windows xp explorer trojan

[jurcja1]

Zdravím mám problém, dneska z rána jsem zjistil že explorer.exe je trojan,poradíte mi prosím jak se tohoto zbavit.? PS: Nefunguje mi Hijackthis ani RSIT..! Prosím rychle..

Kód: Vybrat vše

http://www.virustotal.com/analisis/0c3f1f129eecf8811252ca8f96a2961a891b96ddb2a70322efb3539e203ca7dd-1266830343#

tak se mi podařilo udělat log z HJT..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:48, on 22.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Vista Rainbar\Rainmeter.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spamihilator\SRVANY.EXE
C:\Program Files\Spamihilator\Spamihilator.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
C:\program files\mozilla firefox\firefox.exe
E:\Moje věci - Jakub\Archivy + Soubory\Viry.cZ\HijackThis.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\rsit\rsit.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Milan a Kuba\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1935655697-1979792683-1801674531-1003\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot (User '?')
O4 - HKUS\S-1-5-21-1935655697-1979792683-1801674531-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1935655697-1979792683-1801674531-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - S-1-5-21-1935655697-1979792683-1801674531-1003 Startup: ATI Tray Tools.lnk = C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe (User '?')
O4 - S-1-5-21-1935655697-1979792683-1801674531-1003 Startup: ObjectDock Plus.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '?')
O4 - S-1-5-21-1935655697-1979792683-1801674531-1003 Startup: Rainmeter.lnk = C:\Program Files\Vista Rainbar\Rainmeter.exe (User '?')
O4 - S-1-5-21-1935655697-1979792683-1801674531-1003 Startup: speedfan.lnk = C:\Program Files\SpeedFan\speedfan.exe (User '?')
O4 - Startup: ATI Tray Tools.lnk = C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
O4 - Startup: ObjectDock Plus.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Vista Rainbar\Rainmeter.exe
O4 - Startup: speedfan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 2433374078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9510320390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SpamiService - Unknown owner - C:\Program Files\Spamihilator\SRVANY.EXE
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 9853 bytes

[stell]

Zdravim

Stiahnit si [exeHelper]
2x klik na na exeHelper.com spusti sa oprava.
po dokonceni opravy stlac lubovolny klaves,,
Postni obsah log.txt (bude vytvoreny v adresari, kde si spustil exeHelper.com)
Poznamka: ak sa v okne zobrazi zprava, "Chyba pri odstranovani souboru", spust znovu- program ,,,

log vloz sem

Download

stiahni na plochu spust do okna vloz text a klik-look log vloz sem

Kód: Vybrat vše

:filefind
explorer.exe

[jurcja1]

Přemýšlel sjem zdali by šlo normálně v dosu nebo přes killnutý explorer.exe a příkazovou řádku dát do system32 nový explorer.exe ale nemohu ho nikde najít ani na windows cd není..

Tady ty logy..
exeHelper by Raktor
Build 20091220
Run at 11:45:17 on 02/22/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--



SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 11:45 on 22/02/2010 by Milan a Kuba (Administrator - Elevation successful)

========== filefind ==========

Searching for "explorer.exe"
C:\WINDOWS\ERDNT\cache\explorer.exe --a--- 1034240 bytes [04:24 22/09/2009] [06:52 14/04/2008] 27AFD587C462E280EE046B8CCA3C2CD1
C:\WINDOWS\explorer.exe ------ 1034240 bytes [06:52 14/04/2008] [06:52 14/04/2008] 27AFD587C462E280EE046B8CCA3C2CD1
C:\WINDOWS\system32\dllcache\explorer.exe --a--c 1034240 bytes [06:52 14/04/2008] [06:52 14/04/2008] 27AFD587C462E280EE046B8CCA3C2CD1
C:\WINDOWS\system32\explorer.exe -ra--- 659968 bytes [21:36 21/02/2010] [10:56 09/02/2009] C3D3FDE6E2BA41AAC58872F525BD59F8

-=End Of File=-

[stell]

PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte>>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe



Suhlasit instalacio Konzoly pre zotavenie (Recovery console)


- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

[jurcja1]

Odstraněno, napadlo mě taky prvně že použiji combofix už hned na začátku jelikžo v pc mám docela hodně nástrojů ještě jak jsem se kdysi zabýval viry a touto problematikou,ale raději jsem dal přednost odborníkům.. Ještě protestuji pc spybotem vyčistím a dám vědět..

