Prosím o kontrolu logu + nejde změnit domovská stránka

[zdenek44]

Prosím o kotnrolu logu nějakej humus mně totálně zablokoval změnu domovské stránky, prosím o pomoc!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:55:40, on 3.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\Program Files\EDIMAX\Common\RaUI.exe
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aramayapalim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aramayapalim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Righteous%20Kill/Images/stg_drm.ocx
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://cache.systemrequirementslab.com/ ... ab_srl.cab
O16 - DPF: {560F6CB1-A9B4-413E-AA64-1EFA3C6F98B6} - http://demo.eso9.cz/Eso9Supp.net/LIB/CA ... lient9.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - D:\Hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)

--
End of file - 8980 bytes

[zdenek44]

Zde je nový scan. stránku se mně podařilo změnit ale zůstala v nabídce šedá, a z nabídky nastavení IE nejde měnit vůbec. dole je také napsáno že nějaké funkce jsou spravovány správcem a to tam dříve nebylo!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:24:29, on 3.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\Program Files\EDIMAX\Common\RaUI.exe
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA9712] command.com /c del "C:\WINDOWS\system32\drivers\rotscxbrxnriox.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3505] cmd.exe /c del "C:\WINDOWS\system32\drivers\rotscxbrxnriox.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA634] command.com /c del "C:\WINDOWS\system32\drivers\rotscxbrxnriox.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7276] cmd.exe /c del "C:\WINDOWS\system32\drivers\rotscxbrxnriox.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5620] command.com /c del "C:\WINDOWS\system32\rotscxdabwulbx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9451] cmd.exe /c del "C:\WINDOWS\system32\rotscxdabwulbx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9613] command.com /c del "C:\WINDOWS\system32\rotscxdabwulbx.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2942] cmd.exe /c del "C:\WINDOWS\system32\rotscxdabwulbx.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5251] command.com /c del "C:\WINDOWS\system32\rotscxxwkbmuiq.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1944] cmd.exe /c del "C:\WINDOWS\system32\rotscxxwkbmuiq.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1081] command.com /c del "C:\WINDOWS\system32\rotscxxwkbmuiq.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9162] cmd.exe /c del "C:\WINDOWS\system32\rotscxxwkbmuiq.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9049] command.com /c del "C:\WINDOWS\system32\rotscxhxwvoppj.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6085] cmd.exe /c del "C:\WINDOWS\system32\rotscxhxwvoppj.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8438] command.com /c del "C:\WINDOWS\system32\rotscxhxwvoppj.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7835] cmd.exe /c del "C:\WINDOWS\system32\rotscxhxwvoppj.dat"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\RunOnce: [SpybotDeletingB3619] command.com /c del "C:\WINDOWS\system32\drivers\rotscxbrxnriox.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4089] cmd.exe /c del "C:\WINDOWS\system32\drivers\rotscxbrxnriox.sys_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7479] command.com /c del "C:\WINDOWS\system32\drivers\rotscxbrxnriox.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1392] cmd.exe /c del "C:\WINDOWS\system32\drivers\rotscxbrxnriox.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4691] command.com /c del "C:\WINDOWS\system32\rotscxdabwulbx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3800] cmd.exe /c del "C:\WINDOWS\system32\rotscxdabwulbx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5223] command.com /c del "C:\WINDOWS\system32\rotscxdabwulbx.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD432] cmd.exe /c del "C:\WINDOWS\system32\rotscxdabwulbx.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1983] command.com /c del "C:\WINDOWS\system32\rotscxxwkbmuiq.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3166] cmd.exe /c del "C:\WINDOWS\system32\rotscxxwkbmuiq.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2617] command.com /c del "C:\WINDOWS\system32\rotscxxwkbmuiq.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7735] cmd.exe /c del "C:\WINDOWS\system32\rotscxxwkbmuiq.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7891] command.com /c del "C:\WINDOWS\system32\rotscxhxwvoppj.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7083] cmd.exe /c del "C:\WINDOWS\system32\rotscxhxwvoppj.dat_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB615] command.com /c del "C:\WINDOWS\system32\rotscxhxwvoppj.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7549] cmd.exe /c del "C:\WINDOWS\system32\rotscxhxwvoppj.dat"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Righteous%20Kill/Images/stg_drm.ocx
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://cache.systemrequirementslab.com/ ... ab_srl.cab
O16 - DPF: {560F6CB1-A9B4-413E-AA64-1EFA3C6F98B6} - http://demo.eso9.cz/Eso9Supp.net/LIB/CA ... lient9.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - D:\Hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)

