virus v explorer.exe

[JaRon]

skus namiesto VT http://virusscan.jotti.org/cs
som tu malo, takze pokracuj s kolegynkou

[wASQ]

hlásím, že k PC se dostanu až zase zítra ráno

[motji]

Ty soubory jsou viry, jen jsem chtěla vědět jaké .
Máte jen jeden disk, nepoužíváte žádný linux, šifrování disku a podobně?
čísla z toho 9. sektoru si uložte do poznámkového bloku, stejně tak z nultého sektoru, a také je okopírujte sem, kdyby je bylo potřeba vrátit. Pak smažeme soubory a 9.sektor přepíšeme

[wASQ]

hotovo

edit:ano jeden disk (ale 2 parti), žádný linux, žádné šifrování

9.sektor

33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB 60 B9 37 01 BD 2A 06 D2 4E 00

45 E2 FA 44 85 56 70 1C B8 26 04 08 68 62 40 0E 83 0C A3 3A 81 96 84 F5 17 10 C7 03 71 01 E1 00 37 26 BF AD C1 37 60

00 A3 C9 00 33 E2 88 41 FF D8 E8 06 83 4C FF 8E B0 00 7D E9 04 E2 C1 5E 40 CF 49 A1 F3 02 B0 0C AB B7 C2 EA 00 00 00

00 03 1B 0C B5 04 04 D8 60 BD 20 02 0E C7 81 77 80 3E 18 73 08 F1 02 CC FF B1 57 10 66 C7 81 B7 80 33 FF 6C D9 04 99

F1 60 0E 20 CC 40 33 4A C0 DB 40 99 62 C0 33 46 C0 1C 40 D2 84 BE DA 02 51 61 95 1C 9B 13 5D 01 00 EB ED 20 11 D6 98

30 26 FF 89 6F 11 9F D9 C1 DF 3C AB E3 15 8F D9 C1 40 40 00 23 13 C7 45 6B 76 70 44 BE 67 07 44 63 76 70 32 FB 9D 75

02 4A DA 88 B6 FB 87 75 EE 22 C3 3B 40 22 3C B4 04 AF 7C 80 D5 00 04 31 ED A2 C3 3B 40 C4 81 A0 5A 02 26 FF F7 0F 15

8F D9 C1 00 8C 4C 1F 15 AD D9 C1 11 D8 9D 1C 11 AF D9 C1 00 9E 81 B7 13 CF 45 63 76 70 81 30 8C 4A BA B6 2C 3C 33 C4

81 E8 1D FF 31 DC DD 40 00 BE F4 02 7E 6A 49 BB 0B C9 3A 83 20 EC 1C 1B 20 29 F4 40 F9 98 4F 2D EA EA E1 1B 8C 27 89

D8 00 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69

6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73

79 73 74 65 6D 00 00 00 2C 44 63 03 F7 A4 5E 00 00 00 01 01 00 12 FE BF 7C 3F 00 00 00 FE 25 9C 00 00 00 81 7D 0F FE

FF FF 3D 26 9C 00 E2 9B 7C 05 80 00 C1 FF 07 FE FF FF 1F C2 18 06 61 0D 8C 05 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 55 AA

3ŔŽĐĽ.|ŽŔŽŘľ.|ż..ą..üó¤Ph..Ëű`ą7.˝*.ŇN.EâúD…Vp.¸&..hb@...Ł:.–„ő..Ç.q.á.7&ż­Á7`.ŁÉ.3â.A˙Řč..L˙Ž°.}é.âÁ^@ĎIˇó.°.«·Âę..

.....µ..Ř`˝ ..Ç.w€>.s.ń.Ě˙±W.fÇ.·€3˙lŮ.™ń`. Ě@3JŔŰ@™bŔ3FŔ.@Ň„ľÚ.Qa•.›.]..ëí

.Ö.0&˙‰o.źŮÁß<«ă.ŹŮÁ@@.#.ÇEkvpDľg.Dcvp2űťu.JÚ.¶ű‡uî"Ă;@"<´.Ż|€Ő..1í˘Ă;@Ä. Z.&˙÷..ŹŮÁ.ŚL..­ŮÁ.Řť..ŻŮÁ.ž.·.ĎEcvp.0ŚJş¶

