HJT. Prosim o kontrolu Logu Vyřešeno

[Swll]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:05, on 28.2.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\p2phost.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\vlastnik\AppData\Local\Temp\RtkBtMnt.exe
E:\PhoneConnectorVMC.exe
C:\Program Files\vodafone\vmclite\vmc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\vlastnik\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\vlastnik\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [VMCL] C:\Program Files\vodafone\vmclite\DongleEnumerator.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E6B2600-6C2A-46E6-A573-367CECCC9B7E}: NameServer = 217.77.161.130 217.77.161.131
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7198 bytes

[Reklama]

[Swll]

A tady je log Malwarebytes' Anti-Malware asi bude potreba nic jsem nemazal



Malwarebytes' Anti-Malware 1.34
Verze databáze: 1813
Windows 6.0.6001 Service Pack 1

28.2.2009 18:34:31
mbam-log-2009-02-28 (18-34-31).txt

Typ skenu: Rychlý sken
Objektu skenováno: 53073
Uplynulý cas: 3 minute(s), 6 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[jaro3]

Napiš zda máš 32 nebo 64bit, vistu.

[Swll]

Hm tak to bude trosku problem ja nevim jakou mam Vistu mam Vistu Home Premium ale nevim jestli to k necemu bude

[jaro3]

Pravým tento počítač-vyber - vlastnosti a pokud tam nemáš výslovně napsáno 64bit , tak máš 32bit.

[Swll]

Jo super mam to Typ systemu-32 bitovy operacni system Diky za radu

[jaro3]

Vypni rez. ochranu u Avastu a štít u SpywareTerminatoru.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Swll]

A je tu dalsi problem stahnul jsem ComboFix a pise mi to tohle-Chyba ComboFix nemuzete prejmenovat na ComboFix 1 Prosim zvolte jiny nazev, slozeny nejlepe z alfanumerickych znaku dam OK a nic co ted mam delat?

[jaro3]

Smaž ho a stáhni nový ,při ukládání na plochu zvol název třeba VerTerm.exe

[Swll]

Teda chlape ty mi davas uplne mam strach co mi zase das za ukol doufam ze to nebude nic sloziteho tady je ten Log




ComboFix 09-02-28.01 - vlastnik 2009-02-28 20:05:49.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.1013.261 [GMT 1:00]
Spuštěný z: c:\users\vlastnik\Desktop\VerTerm.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\Desktop_.ini
c:\windows\system32\x64

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-28 do 2009-02-28 )))))))))))))))))))))))))))))))
.

