PC-HELP.CZ

Asi po 3 týdnech jsem zjistil,že jsem měl vyplej firewall a počítač je zpomalený, proto prosím o kontrolu. MbAM nic nenašel
Log je z verze 2.0.2, je potřeba log z beta verze 2.0.3?
_________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:27, on 13.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\program files\powerstrip\pstrip.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zaparit.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Tony\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Tony\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2,213.180.33.225
O17 - HKLM\System\CS1\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2,213.180.33.225
O17 - HKLM\System\CS2\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2,213.180.33.225
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 7227 bytes

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
*****************************************************************************************************************************************
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Tak combofix má nějaké problémy a nejde stáhnout....zkusím jesště pohledat na googlu

Combofix je stále mimo provoz , existuje nějaká alternativa, která by mi pomohla problém vyřešit

viewtopic.php?f=70&t=48016

- tady v tomto tematu mas odkaz na stazeni CF - respektive na program KittyFix, ktery ho nahrazuje z duvodu objeveneho proglemu v CF. Princip cinnosti tam mas uveden, je jako u CF: uloz na plochu, na komplu nic jineho nedelat, na nic neklikat, nechat dojet

nový log z KittyFix
___________________________

ComboFix 09-12-18.03 - Tony 19.12.2009 12:42:34.15.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.365 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tony\Plocha\KittyFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091218-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-11-19 do 2009-12-19 )))))))))))))))))))))))))))))))
.

2009-12-18 16:09 . 2009-12-18 16:10 -------- d-----w- c:\program files\GameTracker
2009-12-11 15:28 . 2009-12-11 15:28 -------- d-s---w- c:\documents and settings\Tony\UserData
2009-12-11 15:21 . 2009-12-18 11:41 -------- d-----w- c:\program files\Xfire
2009-12-06 19:25 . 2009-12-06 19:25 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-06 17:28 . 2009-12-06 17:28 -------- d-----w- c:\program files\Rockstar Games
2009-12-06 17:02 . 2009-12-06 17:02 -------- d-----w- c:\program files\Zaparit
2009-12-05 12:18 . 2009-12-05 12:18 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-04 20:44 . 2009-12-04 20:45 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-12-04 20:15 . 2009-12-04 20:15 -------- d-----w- c:\program files\Common Files\Skype
2009-12-04 20:14 . 2009-12-04 20:15 -------- d-----r- c:\program files\Skype
2009-11-30 19:33 . 2009-11-30 19:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-29 11:19 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-11-29 11:19 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-29 11:16 . 2009-11-29 11:16 -------- d-----w- c:\program files\Microsoft Works
2009-11-29 11:12 . 2009-11-29 11:12 -------- d-----w- c:\program files\Microsoft.NET
2009-11-29 11:08 . 2009-11-29 11:08 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-29 11:07 . 2009-11-29 11:14 -------- d-----w- c:\windows\SHELLNEW
2009-11-29 10:56 . 2009-11-29 10:56 -------- d-----r- C:\MSOCache
2009-11-22 00:14 . 2009-11-22 00:15 -------- d-----w- C:\VLCPortable
2009-11-20 20:32 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-20 20:32 . 2009-12-13 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 20:32 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-18 22:19 . 2009-03-15 00:10 137464 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-18 22:18 . 2009-10-27 11:39 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-18 20:32 . 2009-08-22 20:45 -------- d-----w- c:\program files\Steam-CS
2009-12-13 12:29 . 2009-06-07 10:08 -------- d-----w- c:\program files\Lavalys
2009-12-12 12:26 . 2009-03-24 22:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-04 20:40 . 2009-07-11 14:29 -------- d-----w- c:\program files\7-Zip
2009-12-04 20:04 . 2009-03-26 14:06 -------- d-----w- c:\program files\OpenOffice.org 3
2009-12-04 20:00 . 2009-07-30 19:20 -------- d-----w- c:\program files\Crayon Physics Deluxe
2009-12-04 19:57 . 2009-11-15 21:33 -------- d-----w- c:\program files\Personal Chess Trainer
2009-11-29 11:15 . 2009-04-26 21:18 -------- d-----w- c:\program files\MSBuild
2009-11-28 12:09 . 2009-11-07 09:31 -------- d-----w- c:\program files\mIRC
2009-11-27 19:55 . 2009-06-18 19:35 -------- d-----w- c:\program files\QIP
2009-11-16 22:44 . 2009-11-16 20:29 -------- d-----w- c:\program files\TrackMania Nations ESWC
2009-11-14 13:53 . 2009-09-13 12:44 -------- d-----w- c:\program files\URUSoft
2009-11-14 13:29 . 2009-04-26 16:28 -------- d-----w- c:\program files\NuGardt Software
2009-11-14 13:28 . 2009-08-19 08:45 -------- d-----w- c:\program files\Nexus Radio
2009-11-01 11:28 . 2001-10-25 14:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2009-11-01 11:28 . 2001-10-25 14:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2009-11-01 11:12 . 2009-11-01 11:12 -------- d-----w- c:\program files\Ultra MPEG Converter
2009-10-30 15:27 . 2009-10-30 15:22 -------- d-----w- c:\program files\Pinnacle
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2009-08-05 742944]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"nwiz"="nwiz.exe" [2005-04-01 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-01 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk autocheck oodbs