,<3Ä.č.˙1ÜÝ@.ľô.~jI».É:. ě.. )ô@ů.O-ęęá.Ś'‰Ř..ĂInvalid partition table.Error loading operating system.Missing

operating system...,Dc.÷¤^.......ţż|?...ţ%ś....}.ţ˙˙=&ś.â›|.€.Á˙.ţ˙˙.Â..a.Ś.................UŞ

0. sektor

33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 38 6E 00 7C 09 75 13

83 C5 10 E2 F4 CD 18 8B F5 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB

F2 88 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 46 08 06 83 56

0A 00 E8 21 00 73 05 A0 B6 07 EB BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF

05 00 8A 56 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 0A 77 23

72 05 39 46 08 73 1C B8 01 02 BB 00 7C 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A 56 00 CD 13 EB E4 8A 56 00 60

BB AA 55 B4 41 CD 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A 01

6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61 6C 69 64 20 70 61 72 74

69 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73

74 65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 2C 44 63 03 F7 A4 5E 00 00 00 01 01 00 12 FE BF 7C 3F 00 00 00 FE 25 9C 00 00 00 81 7D 0F FE

FF FF 3D 26 9C 00 E2 9B 7C 05 80 00 C1 FF 07 FE FF FF 1F C2 18 06 61 0D 8C 05 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 55 AA

3ŔŽĐĽ.|űP.P.üľ.|ż..PWąĺ.ó¤Ë˝ľ.±.8n.|.u..Ĺ.âôÍ.‹ő.Ć.It.8,tö µ.´.‹đ¬<.tü»..´.Í.ëň.N.čF.s*ţF.€~..t.€~..t. ¶.uŇ€F...F...

V..č!.s. ¶.ëĽ.>ţ}UŞt.€~..tČ ·.ë©‹ü.W‹őËż..ŠV.´.Í.r#ŠÁ$?.ŠŢŠüC÷ă‹Ń†Ö±.ŇîB÷â9V.w#r.9F.s.¸..».|‹N.‹V.Í.sQOtN2äŠV.Í.ëäŠV

.`»ŞU´AÍ.r6.űUŞu0öÁ.t+a`j.j.˙v.˙v.j.h.|j.j.´B‹ôÍ.aas.Ot.2äŠV.Í.ëÖaůĂInvalid partition table.Error loading operating

system.Missing operating

system..........................................................,Dc.÷¤^.......ţż|?...ţ%ś....}.ţ˙˙=&ś.â›|.€.Á˙.ţ˙˙.Â.

.a.Ś.................UŞ

[motji]

A jen jeden systém? Já se ptám proto, abych Vám fixnutím 0. sektoru neznemožnila dostat se do win

znovu spustte HxD
klikněte na otevřít disk - zvolte pevné disky(fyzické disky) (nepoplette to)
-vyberte pevný disk 1
-ze čtverečku odkliknete fajfku jen pro čtení
- otevře se program v edit modu
-najdete sektor 9
-označte myšítkem celý sektor 9 (můžete si čísílka zkopírovat a uložit v notepadu, kdyby se něco nepovedlo, vrátíte je zpět)
-zvolte možnost vyplnit výběr (3. možnost odspodu mezi dvěma čarami,) otevřou se přednastavené hodnoty ( 00 00 00...)
-potvrdíte Ok
-zavřete program, potvrdíte změnu.
-pak restartujte počítač a zkontrolujte, zda je sektor přepsaný.

[wASQ]

Hotovo, přepsáno

[motji]

Jdeme vraždit



Tuto složku znáte?
C:\ada


Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Mbr::

Collect::
c:\windows\system32\OLD68.tmp
c:\windows\system32\flwpz.exe
c:\windows\system32\wdpe.exe
c:\windows\system32\kdcq.exe
c:\windows\system32\toup.exe
c:\windows\system32\jwpgo.exe

Folder::
c:\program files\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[wASQ]

složku znám.

combofix mám na ploše jako cobra.com. mám ho zas přejmenovat zpátky?

[motji]

Nemusíte

[wASQ]

toho modrého okna se vždycky děsim ale vypadá to na úspěšnou bitvu?

