Norton Security Scan for admin.job"
.

((((((((((((((((((((((((( Files Created from 2009-12-01 to 2010-01-01 )))))))))))))))))))))))))))))))
.

2009-12-25 22:56 . 2009-12-25 22:57 11650440 ----a-w- C:\Opera_1010_in_Setup.exe
2009-12-25 17:48 . 2009-12-25 17:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-25 17:40 . 2009-12-25 17:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-25 16:59 . 2010-01-01 19:26 -------- d-----w- c:\documents and settings\admin\Application Data\IDM
2009-12-25 16:59 . 2010-01-01 19:23 -------- d-----w- c:\documents and settings\admin\Application Data\DMCache
2009-12-25 16:59 . 2010-01-01 19:26 -------- d-----w- c:\program files\Internet Download Manager
2009-12-25 16:54 . 2009-12-25 16:54 2350496 ----a-w- C:\flashplayer10_1_p1_plugin_111709.exe
2009-12-20 18:06 . 2009-12-20 18:06 3326576 ----a-w- C:\ccsetup226.exe
2009-12-13 12:38 . 2009-12-13 12:47 9751789568 ----a-w- C:\AionFullInstaller_1.5.0.1.zip
2009-12-05 05:57 . 2008-03-05 15:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2009-12-05 05:57 . 2008-03-05 15:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2009-12-05 05:57 . 2008-03-05 15:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2009-12-05 05:57 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-12-05 05:57 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-12-05 05:57 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 22:48 . 2008-12-23 19:30 -------- d-----w- c:\documents and settings\admin\Application Data\Skype
2010-01-01 22:05 . 2008-12-22 16:41 -------- d-----w- c:\program files\Symantec
2010-01-01 20:54 . 2008-12-22 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-01 19:49 . 2009-01-17 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-01 19:27 . 2008-12-23 19:32 -------- d-----w- c:\documents and settings\admin\Application Data\skypePM
2009-12-30 13:55 . 2009-01-17 19:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54 . 2009-01-17 19:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-25 23:01 . 2008-12-24 13:38 -------- d-----w- c:\program files\Opera
2009-12-16 07:45 . 2008-12-22 16:27 -------- d-----w- c:\program files\ESET
2009-12-16 07:44 . 2009-06-19 13:59 31604224 ----a-w- C:\eav_nt32_csy.msi
2009-12-05 23:20 . 2009-11-01 22:48 -------- d-----w- c:\program files\DivX
2009-12-05 06:00 . 2009-12-01 15:22 -------- d-----w- c:\program files\Play
2009-12-02 17:10 . 2008-12-22 18:42 64368 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-02 02:06 . 2009-12-02 02:06 -------- d-----w- c:\program files\MSBuild
2009-12-02 02:06 . 2009-12-02 02:06 -------- d-----w- c:\program files\Reference Assemblies
2009-11-25 15:57 . 2009-09-20 10:03 -------- d-----w- c:\documents and settings\admin\Application Data\Nokia Multimedia Player
2009-11-24 15:53 . 2009-01-10 06:11 -------- d-----w- c:\program files\Fishdom
2009-11-24 15:51 . 2009-08-04 13:34 -------- d-----w- c:\program files\trailer park tycoon
2009-11-24 12:00 . 2009-11-24 12:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software
2009-11-24 11:09 . 2009-11-24 11:08 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-11-24 11:08 . 2009-01-16 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-11-24 11:08 . 2009-01-23 20:48 -------- d-----w- c:\program files\Google
2009-11-24 10:43 . 2009-11-24 10:43 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-11-24 10:40 . 2009-07-10 13:19 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-11-22 09:01 . 2009-11-22 08:49 -------- d-----w- c:\program files\GP Vs Superbike
2009-11-21 17:11 . 2009-11-02 18:05 -------- d-----w- c:\documents and settings\admin\Application Data\DivX
2009-11-03 14:40 . 2008-12-22 16:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-01 22:47 . 2009-11-01 22:42 21603248 ----a-w- C:\DivXInstaller.exe
2009-10-30 14:08 . 2009-11-24 11:09 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2009-10-30 14:01 . 2009-11-24 11:09 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-10-29 07:46 . 2008-04-23 00:16 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2008-07-12 19:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2008-07-12 19:09 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2008-04-14 08:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 08:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 08:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2008-04-14 08:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 08:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 08:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-01-18 15:30 . 2009-01-18 15:30 16168344 ----a-w- c:\program files\jre-6u11-windows-i586-p.exe
.