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tony^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-28 15:47 133104 ----atw- c:\documents and settings\Tony\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38 167936 -c--a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-10-27 15:43 1217808 ----a-w- c:\program files\Steam-CS\Steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Steam-CS\\steamapps\\quinterboomsta89\\counter-strike\\hl.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [26.9.2009 12:45 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26.9.2009 12:45 20560]
R2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [18.12.2009 17:09 1643872]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [15.7.2007 2:37 27992]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.3.2009 22:41 717296]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.zaparit.cz/
IE: Download Using &BitSpirit
IE: E&xportovat do aplikace Microsoft Excel
IE: ÓĂ±ČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {06A27AFE-CF59-4724-A195-D8C76C57AFCB} = 213.180.32.2,213.180.33.225
FF - ProfilePath - c:\documents and settings\Tony\Data aplikací\Mozilla\Firefox\Profiles\d2wsj0w0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-Nexus Radio - c:\program files\Nexus Radio\Nexus Radio.exe
MSConfigStartUp-OODefragTray - c:\windows\system32\oodtray.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-19 12:48
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="FB3D09A11E6B48EC60711CE1D5A2A3143935C7D0ADCC3A0B1D34422D3C9A9D4E15CDE7D120B8B0EE499FBEB3EE7A34F436CCFE3BBAD5D8A7FDA1B4E420256991BB86ED3B6E437D62F3BCF895D5F447180EF2B130AC21DE7DD9A1640E3E573274B03C35AEB2A9F6941DB42516FD53B41813CA1D9B60375514BE290D0F7D1F520CDCDA1CB1FD5C6746238863F73F2D57004009401C17724A64DFC4318628BCA8DC49E1447E43249B2A0BCA16B1D66C105130F6DE07F604CBDC119015C46DC595E3A66594815818E8E7FCA464EC6551C202A6F082FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CC038D530D6EB3452A64671D51DB481FC637639CF2A4C7FD573285ABBC42346D5634DB0D9129206AADBD9AC0DE6ABDC13E072341B76AFE2ADED31E089549E0A5256F603FCB74CD10BF65001B49D8F4706C163798EB8F851AD0CF7BE1EA3A25842360521557703B00B9E5701B824DFDD13E7C0BF249A4021760CDC72A5CD005C4640E1EA607B6243EEAB831307CCC056BDEAE7925C3F443A6D61A649CF60AE53C165DA1720DD39BABAAC4C7092617AF8CE9399D03B3AE39ABAB47DE852DC479061C9A4AB18AC7B60BA600DA7521C7921CF61F7ACC8152453C8606FC7E43908F810C5D387556BBD8D7CBE849840ADCC4010868DAC0F4DAE8949746CB1C5E0D2887F66E2DA6211BBB351F1D57B5AB928DA236AC6AB9FD351F7AFB44CC534302DCB24EA31A9D289D5544F548AD726596588DF26F1D88C8CFA69B41747F9F4FAC266384A804E3BB20D87517A0B0D26187D74E1094637EE524241D3C9FA94D005DE0D382AF6F3B45F8978F529A94B69F512E08896D99D61715E734D2AE831948A740C65691F9CDFD715E61E58189AFAE566A1F583AA3504A9AD89A6CC754091399ABFC417E71C5BD6A0A471B7ECD2EED1631E923B987F7A3230222678EA061BB0099B21F7249CCD0ABC9B5927A5A25C15935308DBE7CC6BB20C6C5929F5980B0A9FA584068898E096214403BDA08BDD7EA851C6B8404584C7092F8E0FA965BD4EDEF842EB30E2C212292F61C3A1E31153F3BB02D72F62F28414C35C0D792B137AEDC2EF8A1BA02487D3002BB64FD41ACCEF4CAF7425F46CEBBE9698B9407EEF8116C4E47729C8BAF5436C5AC9B5DB9D93B74E0BFBF59D27F63D2861E23A463D4AC3563F7AA2A7C1D13F422C5F444B484A8A2214915B556093689016060ABE68AC8B61E010B1E07480B15E2414CDC84784CC3C8E0BEE64D623BD765AD63378E0F722E4EC69E2E6175E2A3507B48ACE4E4A852500F3336BCDF95E1897BEA1559C6E6172CEE92B836D385BCDDFC1162A1497E179358A0C5D0EE10E46F757210F924647AFB2AADF5341D3"
.
Celkový čas: 2009-12-19 12:52:22
ComboFix-quarantined-files.txt 2009-12-19 11:52