LOG:

ComboFix 10-11-03.04 - Admin 11.11.2010 10:57:36.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.894.567 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Desktop\cobra.com
Použité ovládací přepínače :: c:\docume~1\Admin\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -

file zipped: c:\windows\system32\flwpz.exe
file zipped: c:\windows\system32\jwpgo.exe
file zipped: c:\windows\system32\kdcq.exe
file zipped: c:\windows\system32\OLD68.tmp
file zipped: c:\windows\system32\toup.exe
file zipped: c:\windows\system32\wdpe.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Application Data\Microsoft\stor.cfg
c:\documents and settings\All Users\Documents\Server\admin.txt
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_1f.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Thumbs.db
c:\program files\Ask.com\UpdateTask.exe
C:\setup.exe
c:\windows\system32\flwpz.exe
c:\windows\system32\jwpgo.exe
c:\windows\system32\kdcq.exe
c:\windows\system32\OLD68.tmp
c:\windows\system32\toup.exe
c:\windows\system32\wdpe.exe
c:\windows\system32\winset.ini

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-11 do 2010-11-11 )))))))))))))))))))))))))))))))
.

2010-11-11 09:25 . 2010-11-11 09:25 -------- d-----w- c:\documents and settings\Admin\Application Data\Mael
2010-11-10 10:47 . 2010-11-10 10:47 -------- d-----w- C:\HxD
2010-11-09 13:26 . 2008-04-14 00:12 507904 ----a-w- c:\windows\system32\winlogon.exe
2010-11-09 13:16 . 2010-11-09 13:16 -------- d-----w- c:\documents and settings\Admin\DoctorWeb
2010-11-09 12:01 . 2010-11-09 12:01 -------- d-----w- c:\program files\trend micro
2010-11-09 12:01 . 2010-11-09 12:01 -------- d-----w- C:\rsit
2010-11-09 11:19 . 2005-04-03 22:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2010-11-09 11:19 . 2005-04-03 22:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2010-11-09 11:19 . 2005-04-03 22:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2010-11-09 11:19 . 2005-04-03 21:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2010-11-09 11:19 . 2010-11-09 11:19 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2010-11-09 11:19 . 2010-11-09 11:19 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2010-11-09 11:19 . 2005-04-03 22:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2010-11-09 10:26 . 2010-11-09 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-06 09:12 . 2010-11-06 09:12 -------- d--h--w- c:\windows\PIF
2010-11-05 16:13 . 2010-11-05 16:13 -------- d-----w- c:\program files\CCleaner
2010-11-05 11:58 . 2010-11-09 10:22 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\AskToolbar
2010-11-05 08:40 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-05 08:40 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-05 08:40 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-05 08:40 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-05 08:40 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-05 08:40 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-05 08:40 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-05 08:40 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-05 08:40 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-05 08:39 . 2010-11-05 08:39 -------- d-----w- c:\program files\Alwil Software
2010-11-05 08:39 . 2010-11-05 08:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-04 17:09 . 2010-11-04 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ShinyTales
2010-11-04 15:36 . 2010-11-04 15:36 -------- d-----w- C:\ada
2010-10-21 13:53 . 2010-10-21 13:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-10-20 17:29 . 2010-10-20 17:30 -------- d-----w- c:\documents and settings\Admin\Application Data\Zoner
2010-10-20 17:29 . 2010-10-20 17:29 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Zoner
2010-10-16 18:05 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-16 18:05 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-16 18:05 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-16 16:00 . 2010-10-16 16:00 -------- d-----w- c:\program files\StarCraft II
2010-10-12 14:28 . 2010-10-12 14:28 -------- d-----w- c:\documents and settings\Admin\Application Data\AlterLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2004-08-10 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-10 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-10 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-01-18 08:29 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-10 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-10 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-10 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-30 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-15 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-19 2166784]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.6.2010 6:50 715248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.11.2010 9:40 165584]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [19.1.2010 15:56 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.11.2010 9:40 17744]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.7.2010 6:48 135664]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-10 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 05:48]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 05:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\uvx2b6i4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 10:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-11-11 11:00:38
ComboFix-quarantined-files.txt 2010-11-11 10:00
ComboFix2.txt 2010-11-09 15:27

Před spuštěním: 33 829 351 424 bytes free
Po spuštění: Volných bajtů: 33 804 607 488

Current=4 Default=4 Failed=2 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - B084987D917BC8DFDA1F4F60716EF81D

[wASQ]

je možné, že by některý z těch všiváků nastavoval připojování FF přes nějakou proxy?

[motji]

Možné to je, máte s tím problémy?