------- Sigcheck -------

[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-01-01_21.05.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-01 22:48 . 2010-01-01 22:48 16384 c:\windows\temp\Perflib_Perfdata_a68.dat
+ 2010-01-01 22:47 . 2010-01-01 22:47 16384 c:\windows\temp\Perflib_Perfdata_114.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3Trayp"="S3trayp.exe" [2007-09-30 200704]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-02 16049664]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [16.12.2008 15:55 21656]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.9.2009 13:02 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29.9.2009 13:05 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29.9.2009 13:03 735960]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256]
R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [8.4.2005 7:16 162176]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [10.11.2006 6:36 603648]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-01 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]

2010-01-01 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-12-27 15:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\wsinwa0q.default\
FF - prefs.js: browser.search.selectedEngine - Zoznam
FF - prefs.js: browser.startup.homepage - hxxp://www.zoznam.sk/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 600000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 23:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3144)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\S3trayp.exe
c:\windows\RTHDCPL.EXE
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\PAStiSvc.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\9F9CE45F74274F5689DEAD48836386CA\MusicMaestro.exe
c:\windows\system32\logon.scr
.
**************************************************************************
.
Completion time: 2010-01-01 23:51:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-01 22:51
ComboFix2.txt 2010-01-01 22:26
ComboFix3.txt 2010-01-01 21:06

Pre-Run: 810 774 528 bytes free
Post-Run: 779 923 456 voľných bajtov

- - End Of File - - EEE90443C4FC463EE870BFAF7580321D

http://www.virustotal.com/cs/analisis/8b9ef2f37266e7dcb4ebfc0e3f0065f6f5cc0d9555d7589ce8b5ca42cd158fc4-1258680406

[jaro3]

Ještě jeden script v CF:

Kód: Vybrat vše

KillAll::
Folder::
c:\program files\Symantec

FCopy::
c:\windows\system32\dllcache\sfc.dll  | c:\windows\system32\sfcfiles.dll

Pak zase log z CF+HJT.

[Melania]

Log CF:

ComboFix 10-01-01.02 - admin 02.01.2010 14:43:17.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1007.615 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Symantec
c:\program files\Symantec\LiveUpdate\ALUNOTIFY.EXE
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\EULA.txt
c:\program files\Symantec\LiveUpdate\Lang\05\01\ALUNOTIFYRES.loc
c:\program files\Symantec\LiveUpdate\Lang\05\01\AluSchedulerSvcRes.loc
c:\program files\Symantec\LiveUpdate\Lang\05\01\AUPDATERES.loc
c:\program files\Symantec\LiveUpdate\Lang\05\01\EULA.txt
c:\program files\Symantec\LiveUpdate\Lang\05\01\LUALLRES.loc
c:\program files\Symantec\LiveUpdate\Lang\05\01\LuCfgRes.loc
c:\program files\Symantec\LiveUpdate\Lang\05\01\README.TXT
c:\program files\Symantec\LiveUpdate\Lang\05\01\ResLuComServer_3_4.loc
c:\program files\Symantec\LiveUpdate\Lang\05\01\S32LUCP1RES.loc
c:\program files\Symantec\LiveUpdate\Lang\05\01\SymantecRootInstallerRes.loc
c:\program files\Symantec\LiveUpdate\Lang\fallback.dat
c:\program files\Symantec\LiveUpdate\LSETUP.EXE
c:\program files\Symantec\LiveUpdate\LUALL.EXE
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuccMUI.dll
c:\program files\Symantec\LiveUpdate\LuComServer_3_4.EXE
c:\program files\Symantec\LiveUpdate\LuConfig.EXE
c:\program files\Symantec\LiveUpdate\ludirloc.dat
c:\program files\Symantec\LiveUpdate\LUCheck.exe
c:\program files\Symantec\LiveUpdate\LUINFO.INF
c:\program files\Symantec\LiveUpdate\LUinsDll.dll
c:\program files\Symantec\LiveUpdate\LuPreCon.DLL
c:\program files\Symantec\LiveUpdate\NetDetectController_3_4.DLL
c:\program files\Symantec\LiveUpdate\NotifyHA.exe
c:\program files\Symantec\LiveUpdate\ProductRegCom_3_4.DLL
c:\program files\Symantec\LiveUpdate\PSLuComServer_3_4.DLL
c:\program files\Symantec\LiveUpdate\PSProductRegCom_3_4.DLL
c:\program files\Symantec\LiveUpdate\README.TXT
c:\program files\Symantec\LiveUpdate\S32LIVE1.DLL
c:\program files\Symantec\LiveUpdate\S32LUCP1.CPL
c:\program files\Symantec\LiveUpdate\S32LUIS1.DLL
c:\program files\Symantec\LiveUpdate\S32LUWI1.DLL
c:\program files\Symantec\LiveUpdate\Settings.Default.LiveUpdate
c:\program files\Symantec\LiveUpdate\UNRAR.DLL