--
End of file - 11703 bytes

[motji]

Dobrý večer
Podle toho, co mazal spybot, to vypadá pěkně vesele zavirovaně .

Stahněte Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkuste stahnout jiný

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

-spusťte ho a nechejte pracovat. Sám se ukončí.

- Ted nerestartujte počítač!


Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
- přejmenujte ho na žížala.com

[zdenek44]

díky, tady je log s kombofix

ComboFix 10-10-02.02 - PCG 03.10.2010 23:58:34.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1634 [GMT 2:00]
Spuštěný z: c:\documents and settings\PCG\Plocha\žížala.com.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\daemon.dll
c:\windows\settings.reg
c:\windows\system32\Data
c:\windows\system32\drivers\rotscxbrxnriox.sys
c:\windows\system32\rotscxdabwulbx.dll
c:\windows\system32\rotscxhxwvoppj.dat
c:\windows\system32\rotscxxwkbmuiq.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_rotscxoqbivkdu
-------\Service_rotscxoqbivkdu


((((((((((((((((((((((((( Soubory vytvořené od 2010-09-03 do 2010-10-03 )))))))))))))))))))))))))))))))
.

2010-10-03 20:57 . 2010-10-03 20:57 -------- d-----w- C:\backups
2010-09-24 19:25 . 2010-09-24 19:25 -------- d-----w- c:\windows\Peggle Deluxe
2010-09-22 20:31 . 2010-09-22 20:31 47876 ----a-w- c:\documents and settings\All Users\Data aplikací\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-09-19 14:54 . 2010-09-19 14:54 -------- d-----w- c:\windows\Romance of Rome
2010-09-12 10:21 . 2010-09-12 10:25 -------- d-----w- c:\program files\Tajemny denik - Ztraceny bratr
2010-09-08 21:51 . 2010-08-18 15:12 2643520 ----a-w- c:\documents and settings\All Users\Data aplikací\Blizzard Entertainment\StarCraft II\patched\Support\BlizzardDownloader.exe
2010-09-06 18:12 . 2010-09-06 18:12 -------- d-----w- c:\program files\StarCraft II