2009-02-28 18:28 . 2009-02-28 18:28 <DIR> d-------- c:\users\vlastnik\AppData\Roaming\Malwarebytes
2009-02-28 18:27 . 2009-02-28 18:27 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-28 18:27 . 2009-02-28 18:27 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-28 03:01 . 2009-02-28 03:04 <DIR> d-------- c:\users\vlastnik\AppData\Roaming\Skype
2009-02-28 03:00 . 2009-02-28 03:00 <DIR> dr------- c:\program files\Skype
2009-02-28 03:00 . 2009-02-28 03:00 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-28 02:28 . 2009-02-28 02:28 <DIR> d-------- c:\program files\QIP
2009-02-27 14:08 . 2009-02-27 14:08 <DIR> d-------- c:\program files\Vodafone
2009-02-27 01:42 . 2009-02-27 01:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2009-02-27 01:42 . 2009-02-27 01:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-02-27 01:42 . 2009-02-27 01:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2009-02-26 02:08 . 2009-02-26 02:08 <DIR> d-------- c:\users\All Users\WindowsSearch
2009-02-26 02:08 . 2009-02-26 02:08 <DIR> d-------- c:\programdata\WindowsSearch
2009-02-25 18:14 . 2009-02-25 18:14 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-25 16:56 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-02-25 16:56 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-02-25 16:56 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-02-25 16:56 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-02-22 14:10 . 2009-02-22 14:10 <DIR> d-------- c:\program files\CCleaner
2009-02-10 21:54 . 2009-02-10 21:54 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-02-10 21:54 . 2009-02-10 21:54 <DIR> d-------- c:\program files\Microsoft
2009-02-10 21:16 . 2009-02-10 21:54 <DIR> d-------- c:\program files\Windows Live
2009-02-10 21:16 . 2009-02-10 21:16 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2009-02-10 21:15 . 2009-02-10 21:15 <DIR> d-------- c:\users\All Users\WLInstaller
2009-02-10 21:15 . 2009-02-10 21:15 <DIR> d-------- c:\programdata\WLInstaller
2009-02-10 19:54 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-10 19:54 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-10 19:51 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-10 19:51 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-10 19:51 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-10 19:51 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-10 19:51 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-01-31 16:23 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-01-31 16:23 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-01-31 16:22 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-01-31 16:22 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-01-31 16:22 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-01-31 16:22 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-01-31 16:22 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-01-31 16:22 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-01-31 16:15 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-01-31 16:15 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-01-31 16:15 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-01-31 16:14 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-01-31 16:14 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 18:53 --------- d-----w c:\programdata\Spyware Terminator
2009-02-28 17:01 --------- d-----w c:\users\vlastnik\AppData\Roaming\Spyware Terminator
2009-02-28 02:02 --------- d-----w c:\users\vlastnik\AppData\Roaming\skypePM
2009-02-28 02:00 --------- d-----w c:\programdata\Skype
2009-02-10 18:55 --------- d-----w c:\program files\Windows Mail
2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-01-23 23:18 --------- d-----w c:\program files\Spyware Terminator
2009-01-23 23:10 142,592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-01-21 20:53 --------- d-----w c:\users\vlastnik\AppData\Roaming\dvdcss
2009-01-20 21:57 --------- d-----w c:\program files\Trend Micro
2009-01-19 16:26 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-01-18 00:48 174 --sha-w c:\program files\desktop.ini
2009-01-18 00:40 --------- d-----w c:\program files\Windows Sidebar
2009-01-18 00:40 --------- d-----w c:\program files\Windows Photo Gallery
2009-01-18 00:40 --------- d-----w c:\program files\Windows Journal
2009-01-18 00:40 --------- d-----w c:\program files\Windows Defender
2009-01-18 00:40 --------- d-----w c:\program files\Windows Collaboration
2009-01-18 00:40 --------- d-----w c:\program files\Windows Calendar
2009-01-18 00:24 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-18 00:24 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-17 13:45 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-17 13:17 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-15 20:14 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-01-15 20:14 56 ---ha-w c:\programdata\ezsidmv.dat
2009-01-15 18:03 --------- d-----w c:\program files\Yahoo!
2009-01-15 16:48 --------- d-----w c:\users\vlastnik\AppData\Roaming\Ahead
2009-01-15 14:17 269,312 ----a-w c:\windows\System32\es.dll
2009-01-15 14:14 6,917,120 ----a-w c:\windows\System32\NlsLexicons0c1a.dll
2009-01-15 14:14 1,965,056 ----a-w c:\windows\System32\NlsData0c1a.dll
2009-01-15 14:14 1,965,056 ----a-w c:\windows\System32\NlsData081a.dll
2009-01-15 14:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 14:00 --------- d-----w c:\programdata\ICQ
2009-01-15 13:21 --------- d-----w c:\users\vlastnik\AppData\Roaming\Macrovision
2009-01-15 12:47 --------- d-----w c:\programdata\Macrovision
2009-01-15 12:40 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-15 12:37 8,464 ----a-w c:\windows\System32\SpOrder.dll
2009-01-15 11:38 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2009-01-15 11:38 61,440 ----a-w c:\windows\System32\winipsec.dll
2009-01-15 11:38 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-01-15 11:38 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2009-01-15 11:38 272,896 ----a-w c:\windows\System32\polstore.dll
2009-01-15 11:38 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2009-01-15 11:38 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2009-01-15 11:33 296,960 ----a-w c:\windows\System32\gdi32.dll
2009-01-15 11:32 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-15 11:32 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 11:32 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-15 11:32 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-15 11:32 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2009-01-15 11:32 212,480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-01-15 11:32 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-15 11:32 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-15 11:32 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-15 11:32 1,695,744 ----a-w c:\windows\System32\gameux.dll
2009-01-15 11:31 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2009-01-15 11:31 2,032,640 ----a-w c:\windows\System32\win32k.sys
2009-01-15 11:30 2,048 ----a-w c:\windows\System32\msxml3r.dll
2009-01-15 11:30 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2009-01-15 11:28 2,048 ----a-w c:\windows\System32\tzres.dll
2009-01-15 11:25 2,927,104 ----a-w c:\windows\explorer.exe
2009-01-15 11:22 988,216 ----a-w c:\windows\System32\winload.exe
2009-01-15 11:22 927,288 ----a-w c:\windows\System32\winresume.exe
2009-01-15 11:22 615,992 ----a-w c:\windows\System32\ci.dll
2009-01-15 11:22 6,656 ----a-w c:\windows\System32\kbd106n.dll
2009-01-15 11:22 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2009-01-15 11:22 40,960 ----a-w c:\windows\System32\srclient.dll
2009-01-15 11:22 378,368 ----a-w c:\windows\System32\srcore.dll
2009-01-15 11:22 318,464 ----a-w c:\windows\System32\rstrui.exe
2009-01-15 11:22 19,000 ----a-w c:\windows\System32\kd1394.dll
2009-01-15 11:22 14,848 ----a-w c:\windows\System32\srdelayed.exe
2009-01-15 11:20 712,704 ----a-w c:\windows\System32\WindowsCodecs.dll
2009-01-15 11:20 443,392 ----a-w c:\windows\System32\win32spl.dll
2009-01-15 11:20 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll
2009-01-15 11:20 37,888 ----a-w c:\windows\System32\printcom.dll
2009-01-15 11:20 347,648 ----a-w c:\windows\System32\WindowsCodecsExt.dll
2009-01-15 11:20 288,768 ----a-w c:\windows\system32\drivers\srv.sys
2009-01-15 11:20 14,848 ----a-w c:\windows\System32\wshrm.dll
2009-01-15 11:20 113,664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-01-15 11:19 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
2009-01-15 11:19 98,816 ----a-w c:\windows\System32\mfps.dll
2009-01-15 11:19 94,720 ----a-w c:\windows\System32\logagent.exe
2009-01-15 11:19 84,480 ----a-w c:\windows\System32\INETRES.dll
2009-01-15 11:19 738,304 ----a-w c:\windows\System32\inetcomm.dll
2009-01-15 11:19 53,248 ----a-w c:\windows\System32\rrinstaller.exe
2009-01-15 11:19 24,576 ----a-w c:\windows\System32\mfpmp.exe
2009-01-15 11:19 2,868,736 ----a-w c:\windows\System32\mf.dll
2009-01-15 11:19 2,048 ----a-w c:\windows\System32\mferror.dll
2009-01-15 11:19 1,645,568 ----a-w c:\windows\System32\connect.dll
2009-01-15 11:18 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-01-15 11:18 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2009-01-15 11:18 2,048 ----a-w c:\windows\System32\msxml6r.dll
2009-01-15 11:18 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2009-01-15 11:18 1,314,816 ----a-w c:\windows\System32\quartz.dll
2009-01-15 10:44 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-01-15 10:44 --------- d-----w c:\program files\Java
2009-01-15 10:42 --------- d-----w c:\users\vlastnik\AppData\Roaming\PeerNetworking
2009-01-15 08:41 147,456 ----a-w c:\windows\System32\igfxCoIn_v1329.dll
2009-01-15 08:41 1,238,832 ----a-w c:\windows\System32\igmedkrn.dll
2009-01-15 08:18 --------- d-----w c:\program files\MSXML 4.0
2009-01-14 21:14 83,456 ----a-w c:\windows\System32\wudriver.dll
2009-01-14 20:53 60,516 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-14 20:53 49,246 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-14 20:53 165,990 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{95289393-33EA-4F8D-B952-483415B9C955}"= "c:\users\vlastnik\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll" [2009-02-10 119808]