ComboFix 10-02-21.02 - Milan a Kuba 22.02.2010 11:58:37.6.2 - x86
Spuštěný z: c:\documents and settings\Milan a Kuba\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\explorer.exe
c:\windows\system32\x264vfw-uninstall.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-22 do 2010-02-22 )))))))))))))))))))))))))))))))
.

2010-02-22 10:40 . 2010-02-22 10:40 -------- d-----w- c:\program files\trend micro
2010-02-22 09:25 . 2010-02-22 09:25 -------- d-----w- C:\rsit
2010-02-21 20:02 . 2010-02-21 20:02 -------- d-----w- c:\program files\Common Files\BioWare
2010-02-21 19:32 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-21 19:32 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-21 19:32 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-21 19:32 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-21 19:03 . 2010-02-21 19:03 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-02-20 21:14 . 2010-02-20 22:08 -------- d-----w- c:\program files\Yahoo!
2010-02-20 20:34 . 2010-02-20 20:36 -------- d-----w- c:\program files\JDownloader
2010-02-12 18:42 . 2010-02-12 18:42 -------- d-----w- c:\windows\Farm Frenzy 2
2010-02-02 19:54 . 2010-02-02 19:54 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-02-01 21:33 . 2010-02-02 17:57 -------- d-----w- c:\program files\MPC HomeCinema
2010-01-31 10:21 . 2010-01-31 18:13 253952 ------w- c:\windows\Setup1.exe
2010-01-31 10:21 . 2010-01-31 18:13 73728 ----a-w- c:\windows\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 11:03 . 2008-12-14 19:22 -------- d-----w- c:\program files\SpeedFan
2010-02-22 10:39 . 2009-04-05 10:43 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-21 21:11 . 2008-12-14 20:54 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-21 21:10 . 2008-12-14 20:53 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-21 19:03 . 2008-12-14 20:51 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-21 09:15 . 2009-02-17 09:41 -------- d-----w- c:\program files\OO Software
2010-02-21 09:14 . 2008-12-14 17:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-21 09:14 . 2009-03-29 18:19 -------- d-----w- c:\program files\Ontrack
2010-02-21 08:53 . 2009-03-16 16:46 -------- d-----w- c:\program files\PowerDataRecovery
2010-02-20 19:54 . 2008-12-14 19:55 -------- d-----w- c:\program files\ASUS
2010-02-20 14:39 . 2009-01-02 18:25 -------- d-----w- c:\program files\GetASFStream
2010-02-20 14:35 . 2008-12-15 21:02 -------- d-----w- c:\program files\Uloz.to Uploader
2010-02-20 14:34 . 2009-05-09 09:00 -------- d-----w- c:\program files\Prime95
2010-02-11 17:55 . 2008-12-14 20:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-02 19:45 . 2008-12-14 18:27 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-01-22 18:14 . 2010-01-21 17:43 -------- d-----w- c:\program files\Dr.Kawashima
2010-01-21 18:06 . 2010-01-21 18:06 -------- d-----w- c:\program files\VideoLAN
2010-01-19 16:31 . 2010-01-19 16:29 -------- d-----w- c:\program files\QIP Infium
2010-01-13 17:40 . 2008-04-13 22:50 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-01-11 14:14 . 2008-12-14 18:18 -------- d-----w- c:\program files\ICQ6.5
2010-01-06 19:57 . 2010-01-06 19:57 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-06 19:57 . 2010-01-05 15:37 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-06 19:57 . 2008-12-15 14:19 -------- d-----w- c:\program files\Nokia
2010-01-05 15:14 . 2001-10-25 16:00 91274 ----a-w- c:\windows\system32\perfc005.dat
2010-01-05 15:14 . 2001-10-25 16:00 456936 ----a-w- c:\windows\system32\perfh005.dat
2010-01-02 12:21 . 2010-01-02 12:21 -------- d-----w- c:\program files\MSBuild
2010-01-01 22:18 . 2010-01-01 22:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-01-01 22:18 . 2010-01-01 22:18 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-01-01 22:15 . 2008-12-15 14:19 -------- d-----w- c:\program files\DIFX
2010-01-01 22:15 . 2010-01-01 22:15 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-31 16:50 . 2008-04-13 22:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 19:59 . 2009-12-30 19:59 -------- d-----w- c:\program files\VITSOFT
2009-12-30 12:04 . 2008-12-14 17:50 -------- d-----w- c:\program files\Intel
2009-12-29 12:22 . 2008-12-14 19:27 -------- d-----w- c:\program files\Internet Download Manager
2009-12-21 19:08 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-12-14 17:41 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-04-14 06:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 19:32 . 2008-12-14 19:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-09 10:11 . 2008-04-14 06:06 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2008-04-14 08:06 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-05 16:21 . 2009-01-30 09:01 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-05 16:21 . 2009-01-30 09:01 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-04 18:22 . 2008-04-13 22:47 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-27 17:14 . 2008-04-14 06:51 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2008-04-14 08:51 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 16:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2008-04-14 08:51 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2008-04-14 06:51 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2008-04-14 06:51 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-10-14 14:01 . 2009-12-23 14:11 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
2009-10-20 20:31 . 2009-10-20 16:55 14655520 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