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 22:09 . 2010-08-12 14:49 -------- d-----w- c:\program files\Steam
2010-10-03 20:44 . 2001-10-25 13:00 82462 ----a-w- c:\windows\system32\perfc005.dat
2010-10-03 20:44 . 2001-10-25 13:00 437062 ----a-w- c:\windows\system32\perfh005.dat
2010-10-03 20:44 . 2009-10-17 15:17 -------- d-----w- c:\program files\Microsoft.NET
2010-10-03 20:33 . 2010-07-10 12:22 -------- d-----r- c:\program files\Skype
2010-10-03 19:54 . 2008-03-30 13:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-19 14:32 . 2003-03-28 03:24 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-06 17:40 . 2010-05-30 13:13 -------- d-----w- c:\program files\Undercroft_demo
2010-09-05 18:16 . 2010-08-17 17:30 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-12 15:05 . 2008-04-09 11:06 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-12 15:03 . 2009-11-03 17:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-10 12:22 . 2010-07-10 12:22 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-07 02:27 . 2008-10-14 14:17 5069312 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-07-07 01:58 . 2010-08-12 16:01 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-07-07 01:58 . 2010-08-12 16:01 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-07-07 01:57 . 2010-08-12 16:01 4337664 ----a-w- c:\windows\system32\aticaldd.dll
2010-07-07 01:53 . 2010-08-12 16:01 15499264 ----a-w- c:\windows\system32\atioglxx.dll
2010-07-07 01:50 . 2010-08-12 16:01 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-07-07 01:48 . 2010-08-12 16:01 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:47 . 2008-04-14 03:21 299520 ----a-w- c:\windows\system32\ati2dvag.dll
2010-07-07 01:41 . 2008-04-14 03:21 3869952 ----a-w- c:\windows\system32\ati3duag.dll
2010-07-07 01:33 . 2010-08-12 16:01 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-07-07 01:32 . 2010-08-12 16:01 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-07-07 01:32 . 2010-08-12 16:01 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-07-07 01:32 . 2010-08-12 16:01 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-07-07 01:32 . 2010-08-12 16:01 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-07-07 01:31 . 2010-08-12 16:01 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-07-07 01:29 . 2010-08-12 16:01 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-07-07 01:29 . 2010-08-12 16:01 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-07-07 01:28 . 2008-04-14 03:21 2273920 ----a-w- c:\windows\system32\ativvaxx.dll
2010-07-07 01:27 . 2010-08-12 16:01 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-07-07 01:27 . 2010-08-12 16:01 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-07-07 01:25 . 2010-08-12 16:01 573440 ----a-w- c:\windows\system32\atikvmag.dll
2010-07-07 01:24 . 2010-08-12 16:01 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-07-07 01:24 . 2010-08-12 16:01 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-07-07 01:23 . 2010-08-12 16:01 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-07-07 01:19 . 2008-04-14 03:21 704512 ----a-w- c:\windows\system32\ati2cqag.dll
2010-07-07 01:15 . 2010-08-12 16:01 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-07-07 01:15 . 2010-08-12 16:01 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-07-07 01:15 . 2010-08-12 16:01 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Steam"="c:\program files\Steam\Steam.exe" [2010-09-05 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"CHotkey"="mHotkey.exe" [2002-10-09 493056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-06-18 778240]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2008-3-30 49254]
Bluetooth.lnk - c:\program files\MSI\BToes Bluetooth Software\BTTray.exe [2005-3-29 569405]
Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2010-2-22 716800]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Hry\\GTAIV\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Hry\\left4dead (G)\\left4dead.exe"=
"d:\\Hry\\NBA 2K10\\nba2k10.exe"=
"d:\\Hry\\GTAIV\\Grand Theft Auto IV\\GTAIV.exe"=
"d:\\Hry\\Modern Warfare 2\\iw4mp.exe"=
"d:\\Hry\\Dragon Age\\bin_ship\\daorigins.exe"=
"d:\\Hry\\Dragon Age\\DAOriginsLauncher.exe"=
"d:\\Hry\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"d:\\Hry\\PRO EVO 10\\pes2010.exe"=
"d:\\Hry\\Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"d:\\Hry\\Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Hry\\Opposing Fronts\\RelicCOH.exe"=
"d:\\Hry\\Opposing Fronts\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"d:\\Hry\\Battlefield Bad Company\\BFBC2Updater.exe"=
"d:\\Hry\\StarCraft II\\StarCraft II.exe"=
"d:\\Hry\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 stwlfbus;stwlfbus;c:\windows\system32\drivers\stwlfbus.sys [27.4.2003 12:39 8704]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23.4.2007 13:03 82200]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [30.3.2008 16:13 34944]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [24.8.2007 16:44 21920]
R3 st3wolf;st3wolf;c:\windows\system32\drivers\st3wolf.sys [27.4.2003 11:43 99360]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;d:\hry\Dragon Age\bin_ship\daupdatersvc.service.exe [15.12.2009 16:17 25832]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.3.2008 17:25 721904]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
LSP: imon.dll
DPF: {560F6CB1-A9B4-413E-AA64-1EFA3C6F98B6} - hxxp://demo.eso9.cz/Eso9Supp.net/LIB/CAB/Eso9Client9.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Shutdown_Manager - (no file)
HKCU-Run-ICQ - c:\progra~1\ICQ6\ICQ.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-Age Of Japan 2_is1 - d:\hry\Age Of Japan 2\ReflexiveArcade\unins000.exe
AddRemove-Alexandra Fortune Mystery of the Lunar Archipelago 1.00 - d:\hry\Alexandra Fortune Mystery of the Lunar Archipelago\Uninstall.exe
AddRemove-Bato_is1 - d:\hry\Bato\unins000.exe
AddRemove-Jewel Quest Heritage 1.00 - d:\hry\Jewel Quest Heritage\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-04 00:10
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1292428093-879983540-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1292428093-879983540-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f9,77,83,74,10,a5,ef,26,0f,45,51,85,33,9a,98,8b,30,ad,2c,27,ab,b3,42,
62,10,7b,51,2b,71,40,dc,4e,79,e0,0c,33,d0,1d,2c,e3,98,45,cd,79,03,50,60,34,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d