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\sfc.dll --> c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_Automatic_LiveUpdate_Scheduler
-------\Service_Automatic LiveUpdate Scheduler


((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 )))))))))))))))))))))))))))))))
.

2009-12-25 22:56 . 2009-12-25 22:57 11650440 ----a-w- C:\Opera_1010_in_Setup.exe
2009-12-25 17:48 . 2009-12-25 17:48 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-25 17:40 . 2009-12-25 17:40 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-25 16:59 . 2010-01-01 19:26 -------- d-----w- c:\documents and settings\admin\Application Data\IDM
2009-12-25 16:59 . 2010-01-01 19:23 -------- d-----w- c:\documents and settings\admin\Application Data\DMCache
2009-12-25 16:59 . 2010-01-01 19:26 -------- d-----w- c:\program files\Internet Download Manager
2009-12-25 16:54 . 2009-12-25 16:54 2350496 ----a-w- C:\flashplayer10_1_p1_plugin_111709.exe
2009-12-20 18:06 . 2009-12-20 18:06 3326576 ----a-w- C:\ccsetup226.exe
2009-12-13 12:38 . 2009-12-13 12:47 9751789568 ----a-w- C:\AionFullInstaller_1.5.0.1.zip
2009-12-05 05:57 . 2008-03-05 15:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2009-12-05 05:57 . 2008-03-05 15:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2009-12-05 05:57 . 2008-03-05 15:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2009-12-05 05:57 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-12-05 05:57 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-12-05 05:57 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 13:50 . 2008-12-23 19:30 -------- d-----w- c:\documents and settings\admin\Application Data\Skype
2010-01-02 10:31 . 2008-12-23 19:32 -------- d-----w- c:\documents and settings\admin\Application Data\skypePM
2010-01-01 20:54 . 2008-12-22 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-01 19:49 . 2009-01-17 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 13:55 . 2009-01-17 19:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54 . 2009-01-17 19:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-25 23:01 . 2008-12-24 13:38 -------- d-----w- c:\program files\Opera
2009-12-16 07:45 . 2008-12-22 16:27 -------- d-----w- c:\program files\ESET
2009-12-16 07:44 . 2009-06-19 13:59 31604224 ----a-w- C:\eav_nt32_csy.msi
2009-12-05 23:20 . 2009-11-01 22:48 -------- d-----w- c:\program files\DivX
2009-12-05 06:00 . 2009-12-01 15:22 -------- d-----w- c:\program files\Play
2009-12-02 17:10 . 2008-12-22 18:42 64368 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-02 02:06 . 2009-12-02 02:06 -------- d-----w- c:\program files\MSBuild
2009-12-02 02:06 . 2009-12-02 02:06 -------- d-----w- c:\program files\Reference Assemblies
2009-11-25 15:57 . 2009-09-20 10:03 -------- d-----w- c:\documents and settings\admin\Application Data\Nokia Multimedia Player
2009-11-24 15:53 . 2009-01-10 06:11 -------- d-----w- c:\program files\Fishdom
2009-11-24 15:51 . 2009-08-04 13:34 -------- d-----w- c:\program files\trailer park tycoon
2009-11-24 12:00 . 2009-11-24 12:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software
2009-11-24 11:09 . 2009-11-24 11:08 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-11-24 11:08 . 2009-01-16 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-11-24 11:08 . 2009-01-23 20:48 -------- d-----w- c:\program files\Google
2009-11-24 10:43 . 2009-11-24 10:43 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-11-24 10:40 . 2009-07-10 13:19 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-11-22 09:01 . 2009-11-22 08:49 -------- d-----w- c:\program files\GP Vs Superbike
2009-11-21 17:11 . 2009-11-02 18:05 -------- d-----w- c:\documents and settings\admin\Application Data\DivX
2009-11-03 14:40 . 2008-12-22 16:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-01 22:47 . 2009-11-01 22:42 21603248 ----a-w- C:\DivXInstaller.exe
