kontrola logu po viru

[Karr]

Dobrý den,
prosím o kontrolu logu
Comodo našlo 3 viry
TrojWare.JS.TrojanDownloader.Agent.~EWH@226922441
TrojWare.HTML.Exploit.CodeBase.~Exec@226875254
TrojWare.JS.TrojanClicker.Small.~AC@226879074
po odstranění comodo již nic nehlásí, NTB jsem zkontroloval SpyBotem a vyčistil CCleanerem. Po nalezení i po vyčištění stále nejde spustit FireFox.

Logfile of random's system information tool 1.08 (written by random/random)
Run by mrnousek at 2011-07-06 23:02:06
Microsoft Windows 7 Ultimate
System drive C: has 8 GB (38%) free of 20 GB
Total RAM: 3037 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:02:49, on 6.7.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
D:\Ovladače\Win7_32\WireLess console\instal\wcourier.exe
C:\Windows\System32\rundll32.exe
D:\Programy\Comodo\instal\COMODO\COMODO Internet Security\cfp.exe
D:\Ovladače\Win7_32\ATK HotKey\instal\HControlUser.exe
D:\Ovladače\Win7_32\ATK Media\instal\DMedia.exe
D:\Ovladače\Win7_32\ATK osd2\instal\ATKOSD2.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Programy\DeamonTools\DAEMON Tools Lite\DTLite.exe
D:\Ovladače\Win7_32\Bluetooth\instal\BTTray.exe
D:\Programy\Total Commander 7.56a\totalcmd\TOTALCMD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\mrnousek\Downloads\RSIT.exe
C:\Program Files\trend micro\mrnousek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\mrnousek\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\mrnousek\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - D:\SLOVNK~1\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Programy\Comodo\instal\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [HControlUser] D:\Ovladače\Win7_32\ATK HotKey\instal\HControlUser.exe
O4 - HKLM\..\Run: [ATKMEDIA] D:\Ovladače\Win7_32\ATK Media\instal\DMedia.exe
O4 - HKLM\..\Run: [ATKOSD2] D:\Ovladače\Win7_32\ATK osd2\instal\ATKOSD2.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [HP Input Device Main Program] C:\Program Files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programy\AppleQuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Users\mrnousek\Downloads\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DeamonTools\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\Programy\Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - D:\Ovladače\Win7_32\Bluetooth\instal\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - D:\Ovladače\Win7_32\Bluetooth\instal\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\Office\Office12\REFIEBAR.DLL
O9 - Extra button: @D:\Ovladače\Win7_32\Bluetooth\instal\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Ovladače\Win7_32\Bluetooth\instal\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @D:\Ovladače\Win7_32\Bluetooth\instal\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Ovladače\Win7_32\Bluetooth\instal\btsendto_ie.htm
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: ASLDR Service (ASLDRService) - ASUS - D:\Ovladače\Win7_32\ATK HotKey\instal\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Ovladače\Win7_32\Bluetooth\instal\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Programy\Comodo\instal\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Programy\CDBurnerXP\CDBurnerXP\NMSAccessU.exe

--
End of file - 7050 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\mrnousek\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-08-12 149968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - D:\SLOVNK~1\QUICKF~1\PlugIns\IEHelp.dll [2007-02-16 457216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=D:\Programy\Comodo\instal\COMODO\COMODO Internet Security\cfp.exe [2011-07-05 2554696]
"HControlUser"=D:\Ovladače\Win7_32\ATK HotKey\instal\HControlUser.exe [2009-06-19 105016]
"ATKMEDIA"=D:\Ovladače\Win7_32\ATK Media\instal\DMedia.exe [2009-08-19 170624]
"ATKOSD2"=D:\Ovladače\Win7_32\ATK osd2\instal\ATKOSD2.exe [2009-08-17 6859392]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-07-30 497024]
"AmIcoSinglun"=C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [2009-09-01 233472]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-08 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-08 174104]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-08 151064]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2009-07-13 1474560]
"HP Input Device Main Program"=C:\Program Files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe [2008-10-17 356352]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"QuickTime Task"=D:\Programy\AppleQuickTime\QTTask.exe [2010-11-29 421888]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Users\mrnousek\Downloads\Malwarebytes' Anti-Malware\mbamgui.exe [2011-05-29 449584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=D:\Programy\DeamonTools\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - D:\Ovladače\Win7_32\Bluetooth\instal\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\Windows\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-02 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-07-06 23:02:07 ----D---- C:\Program Files\trend micro
2011-07-06 23:02:06 ----D---- C:\rsit
2011-07-06 22:27:45 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-07-06 21:08:57 ----D---- C:\Users\mrnousek\AppData\Roaming\Malwarebytes
2011-07-06 21:08:53 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-07-06 21:08:52 ----D---- C:\ProgramData\Malwarebytes
2011-07-06 21:08:48 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-06-21 22:48:43 ----D---- C:\Users\mrnousek\AppData\Roaming\xrecode2
2011-06-19 00:57:28 ----D---- C:\Program Files\Common Files\Java
2011-06-19 00:57:14 ----A---- C:\Windows\system32\javaws.exe
2011-06-19 00:57:14 ----A---- C:\Windows\system32\javaw.exe
2011-06-19 00:57:14 ----A---- C:\Windows\system32\java.exe