Ještě znovu otestujte na www.virustotal.com
c:\windows\system32\winlogon.exe

Stahněte si nový combofix a spusťte
http://www.bleepingcomputer.com/combofi ... t-combofix

Poprosím znovu o spuštění Mbr.exe a log.

[wASQ]

http://www.virustotal.com/file-scan/rep ... 1289557116

combofix log>

ComboFix 10-11-11.01 - Admin 11.11.2010 11:23:03.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.894.510 [GMT 1:00]
Spuštěný z: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-11 do 2010-11-11 )))))))))))))))))))))))))))))))
.

2010-11-11 09:25 . 2010-11-11 09:25 -------- d-----w- c:\documents and settings\Admin\Application Data\Mael
2010-11-10 10:47 . 2010-11-10 10:47 -------- d-----w- C:\HxD
2010-11-09 13:26 . 2008-04-14 00:12 507904 ----a-w- c:\windows\system32\winlogon.exe
2010-11-09 13:16 . 2010-11-09 13:16 -------- d-----w- c:\documents and settings\Admin\DoctorWeb
2010-11-09 12:01 . 2010-11-09 12:01 -------- d-----w- c:\program files\trend micro
2010-11-09 12:01 . 2010-11-09 12:01 -------- d-----w- C:\rsit
2010-11-09 11:19 . 2005-04-03 22:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2010-11-09 11:19 . 2005-04-03 22:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2010-11-09 11:19 . 2005-04-03 22:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2010-11-09 11:19 . 2005-04-03 21:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2010-11-09 11:19 . 2010-11-09 11:19 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2010-11-09 11:19 . 2010-11-09 11:19 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2010-11-09 11:19 . 2005-04-03 22:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2010-11-09 10:26 . 2010-11-09 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-06 09:12 . 2010-11-06 09:12 -------- d--h--w- c:\windows\PIF
2010-11-05 16:13 . 2010-11-05 16:13 -------- d-----w- c:\program files\CCleaner
2010-11-05 11:58 . 2010-11-09 10:22 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\AskToolbar
2010-11-05 08:40 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-05 08:40 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-05 08:40 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-05 08:40 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-05 08:40 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-05 08:40 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-05 08:40 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-05 08:40 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-05 08:40 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-05 08:39 . 2010-11-05 08:39 -------- d-----w- c:\program files\Alwil Software
2010-11-05 08:39 . 2010-11-05 08:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-04 17:09 . 2010-11-04 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ShinyTales
2010-11-04 15:36 . 2010-11-04 15:36 -------- d-----w- C:\ada
2010-10-21 13:53 . 2010-10-21 13:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-10-20 17:29 . 2010-10-20 17:30 -------- d-----w- c:\documents and settings\Admin\Application Data\Zoner
2010-10-20 17:29 . 2010-10-20 17:29 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Zoner
2010-10-16 18:05 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-16 18:05 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-16 18:05 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-16 16:00 . 2010-10-16 16:00 -------- d-----w- c:\program files\StarCraft II
2010-10-12 14:28 . 2010-10-12 14:28 -------- d-----w- c:\documents and settings\Admin\Application Data\AlterLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2004-08-10 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-10 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-10 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-01-18 08:29 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-10 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-10 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-10 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-30 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-15 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-19 2166784]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.6.2010 6:50 715248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.11.2010 9:40 165584]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [19.1.2010 15:56 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.11.2010 9:40 17744]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9.7.2010 6:48 135664]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-10 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 09:43]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 05:48]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-09 05:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\uvx2b6i4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 11:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3432)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-11-11 11:27:45
ComboFix-quarantined-files.txt 2010-11-11 10:27
ComboFix2.txt 2010-11-11 10:00
ComboFix3.txt 2010-11-09 15:27

Před spuštěním: 33 803 972 608 bytes free
Po spuštění: Volných bajtů: 33 784 786 944

Current=4 Default=4 Failed=2 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - E20A88B67E420B3907150507C3909F6A


MBR>

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS541010G9AT00 rev.MBZOA60A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

[motji]

Vy mi tu editujete a já Vás pak nevidím .
Co je s tou proxy?
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370


Jak se chová pacient?

[JaRon]

uInternet Settings,ProxyServer = http=127.0.0.1:50370
toto asi nie je to prave orechove ? mas to nastavene v MSIE aj FF
ak to nie je nastavenie od providera tak to zrus
+
este predtym odinstaluj SpyBot >> v tejto dobe mi pripada ako MB1000