[HKEY_CLASSES_ROOT\clsid\{95289393-33ea-4f8d-b952-483415b9c955}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOT\qipbar.QIPBHO]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
2009-02-10 16:56 119808 --a------ c:\users\vlastnik\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-19 192000]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"VMCL"="c:\program files\vodafone\vmclite\DongleEnumerator.exe" [2008-04-01 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-06-25 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-01-24 2267136]
"RtHDVCpl"="RtHDVCpl.exe" [2009-01-14 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2009-01-14 c:\windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 13:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1665532280-3765707004-3423112412-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{041D28AD-0748-4560-B921-8F959982B1D2}"= c:\program files\Skype\Phone\Skype.exe:Skype

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-01-22 114768]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2009-01-18 72192]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [2009-01-24 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-01-22 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-01-22 51792]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2009-01-14 180736]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22d5047d-046f-11de-a1ea-001eec47f0b8}]
\shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b7a6cc9-046c-11de-bb8e-806e6f6e6963}]
\shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d0f44c9-046b-11de-8018-806e6f6e6963}]
\shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42f2a03f-04da-11de-9385-001eec47f0b8}]
\shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5740c47e-045f-11de-bbc1-001eec47f0b8}]
\shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{697cc60c-e300-11dd-b229-001eec47f0b8}]
\shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{697cc614-e300-11dd-b229-001eec47f0b8}]
\shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee646ea0-0466-11de-8f60-001eec47f0b8}]
\shell\AutoRun\command - E:\StartVMCLite.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.live.com/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
TCP: {2E6B2600-6C2A-46E6-A573-367CECCC9B7E} = 217.77.161.130 217.77.161.131
FF - ProfilePath - c:\users\vlastnik\AppData\Roaming\Mozilla\Firefox\Profiles\f0n07e2k.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://start.qip.ru
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\progra~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-28 20:10:50
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-02-28 20:14:01
ComboFix-quarantined-files.txt 2009-02-28 19:13:58

Před spuštěním: Volných bajtů: 112 974 794 752
Po spuštění: Volných bajtů: 112,998,764,544

275 --- E O F --- 2009-02-25 17:14:37

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\users\vlastnik\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Swll]

A je tu dalsi problem Pise mi to ze je chybne datum a at si skontroluji nastaveni co ted?