------- Sigcheck -------

[-] 2010-01-13 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-10-14 14:01 150768 ----a-w- c:\documents and settings\Milan a Kuba\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-12-29 3171760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 102400]
"HDInspector.exe"="c:\program files\Hard Drive Inspector\HDInspector.exe" [2009-05-04 1031168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

c:\documents and settings\Milan a Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ATI Tray Tools.lnk - c:\program files\Ray Adams\ATI Tray Tools\atitray.exe [2007-5-22 521128]
ObjectDock Plus.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-2-19 3581680]
Rainmeter.lnk - c:\program files\Vista Rainbar\Rainmeter.exe [2008-12-14 118784]
speedfan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-4-22 3921528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-01-01 19:35 229376 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^Milan a Kuba^Nabídka Start^Programy^Po spuštění^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-09 19:32 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON Stylus DX7400 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "c:\windows\TEMP\E_SFD.tmp" /EF "HKCU"
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" -s

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe"
"Cpu Level Up help"=c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"CTAvTray"=c:\program files\Creative\SBLive\Program\CTAvtray.exe
"RTHDCPL"=RTHDCPL.EXE
"AlcWzrd"=ALCWZRD.EXE
"ASUS Energy Saving"="c:\program files\ASUS\AI Suite\EnergySaving\PwSave.exe"
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe"
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe"
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Games\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Games\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"d:\\Games\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Spamihilator\\cdcc.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Spamihilator\\spamihilator.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Steam\\SteamApps\\common\\zero gear\\ZeroGear.bat"=
"d:\\Games\\Electronic Arts\\Battlefield Bad Company 2 - BETA\\BFBC2BetaUpdater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 Aox402Camera;Genius VideoCAM Live VC;c:\windows\system32\DRIVERS\se402vc.sys [2002-07-26 368868]
R3 cpuz130;cpuz130;c:\docume~1\MILANA~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [x]
R3 SE402RefCameraStill;Genius VideoCAM Live SC;c:\windows\system32\DRIVERS\se402sc.sys [2002-07-24 68324]
R3 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 usb2vcom;DKU-5 Connectivity Adapter Cable;c:\windows\system32\DRIVERS\usb2vcom.sys [2005-08-06 28704]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-08-05 91472]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-08-05 99472]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-26 721904]
S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 18088]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-08-05 115856]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-08-05 41424]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/17 21:35];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-03-30 15:53 87536]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
S2 SpamiService;SpamiService;c:\program files\Spamihilator\SRVANY.EXE [1996-08-30 13312]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\documents and settings\Milan a Kuba\Data aplikací\Mozilla\Firefox\Profiles\f048h2a5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\Milan a Kuba\Data aplikací\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\Milan a Kuba\Data aplikací\Mozilla\Firefox\Profiles\f048h2a5.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}\components\mintray-9178506d-2005072516-trunk.dll
FF - component: c:\documents and settings\Milan a Kuba\Data aplikací\Mozilla\Firefox\Profiles\f048h2a5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-PCSuite - (no file)
MSConfigStartUp-PcSync2 - (no file)
AddRemove-x264vfw - c:\windows\system32\x264vfw-uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-22 12:04
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spmm.sys >>UNKNOWN [0x8A8AD938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf7495cb8
\Driver\atapi -> atapi.sys @ 0xf7978b40
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller -> SendCompleteHandler -> NDIS.sys @ 0xba6ffbb0
PacketIndicateHandler -> NDIS.sys @ 0xba70ca21
SendHandler -> NDIS.sys @ 0xba6ea87b