======List of files/folders modified in the last 1 months======

2011-07-06 23:02:29 ----D---- C:\Windows\Temp
2011-07-06 23:02:07 ----RD---- C:\Program Files
2011-07-06 22:27:45 ----HD---- C:\ProgramData
2011-07-06 21:08:53 ----D---- C:\Windows\system32\drivers
2011-07-06 16:35:13 ----D---- C:\Windows\System32
2011-07-05 22:50:01 ----D---- C:\Windows\Prefetch
2011-07-05 22:43:51 ----A---- C:\Windows\system32\guard32.dll
2011-07-05 18:30:42 ----D---- C:\Windows\inf
2011-07-05 18:30:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-06-30 20:29:35 ----SHD---- C:\System Volume Information
2011-06-29 22:16:49 ----D---- C:\Windows\system32\config
2011-06-28 11:41:38 ----D---- C:\Windows\system32\catroot2
2011-06-19 11:27:40 ----D---- C:\Users\mrnousek\AppData\Roaming\BitLord
2011-06-19 11:27:30 ----A---- C:\Users\mrnousek\AppData\Roaming\bitlord_log.txt
2011-06-19 00:57:28 ----SHD---- C:\Windows\Installer
2011-06-19 00:57:28 ----D---- C:\Program Files\Common Files
2011-06-19 00:57:10 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-05-31 431672]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [2011-07-05 19088]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2011-07-05 238960]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2011-07-05 37592]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2011-07-05 82400]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R3 athr;Atheros – ovladač pro zařízení pro rozšiřitelnou bezdrátovou síť LAN; C:\Windows\system32\DRIVERS\athr.sys [2009-07-14 1096704]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-07-29 87040]
R3 HpStm001;USB Style Packet Filter Driver; C:\Windows\system32\DRIVERS\HpStm001.SYS [2008-08-28 11264]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-02 5946368]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x86.sys [2009-07-14 47104]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2009-05-13 14392]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-07-18 1759872]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-07-09 1066496]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 ai3r4sdf;ai3r4sdf; C:\Windows\system32\drivers\ai3r4sdf.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-01 86056]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2009-07-01 108072]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-01 18344]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; D:\Ovladače\Win7_32\ATK HotKey\instal\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 btwdins;Bluetooth Service; D:\Ovladače\Win7_32\Bluetooth\instal\btwdins.exe [2009-07-01 582944]
R2 cmdAgent;COMODO Internet Security Helper Service; D:\Programy\Comodo\instal\COMODO\COMODO Internet Security\cmdagent.exe [2011-07-05 1793712]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 NMSAccessU;NMSAccessU; D:\Programy\CDBurnerXP\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

[Roli]

Zdravím, tohle fixni v HJT :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\mrnousek\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\mrnousek\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programy\AppleQuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Users\mrnousek\Downloads\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

HJT najdeš zde :

C:\Program Files\trend micro\mrnousek.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

Služba Google Update (gupdate)

Služba Google Update (gupdatem)

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.


P.S. písni mi co máš za verzi Firefoxu, on totiž od verze 4.0 na některých PC zlobí

[Karr]

díky moc za radu, k tomu ntb se dostanu až večer, takže přes den s tim nic neudělám. FireFox je verze 5.0

[Roli]

V pohodě já mám času dost

Zkus tedy zatím použít verzi 3.6

[Karr]