2009-10-30 14:08 . 2009-11-24 11:09 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2009-10-30 14:01 . 2009-11-24 11:09 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-10-29 07:46 . 2008-04-23 00:16 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2008-07-12 19:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2008-07-12 19:09 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2008-04-14 08:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 08:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 08:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2008-04-14 08:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 08:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 08:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-01-18 15:30 . 2009-01-18 15:30 16168344 ----a-w- c:\program files\jre-6u11-windows-i586-p.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-01-01_21.05.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-02 13:49 . 2010-01-02 13:49 16384 c:\windows\temp\Perflib_Perfdata_838.dat
+ 2010-01-02 13:48 . 2010-01-02 13:48 16384 c:\windows\temp\Perflib_Perfdata_7d8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3Trayp"="S3trayp.exe" [2007-09-30 200704]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-02 16049664]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [16.12.2008 15:55 21656]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.9.2009 13:02 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29.9.2009 13:05 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29.9.2009 13:03 735960]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256]
R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [8.4.2005 7:16 162176]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [10.11.2006 6:36 603648]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-02 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]

2010-01-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-12-27 15:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\wsinwa0q.default\
FF - prefs.js: browser.search.selectedEngine - Zoznam
FF - prefs.js: browser.startup.homepage - hxxp://www.zoznam.sk/
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 600000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 14:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1960)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\S3trayp.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\PAStiSvc.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\9F9CE45F74274F5689DEAD48836386CA\MusicMaestro.exe
.
**************************************************************************
.
Completion time: 2010-01-02 14:52:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-02 13:52
ComboFix2.txt 2010-01-01 22:51
ComboFix3.txt 2010-01-01 22:26
ComboFix4.txt 2010-01-01 21:06

Pre-Run: 732 192 768 bytes free
Post-Run: 660 119 552 voľných bajtov

- - End Of File - - 7EA6A5E5BF1DFE68B8A56053CF65253C
--------------------------------------------------------------------------------------------------------------------------------------------------------------------
Log HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:54:27, on 2.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\9F9CE45F74274F5689DEAD48836386CA\MusicMaestro.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7318 bytes

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)

Napiš , jak je to s načítáním stránek a jaký používáš prohlížeč , či to dělají všechny.

[Melania]

Zda sa,ze stranky nacitava dobre,pouzivam FF,teda vacsinou,obcas IE.A problem bol aj na FF aj na IE.
Velmi pekne dakujem a zelam vsetko dobre v novom roku :-)

[jaro3]

Díky , taky vše nejlepší a nejen v tomto roce, můžeš dát vyřešeno , zelenou fajfku.