Před spuštěním: Volných bajtů: 12 408 946 688
Po spuštění: Volných bajtů: 12 394 995 712

- - End Of File - - 6D8FD97CDF9766C50466D68AB2AAC356

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

KillAll::
File::
c:\windows\system32\d3d9caps.dat

FireFox::
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program KittyFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí KittyFix, oprava může trvat i déle než 10 minut. ! Nech KittyFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

Nový log z KittyFixu

ComboFix 09-12-18.03 - Tony 19.12.2009 16:55:37.16.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.521 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tony\Plocha\KittyFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tony\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1356 [VPS 091218-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\d3d9caps.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\d3d9caps.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-19 do 2009-12-19 )))))))))))))))))))))))))))))))
.

2009-12-18 16:09 . 2009-12-18 16:10 -------- d-----w- c:\program files\GameTracker
2009-12-11 15:28 . 2009-12-11 15:28 -------- d-s---w- c:\documents and settings\Tony\UserData
2009-12-11 15:21 . 2009-12-18 11:41 -------- d-----w- c:\program files\Xfire
2009-12-06 19:25 . 2009-12-06 19:25 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-06 17:28 . 2009-12-06 17:28 -------- d-----w- c:\program files\Rockstar Games
2009-12-06 17:02 . 2009-12-06 17:02 -------- d-----w- c:\program files\Zaparit
2009-12-04 20:44 . 2009-12-04 20:45 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-12-04 20:15 . 2009-12-04 20:15 -------- d-----w- c:\program files\Common Files\Skype
2009-12-04 20:14 . 2009-12-04 20:15 -------- d-----r- c:\program files\Skype
2009-11-30 19:33 . 2009-11-30 19:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-11-29 11:19 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-11-29 11:19 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-29 11:16 . 2009-11-29 11:16 -------- d-----w- c:\program files\Microsoft Works
2009-11-29 11:12 . 2009-11-29 11:12 -------- d-----w- c:\program files\Microsoft.NET
2009-11-29 11:08 . 2009-11-29 11:08 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-29 11:07 . 2009-11-29 11:14 -------- d-----w- c:\windows\SHELLNEW
2009-11-29 10:56 . 2009-11-29 10:56 -------- d-----r- C:\MSOCache
2009-11-22 00:14 . 2009-11-22 00:15 -------- d-----w- C:\VLCPortable
2009-11-20 20:32 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-20 20:32 . 2009-12-13 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-20 20:32 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 12:11 . 2009-03-15 00:10 137464 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-19 12:11 . 2009-10-27 11:39 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-18 20:32 . 2009-08-22 20:45 -------- d-----w- c:\program files\Steam-CS
2009-12-13 12:29 . 2009-06-07 10:08 -------- d-----w- c:\program files\Lavalys
2009-12-12 12:26 . 2009-03-24 22:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-04 20:40 . 2009-07-11 14:29 -------- d-----w- c:\program files\7-Zip
2009-12-04 20:04 . 2009-03-26 14:06 -------- d-----w- c:\program files\OpenOffice.org 3
2009-12-04 20:00 . 2009-07-30 19:20 -------- d-----w- c:\program files\Crayon Physics Deluxe
2009-12-04 19:57 . 2009-11-15 21:33 -------- d-----w- c:\program files\Personal Chess Trainer
2009-11-29 11:15 . 2009-04-26 21:18 -------- d-----w- c:\program files\MSBuild
2009-11-28 12:09 . 2009-11-07 09:31 -------- d-----w- c:\program files\mIRC
2009-11-27 19:55 . 2009-06-18 19:35 -------- d-----w- c:\program files\QIP
2009-11-16 22:44 . 2009-11-16 20:29 -------- d-----w- c:\program files\TrackMania Nations ESWC
2009-11-14 13:53 . 2009-09-13 12:44 -------- d-----w- c:\program files\URUSoft
2009-11-14 13:29 . 2009-04-26 16:28 -------- d-----w- c:\program files\NuGardt Software
2009-11-14 13:28 . 2009-08-19 08:45 -------- d-----w- c:\program files\Nexus Radio
2009-11-01 11:28 . 2001-10-25 14:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2009-11-01 11:28 . 2001-10-25 14:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2009-11-01 11:12 . 2009-11-01 11:12 -------- d-----w- c:\program files\Ultra MPEG Converter
2009-10-30 15:27 . 2009-10-30 15:22 -------- d-----w- c:\program files\Pinnacle
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2009-08-05 742944]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"nwiz"="nwiz.exe" [2005-04-01 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-01 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk autocheck oodbs