FireFox 3.6.8 funguje

ComboFix 11-07-07.03 - mrnousek 07.07.2011 20:04:09.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3037.1966 [GMT 2:00]
Spuštěný z: c:\users\mrnousek\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-07 do 2011-07-07 )))))))))))))))))))))))))))))))
.
.
2011-07-07 18:10 . 2011-07-07 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-07 16:03 . 2011-07-07 16:04 -------- d-----w- c:\users\mrnousek\AppData\Roaming\ICQ
2011-07-06 21:02 . 2011-07-07 17:54 -------- d-----w- c:\program files\trend micro
2011-07-06 21:02 . 2011-07-06 21:02 -------- d-----w- C:\rsit
2011-07-06 20:27 . 2011-07-06 20:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-06 19:08 . 2011-07-06 19:08 -------- d-----w- c:\users\mrnousek\AppData\Roaming\Malwarebytes
2011-07-06 19:08 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 19:08 . 2011-07-06 19:08 -------- d-----w- c:\programdata\Malwarebytes
2011-07-06 19:08 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-21 20:48 . 2011-06-21 21:04 -------- d-----w- c:\users\mrnousek\AppData\Roaming\xrecode2
2011-06-19 12:49 . 2011-06-19 12:49 -------- d-----w- c:\users\mrnousek\AppData\Local\Western Digital
2011-06-18 22:57 . 2011-06-18 22:57 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-05 20:43 . 2010-06-01 17:00 285256 ----a-w- c:\windows\system32\guard32.dll
2011-07-05 20:43 . 2010-06-01 17:00 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-07-05 20:43 . 2010-06-01 17:00 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-07-05 20:43 . 2010-06-01 17:00 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-07-05 20:43 . 2010-06-04 09:55 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-08 08:33 . 2011-05-17 16:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-31 18:02 . 2010-09-05 14:47 431672 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-05-04 02:52 . 2010-09-05 12:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programy\DeamonTools\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ICQ"="d:\programy\ICQ 7.5\ICQ7.5\ICQ.exe" [2011-06-29 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="d:\programy\Comodo\instal\COMODO\COMODO Internet Security\cfp.exe" [2011-07-05 2554696]
"HControlUser"="d:\ovladače\Win7_32\ATK HotKey\instal\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="d:\ovladače\Win7_32\ATK Media\instal\DMedia.exe" [2009-08-19 170624]
"ATKOSD2"="d:\ovladače\Win7_32\ATK osd2\instal\ATKOSD2.exe" [2009-08-17 6859392]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 497024]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-09-01 233472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 151064]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 1474560]
"HP Input Device Main Program"="c:\program files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe" [2008-10-16 356352]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - d:\ovladaźe\Win7_32\Bluetooth\instal\BTTray.exe [2009-7-1 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
R4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-07-05 19088]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-07-05 238960]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-07-05 37592]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-29 87040]
S3 HpStm001;USB Style Packet Filter Driver;c:\windows\system32\DRIVERS\HpStm001.SYS [2008-08-28 11264]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1066496]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-12 10:18]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-12 10:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - d:\programy\Office\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - d:\ovladače\Win7_32\Bluetooth\instal\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - d:\ovladače\Win7_32\Bluetooth\instal\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - d:\programy\ICQ 7.5\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\mrnousek\AppData\Roaming\Mozilla\Firefox\Profiles\zkcagr1m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programy\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\programy\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\programy\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - d:\programy\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - d:\programy\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Udelatko: udelatko@shabbi.cz - %profile%\extensions\udelatko@shabbi.cz
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - %profile%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(492)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(3432)
c:\windows\system32\guard32.dll
d:\ovladače\Win7_32\Bluetooth\instal\btmmhook.dll
c:\windows\System32\hgcpl.dll
.
Celkový čas: 2011-07-07 20:12:51
ComboFix-quarantined-files.txt 2011-07-07 18:12
.
Před spuštěním: 7 655 116 800
Po spuštění: 7 442 960 384
.
- - End Of File - - 727D1AF4B4F022FC397E1CD2639326BB

[Roli]

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

FireFox::
FF - ProfilePath - c:\users\mrnousek\AppData\Roaming\Mozilla\Firefox\Profiles\zkcagr1m.default\
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[Karr]