[HKEY_USERS\S-1-5-21-1292428093-879983540-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:df,73,19,e6,dd,01,75,a4,90,04,c2,d3,2a,a5,d4,2c,90,f7,c8,d4,01,
b6,56,6f,87,6d,56,2b,50,33,49,1a,c6,7e,99,82,39,d2,70,77,30,f2,62,a9,e2,a7,\
"rkeysecu"=hex:a9,f9,41,ed,d0,1f,3d,f6,01,ef,e9,db,d4,2c,50,8c
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3616)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\MSI\BToes Bluetooth Software\bin\btwdins.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\program files\Eset\nod32krn.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wscntfy.exe
c:\program files\NetLimiter 2 Pro\NLClient.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\Rundll32.exe
c:\windows\mHotkey.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-10-04 00:14:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-03 22:14

Před spuštěním: Volných bajtů: 17 087 549 440
Po spuštění: Volných bajtů: 17 748 660 224

- - End Of File - - 594BDFA9C7E57E7062406966BA7A8A61

[zdenek44]

a tady z HijackThis, snad už tam nic není....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:29, on 4.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\Program Files\EDIMAX\Common\RaUI.exe
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Righteous%20Kill/Images/stg_drm.ocx
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://cache.systemrequirementslab.com/ ... ab_srl.cab
O16 - DPF: {560F6CB1-A9B4-413E-AA64-1EFA3C6F98B6} - http://demo.eso9.cz/Eso9Supp.net/LIB/CA ... lient9.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - D:\Hry\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)

--
End of file - 9104 bytes

[motji]

Já bych Vám na ten pc ještě pořádně kouknu, tipuju že jste tam měl nějakého super rootkitka , podle toho co mazal combofix, a můžou tam, zůstat nějaké zbytky .

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

[zdenek44]

dobrý večer tak tady sca z MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4747

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5.10.2010 21:32:03
mbam-log-2010-10-05 (21-32-03).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 337101
Uplynulý čas: 1 hodina(y), 21 minuta(y), 55 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 7

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\HomePage (Hijack.HomePageControl) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Documents and Settings\PCG\Plocha\Marta hry 19.8.2010\Big Fish Games - Peggle Deluxe\Peggle Deluxe.exe (Trojan.MultiDropper) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxdabwulbx.dll.vir (Rootkit.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rotscxxwkbmuiq.dll.vir (Rootkit.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\rotscxbrxnriox.sys.vir (Rootkit.TDSS) -> No action taken.
C:\System Volume Information\_restore{B67CEBCB-BA8A-4465-9959-C528C8563BBB}\RP804\A0223479.sys (Rootkit.TDSS) -> No action taken.
C:\System Volume Information\_restore{B67CEBCB-BA8A-4465-9959-C528C8563BBB}\RP804\A0223480.dll (Rootkit.TDSS) -> No action taken.
C:\System Volume Information\_restore{B67CEBCB-BA8A-4465-9959-C528C8563BBB}\RP804\A0223481.dll (Rootkit.TDSS) -> No action taken.

[motji]

V mbamu můžete vše smazat. jak se tváří počítač?