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tony^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-28 15:47 133104 ----atw- c:\documents and settings\Tony\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38 167936 -c--a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-10-27 15:43 1217808 ----a-w- c:\program files\Steam-CS\Steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Steam-CS\\steamapps\\quinterboomsta89\\counter-strike\\hl.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.3.2009 22:41 717296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [26.9.2009 12:45 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26.9.2009 12:45 20560]
R2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [18.12.2009 17:09 1643872]
R2 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [15.7.2007 2:37 27992]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.zaparit.cz/
IE: Download Using &BitSpirit
IE: E&xportovat do aplikace Microsoft Excel
IE: ÓĂ±ČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {06A27AFE-CF59-4724-A195-D8C76C57AFCB} = 213.180.32.2,213.180.33.225
FF - ProfilePath - c:\documents and settings\Tony\Data aplikací\Mozilla\Firefox\Profiles\d2wsj0w0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-19 17:02
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82F6D1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7593fc3
\Driver\ACPI -> ACPI.sys @ 0xf73cecb8
\Driver\atapi -> 0x82f6d1f8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a1afe
ParseProcedure -> ntoskrnl.exe @ 0x80570a6e
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf726ebc3
PacketIndicateHandler -> NDIS.sys @ 0xf727ab21
SendHandler -> NDIS.sys @ 0xf726ed33
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="FB3D09A11E6B48EC60711CE1D5A2A3143935C7D0ADCC3A0B1D34422D3C9A9D4E15CDE7D120B8B0EE499FBEB3EE7A34F436CCFE3BBAD5D8A7FDA1B4E420256991BB86ED3B6E437D62F3BCF895D5F447180EF2B130AC21DE7DD9A1640E3E573274B03C35AEB2A9F6941DB42516FD53B41813CA1D9B60375514BE290D0F7D1F520CDCDA1CB1FD5C6746238863F73F2D57004009401C17724A64DFC4318628BCA8DC49E1447E43249B2A0BCA16B1D66C105130F6DE07F604CBDC119015C46DC595E3A66594815818E8E7FCA464EC6551C202A6F082FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CC038D530D6EB3452A64671D51DB481FC637639CF2A4C7FD573285ABBC42346D5634DB0D9129206AADBD9AC0DE6ABDC13E072341B76AFE2ADED31E089549E0A5256F603FCB74CD10BF65001B49D8F4706C163798EB8F851AD0CF7BE1EA3A25842360521557703B00B9E5701B824DFDD13E7C0BF249A4021760CDC72A5CD005C4640E1EA607B6243EEAB831307CCC056BDEAE7925C3F443A6D61A649CF60AE53C165DA1720DD39BABAAC4C7092617AF8CE9399D03B3AE39ABAB47DE852DC479061C9A4AB18AC7B60BA600DA7521C7921CF61F7ACC8152453C8606FC7E43908F810C5D387556BBD8D7CBE849840ADCC4010868DAC0F4DAE8949746CB1C5E0D2887F66E2DA6211BBB351F1D57B5AB928DA236AC6AB9FD351F7AFB44CC534302DCB24EA31A9D289D5544F548AD726596588DF26F1D88C8CFA69B41747F9F4FAC266384A804E3BB20D87517A0B0D26187D74E1094637EE524241D3C9FA94D005DE0D382AF6F3B45F8978F529A94B69F512E08896D99D61715E734D2AE831948A740C65691F9CDFD715E61E58189AFAE566A1F583AA3504A9AD89A6CC754091399ABFC417E71C5BD6A0A471B7ECD2EED1631E923B987F7A3230222678EA061BB0099B21F7249CCD0ABC9B5927A5A25C15935308DBE7CC6BB20C6C5929F5980B0A9FA584068898E096214403BDA08BDD7EA851C6B8404584C7092F8E0FA965BD4EDEF842EB30E2C212292F61C3A1E31153F3BB02D72F62F28414C35C0D792B137AEDC2EF8A1BA02487D3002BB64FD41ACCEF4CAF7425F46CEBBE9698B9407EEF8116C4E47729C8BAF5436C5AC9B5DB9D93B74E0BFBF59D27F63D2861E23A463D4AC3563F7AA2A7C1D13F422C5F444B484A8A2214915B556093689016060ABE68AC8B61E010B1E07480B15E2414CDC84784CC3C8E0BEE64D623BD765AD63378E0F722E4EC69E2E6175E2A3507B48ACE4E4A852500F3336BCDF95E1897BEA1559C6E6172CEE92B836D385BCDDFC1162A1497E179358A0C5D0EE10E46F757210F924647AFB2AADF5341D3"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1756)
c:\windows\system32\msi.dll
c:\program files\powerstrip\pshook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2009-12-19 17:09:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-19 16:09
ComboFix2.txt 2009-12-19 11:52