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1935655697-1979792683-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:0a,67,43,a7,f0,04,84,b4,62,03,e5,e5,90,16,fb,13,32,59,c0,2a,58,
7c,aa,66,37,33,b0,e5,ea,59,b6,7b,ce,90,df,98,e0,5b,6f,df,8d,98,dd,d5,a7,b5,\
"rkeysecu"=hex:bd,c2,24,9e,83,47,53,1a,36,ff,fe,e2,be,fe,77,50
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1428)
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'explorer.exe'(1112)
c:\program files\Ray Adams\ATI Tray Tools\raphook.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\msi.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\devldr32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Spamihilator\Spamihilator.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Celkový čas: 2010-02-22 12:07:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-22 11:07

Před spuštěním: Volných bajtů: 15 899 529 216
Po spuštění: Volných bajtů: 15 932 203 008

- - End Of File - - 64B7E269AE5AFE7AAE8758577E98F161

[stell]

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
File::
c:\documents and settings\Milan a Kuba\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"=-
DDS::
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
Extra::
FireFox::
FF - ProfilePath - c:\documents and settings\Milan a Kuba\Data aplikací\Mozilla\Firefox\Profiles\f048h2a5.default\
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FCOPY::
c:\windows\ERDNT\cache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

[jurcja1]

ComboFix 10-02-21.02 - Milan a Kuba 22.02.2010 12:56:08.7.2 - x86
Spuštěný z: c:\documents and settings\Milan a Kuba\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Milan a Kuba\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý


FILE ::
"c:\documents and settings\Milan a Kuba\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Milan a Kuba\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll

.
--------------- FCopy ---------------

c:\windows\ERDNT\cache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-22 do 2010-02-22 )))))))))))))))))))))))))))))))
.