ComboFix 11-07-07.03 - mrnousek 07.07.2011 23:49:19.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3037.1580 [GMT 2:00]
Spuštěný z: c:\users\mrnousek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\mrnousek\Desktop\CFScript.txt
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-07 do 2011-07-07 )))))))))))))))))))))))))))))))
.
.
2011-07-07 21:55 . 2011-07-07 21:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-07 16:03 . 2011-07-07 21:41 -------- d-----w- c:\users\mrnousek\AppData\Roaming\ICQ
2011-07-06 21:02 . 2011-07-07 17:54 -------- d-----w- c:\program files\trend micro
2011-07-06 21:02 . 2011-07-06 21:02 -------- d-----w- C:\rsit
2011-07-06 20:27 . 2011-07-07 18:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-06 19:08 . 2011-07-06 19:08 -------- d-----w- c:\users\mrnousek\AppData\Roaming\Malwarebytes
2011-07-06 19:08 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 19:08 . 2011-07-06 19:08 -------- d-----w- c:\programdata\Malwarebytes
2011-07-06 19:08 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-21 20:48 . 2011-06-21 21:04 -------- d-----w- c:\users\mrnousek\AppData\Roaming\xrecode2
2011-06-19 12:49 . 2011-06-19 12:49 -------- d-----w- c:\users\mrnousek\AppData\Local\Western Digital
2011-06-18 22:57 . 2011-06-18 22:57 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-05 20:43 . 2010-06-01 17:00 285256 ----a-w- c:\windows\system32\guard32.dll
2011-07-05 20:43 . 2010-06-01 17:00 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-07-05 20:43 . 2010-06-01 17:00 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-07-05 20:43 . 2010-06-01 17:00 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-07-05 20:43 . 2010-06-04 09:55 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-08 08:33 . 2011-05-17 16:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-31 18:02 . 2010-09-05 14:47 431672 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-05-04 02:52 . 2010-09-05 12:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-07_18.10.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-05 14:03 . 2011-07-07 20:31 458612 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-09-04 19:24 . 2011-07-07 21:51 1474832 c:\windows\System32\drivers\sfi.dat
- 2010-09-04 19:24 . 2011-07-07 18:04 1474832 c:\windows\System32\drivers\sfi.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programy\DeamonTools\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ICQ"="d:\programy\ICQ 7.5\ICQ7.5\ICQ.exe" [2011-06-29 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="d:\programy\Comodo\instal\COMODO\COMODO Internet Security\cfp.exe" [2011-07-05 2554696]
"HControlUser"="d:\ovladače\Win7_32\ATK HotKey\instal\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="d:\ovladače\Win7_32\ATK Media\instal\DMedia.exe" [2009-08-19 170624]
"ATKOSD2"="d:\ovladače\Win7_32\ATK osd2\instal\ATKOSD2.exe" [2009-08-17 6859392]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 497024]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-09-01 233472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 151064]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 1474560]
"HP Input Device Main Program"="c:\program files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe" [2008-10-16 356352]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - d:\ovladaźe\Win7_32\Bluetooth\instal\BTTray.exe [2009-7-1 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
R4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2011-07-05 19088]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-07-05 238960]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-07-05 37592]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-29 87040]
S3 HpStm001;USB Style Packet Filter Driver;c:\windows\system32\DRIVERS\HpStm001.SYS [2008-08-28 11264]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-09 1066496]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-12 10:18]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-12 10:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: E&xportovat do aplikace Microsoft Excel - d:\programy\Office\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - d:\ovladače\Win7_32\Bluetooth\instal\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - d:\ovladače\Win7_32\Bluetooth\instal\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - d:\programy\ICQ 7.5\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\mrnousek\AppData\Roaming\Mozilla\Firefox\Profiles\zkcagr1m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programy\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\programy\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - d:\programy\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - d:\programy\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - d:\programy\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Udelatko: udelatko@shabbi.cz - %profile%\extensions\udelatko@shabbi.cz
FF - Ext: QipAuthorizer: {32a1fd71-835e-4b11-8e54-886fda0b4c89} - %profile%\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - %profile%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(492)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(3760)
c:\windows\system32\guard32.dll
d:\ovladače\Win7_32\Bluetooth\instal\btmmhook.dll
.
Celkový čas: 2011-07-07 23:57:50
ComboFix-quarantined-files.txt 2011-07-07 21:57
ComboFix2.txt 2011-07-07 18:12
.
Před spuštěním: 7 492 157 440
Po spuštění: 7 448 313 856
.
- - End Of File - - AFAD9613D42CCE352DAD3A3510595C73

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Pak dej vědět jaký je stav PC.

[Karr]

pro jistotu jsem se zbavil QIPu 2010 a ponechal FireFox 3.6.8
Vypadá to, že vše funguje jak má. Díky moc za pomoc. Ještě bych se zeptal v čem je problém s FireFoxem 4 a 5, nějaké bezpečnostní nedostatky?

[Roli]

QIP nebude dělat problémy, protože je lepší a bezpečnější než ICQ.

Firefox 4.0 a 5.0 se tak nějak moc nepovedl, nikoliv kvůli bezpečnosti,

ale je "žravější" vůči grafice.

Jinak nemáš zač.