Před spuštěním: Volných bajtů: 12 275 740 672
Po spuštění: Volných bajtů: 12 233 928 704

- - End Of File - - C3B891C22C770505EA77BCBBFA42D1AF

+nový log z HJT
__________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:25, on 19.12.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\GameTracker\GSInGameService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\devldr32.exe
C:\program files\powerstrip\pstrip.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zaparit.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2,213.180.33.225
O17 - HKLM\System\CS1\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2,213.180.33.225
O17 - HKLM\System\CS2\Services\Tcpip\..\{06A27AFE-CF59-4724-A195-D8C76C57AFCB}: NameServer = 213.180.32.2,213.180.33.225
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6119 bytes

Jak se chová PC?

Najdi a smaž:
C:\327882R2FWJFW
C:\KittyFix
C:\Qoobox
C:\Kittyfix.txt
a Kittyfix.exe
Pak si stáhni OTCleanIt.
- Připoj se k internetu a dvojklikem spusť program
- Klikni na tlačítko CleanUp
- Po dokončení povol restart PC
- Po restartu tento nástroj smaž - není určen pro běžné používání

Vyčisti systém CCleanerem a použij i T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG, avast! nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, avast! i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG,avast!, Aviru.)

PC-HELP.CZ

Prosím o kontrolu logu (kittyfix)

Prosím o kontrolu logu (kittyfix)

Re: Prosím o kontrolu (HJT)

Re: Prosím o kontrolu (HJT)

Re: Prosím o kontrolu + náhrada za Combofix

Re: Prosím o kontrolu + náhrada za Combofix

Re: Prosím o kontrolu + novyý log KittyFix

Re: Prosím o kontrolu logu (kittyfix)

Re: Prosím o kontrolu logu (kittyfix)

Re: Prosím o kontrolu logu (kittyfix)

Re: Prosím o kontrolu logu (kittyfix)