2010-02-22 10:40 . 2010-02-22 10:40 -------- d-----w- c:\program files\trend micro
2010-02-22 09:25 . 2010-02-22 09:25 -------- d-----w- C:\rsit
2010-02-21 20:02 . 2010-02-21 20:02 -------- d-----w- c:\program files\Common Files\BioWare
2010-02-21 19:32 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-21 19:32 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-21 19:32 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-21 19:32 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-21 19:03 . 2010-02-21 19:03 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-02-20 21:14 . 2010-02-20 22:08 -------- d-----w- c:\program files\Yahoo!
2010-02-20 20:34 . 2010-02-20 20:36 -------- d-----w- c:\program files\JDownloader
2010-02-12 18:42 . 2010-02-12 18:42 -------- d-----w- c:\windows\Farm Frenzy 2
2010-02-02 19:54 . 2010-02-02 19:54 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-02-01 21:33 . 2010-02-02 17:57 -------- d-----w- c:\program files\MPC HomeCinema
2010-01-31 10:21 . 2010-01-31 18:13 253952 ------w- c:\windows\Setup1.exe
2010-01-31 10:21 . 2010-01-31 18:13 73728 ----a-w- c:\windows\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 12:00 . 2008-12-14 19:22 -------- d-----w- c:\program files\SpeedFan
2010-02-22 11:44 . 2009-04-05 10:43 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-21 21:11 . 2008-12-14 20:54 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-21 21:10 . 2008-12-14 20:53 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-21 19:03 . 2008-12-14 20:51 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-21 09:15 . 2009-02-17 09:41 -------- d-----w- c:\program files\OO Software
2010-02-21 09:14 . 2008-12-14 17:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-21 09:14 . 2009-03-29 18:19 -------- d-----w- c:\program files\Ontrack
2010-02-21 08:53 . 2009-03-16 16:46 -------- d-----w- c:\program files\PowerDataRecovery
2010-02-20 19:54 . 2008-12-14 19:55 -------- d-----w- c:\program files\ASUS
2010-02-20 14:39 . 2009-01-02 18:25 -------- d-----w- c:\program files\GetASFStream
2010-02-20 14:35 . 2008-12-15 21:02 -------- d-----w- c:\program files\Uloz.to Uploader
2010-02-20 14:34 . 2009-05-09 09:00 -------- d-----w- c:\program files\Prime95
2010-02-11 17:55 . 2008-12-14 20:44 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-02 19:45 . 2008-12-14 18:27 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-01-22 18:14 . 2010-01-21 17:43 -------- d-----w- c:\program files\Dr.Kawashima
2010-01-21 18:06 . 2010-01-21 18:06 -------- d-----w- c:\program files\VideoLAN
2010-01-19 16:31 . 2010-01-19 16:29 -------- d-----w- c:\program files\QIP Infium
2010-01-11 14:14 . 2008-12-14 18:18 -------- d-----w- c:\program files\ICQ6.5
2010-01-06 19:57 . 2010-01-06 19:57 -------- d-----w- c:\program files\Common Files\PCSuite
2010-01-06 19:57 . 2010-01-05 15:37 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-06 19:57 . 2008-12-15 14:19 -------- d-----w- c:\program files\Nokia
2010-01-05 15:14 . 2001-10-25 16:00 91274 ----a-w- c:\windows\system32\perfc005.dat
2010-01-05 15:14 . 2001-10-25 16:00 456936 ----a-w- c:\windows\system32\perfh005.dat
2010-01-02 12:21 . 2010-01-02 12:21 -------- d-----w- c:\program files\MSBuild
2010-01-01 22:18 . 2010-01-01 22:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-01-01 22:18 . 2010-01-01 22:18 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-01-01 22:15 . 2008-12-15 14:19 -------- d-----w- c:\program files\DIFX
2010-01-01 22:15 . 2010-01-01 22:15 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-31 16:50 . 2008-04-13 22:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 19:59 . 2009-12-30 19:59 -------- d-----w- c:\program files\VITSOFT
2009-12-30 12:04 . 2008-12-14 17:50 -------- d-----w- c:\program files\Intel
2009-12-29 12:22 . 2008-12-14 19:27 -------- d-----w- c:\program files\Internet Download Manager
2009-12-21 19:08 . 2008-04-14 06:52 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-12-14 17:41 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-04-14 06:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 19:32 . 2008-12-14 19:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-09 10:11 . 2008-04-14 06:06 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2008-04-14 08:06 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-05 16:21 . 2009-01-30 09:01 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-05 16:21 . 2009-01-30 09:01 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-04 18:22 . 2008-04-13 22:47 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-27 17:14 . 2008-04-14 06:51 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2008-04-14 08:51 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 16:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2008-04-14 08:51 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2008-04-14 06:51 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2008-04-14 06:51 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-10-14 14:01 . 2009-12-23 14:11 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
2009-10-20 20:31 . 2009-10-20 16:55 14655520 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-12-29 3171760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 102400]
"HDInspector.exe"="c:\program files\Hard Drive Inspector\HDInspector.exe" [2009-05-04 1031168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

c:\documents and settings\Milan a Kuba\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ATI Tray Tools.lnk - c:\program files\Ray Adams\ATI Tray Tools\atitray.exe [2007-5-22 521128]
ObjectDock Plus.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-2-19 3581680]
Rainmeter.lnk - c:\program files\Vista Rainbar\Rainmeter.exe [2008-12-14 118784]
speedfan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-4-22 3921528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-01-01 19:35 229376 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^Milan a Kuba^Nabídka Start^Programy^Po spuštění^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-09 19:32 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON Stylus DX7400 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "c:\windows\TEMP\E_SFD.tmp" /EF "HKCU"
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" -s

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe"
"Cpu Level Up help"=c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe
"CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"CTAvTray"=c:\program files\Creative\SBLive\Program\CTAvtray.exe
"RTHDCPL"=RTHDCPL.EXE
"AlcWzrd"=ALCWZRD.EXE
"ASUS Energy Saving"="c:\program files\ASUS\AI Suite\EnergySaving\PwSave.exe"
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe"
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe"
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Games\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Games\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"d:\\Games\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Spamihilator\\cdcc.exe"=
"c:\\Program Files\\Spamihilator\\dccproc.exe"=
"c:\\Program Files\\Spamihilator\\spamihilator.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Steam\\SteamApps\\common\\zero gear\\ZeroGear.bat"=
"d:\\Games\\Electronic Arts\\Battlefield Bad Company 2 - BETA\\BFBC2BetaUpdater.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 Aox402Camera;Genius VideoCAM Live VC;c:\windows\system32\DRIVERS\se402vc.sys [2002-07-26 368868]
R3 cpuz130;cpuz130;c:\docume~1\MILANA~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [x]
R3 SE402RefCameraStill;Genius VideoCAM Live SC;c:\windows\system32\DRIVERS\se402sc.sys [2002-07-24 68324]
R3 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 usb2vcom;DKU-5 Connectivity Adapter Cable;c:\windows\system32\DRIVERS\usb2vcom.sys [2005-08-06 28704]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-08-05 91472]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-08-05 99472]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-26 721904]
S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 18088]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-08-05 115856]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-08-05 41424]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/04/17 21:35];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-03-30 15:53 87536]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
S2 SpamiService;SpamiService;c:\program files\Spamihilator\SRVANY.EXE [1996-08-30 13312]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\documents and settings\Milan a Kuba\Data aplikací\Mozilla\Firefox\Profiles\f048h2a5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - component: c:\documents and settings\Milan a Kuba\Data aplikací\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\Milan a Kuba\Data aplikací\Mozilla\Firefox\Profiles\f048h2a5.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}\components\mintray-9178506d-2005072516-trunk.dll
FF - component: c:\documents and settings\Milan a Kuba\Data aplikací\Mozilla\Firefox\Profiles\f048h2a5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-22 13:01
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spzz.sys >>UNKNOWN [0x8A900938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf7495cb8
\Driver\atapi -> atapi.sys @ 0xf7978b40
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller -> SendCompleteHandler -> NDIS.sys @ 0xba6ffbb0
PacketIndicateHandler -> NDIS.sys @ 0xba70ca21
SendHandler -> NDIS.sys @ 0xba6ea87b

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1935655697-1979792683-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:0a,67,43,a7,f0,04,84,b4,62,03,e5,e5,90,16,fb,13,32,59,c0,2a,58,
7c,aa,66,37,33,b0,e5,ea,59,b6,7b,ce,90,df,98,e0,5b,6f,df,8d,98,dd,d5,a7,b5,\
"rkeysecu"=hex:bd,c2,24,9e,83,47,53,1a,36,ff,fe,e2,be,fe,77,50
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1340)
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'explorer.exe'(2376)
c:\program files\Ray Adams\ATI Tray Tools\raphook.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\Windows Media Player\wmpband.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\msi.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\devldr32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Spamihilator\Spamihilator.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Celkový čas: 2010-02-22 13:03:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-22 12:03
ComboFix2.txt 2010-02-22 11:07

Před spuštěním: Volných bajtů: 15 940 292 608
Po spuštění: Volných bajtů: 15 890 444 288

- - End Of File - - AC55194621D10CDDF5532189F04AA98A

[stell]

Odinstaluj ComboFix - Start -> Spustit - ComboFix /Uninstall -> OK

Stáhni, nainstaluj program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- PravyKlik na kos-spustit ccleaner ->>>Cakas>>na cistenie,,
PravyKlik na kos-otvorit ccleaner-záložka Windows a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na záložku Aplikace a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na Registry, stiskni Hledej problémy, po dokončení skenování klikni na Opravit vybrané problémy,
-zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Opravit všechny problémy,

Start-spustit-napis cleanmgr ok>>dalsie moznosti-obnova systemu-vycistit,,ok,,ok

A napis ci este mas problemu s pc.

[jurcja1]

Ne už vyřešeno. díky moc..

[stell]

nemas zaco.