Security shield - rostaVR6

[rostaVR6]

Hehehe, nebezpečí to je moje druhé jméno. Jdu do toho

[vyosek]

[rostaVR6]

Hotovo, i jsem se stihl oholit.

ComboFix 12-04-20.03 - rostik 21.04.2012 12:34:07.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.895.676 [GMT 2:00]
Spuštěný z: c:\documents and settings\rostik\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\tcpip.copy
c:\windows\system32\Temp
c:\windows\system32\Temp\aawfhriejlcmbvbhxjui.list
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-21 do 2012-04-21 )))))))))))))))))))))))))))))))
.
.
2012-04-21 09:47 . 2012-04-21 09:48 -------- d-----w- c:\program files\trend micro
2012-04-21 09:47 . 2012-04-21 09:48 -------- d-----w- C:\rsit
2012-04-21 09:04 . 2012-04-21 09:17 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-04-21 08:36 . 2012-04-21 08:47 -------- d-----w- c:\documents and settings\Administrator
2012-04-08 19:28 . 2012-04-08 19:28 -------- d-----w- c:\documents and settings\rostik\Data aplikací\AVG Secure Search
2012-04-08 19:28 . 2012-04-08 19:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG Secure Search
2012-04-08 19:28 . 2012-04-08 19:28 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-04-08 19:28 . 2012-04-21 08:54 -------- d-----w- c:\program files\AVG Secure Search
2012-04-08 19:27 . 2012-04-08 19:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Common Files
2012-04-07 06:41 . 2012-04-14 14:24 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 10:03 . 2012-04-01 10:03 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 14:24 . 2011-05-16 04:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 12:48 . 2012-02-03 12:48 52736 ----a-w- c:\windows\ipuninst.exe
2012-01-24 22:06 . 2012-01-24 22:04 184320 ----a-w- c:\windows\mpqctl.ocx
2012-03-20 06:19 . 2011-10-05 12:46 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-12-09 . C81D6A930A7805F6DAA0C7902B99037E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2004-08-17 . DC0447EDA50475E6EB9AA14C308EFD9B . 100864 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2004-08-17 . DC0447EDA50475E6EB9AA14C308EFD9B . 100864 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe
.
[-] 2004-08-17 . 292A052A6AE36CC512419DDCE6A9DD2F . 3444224 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-08-17 . 292A052A6AE36CC512419DDCE6A9DD2F . 3444224 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll
.
[-] 2004-08-17 . 321E734A0B91C43725463C509056B2AA . 691712 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-08-17 . 321E734A0B91C43725463C509056B2AA . 691712 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll
.
[-] 2004-08-17 . 4D32D7FFC2F583FE21EF0A4F99EABB12 . 974848 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-17 . 4D32D7FFC2F583FE21EF0A4F99EABB12 . 974848 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2004-08-17 . CA44503D05AF695538944E06A5CC5D77 . 225792 . . [5.1.2600.2180] . . c:\windows\regedit.exe
[-] 2004-08-17 . CA44503D05AF695538944E06A5CC5D77 . 225792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2004-08-17 . 92BCE607A8AEA8E7AEE2C15BC157D109 . 832512 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-08 19:28 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-04-08 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="g:\peerblock\peerblock.exe" [2010-11-06 1867888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"nwiz"="nwiz.exe" [2006-10-31 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"C-Media Mixer"="Mixer.exe" [2002-03-04 1454080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"VirtualCloneDrive"="d:\šystém\virtualclone\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-08 982880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\rostik\Nabídka Start\Programy\Po spuštění\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-2-3 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"d:\\ŠYSTÉM\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.4.2008 21:44 716272]
S1 f22439f7;f22439f7;c:\windows\system32\drivers\f22439f7.sys [9.6.2009 19:21 0]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [8.4.2012 21:28 918880]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7.4.2012 8:41 253088]
S3 cpuz131;cpuz131;\??\c:\docume~1\rostik\LOCALS~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\rostik\LOCALS~1\Temp\cpuz131\cpuz_x32.sys [?]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [4.1.2012 16:28 16128]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 91219515
*Deregistered* - 91219515
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 12:36]
.
2012-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 14:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://isearch.avg.com/?cid={55D59794-F570-4279-A406-E6A4319A8B13}&mid=3fccb95cb7b347d0a239d1544951b53c-87bf21a33efadf5df38454b2e94a2eb9109245f0&lang=cs&ds=gm011&pr=sa&d=2012-04-08 21:28&v=10.2.0.3&sap=hp
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.110 213.46.172.36
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\rostik\Data aplikací\Mozilla\Firefox\Profiles\l2vd61ks.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B628ecd54-a28e-43d9-b851-07207a62fead%7D&mid=3fccb95cb7b347d0a239d1544951b53c-87bf21a33efadf5df38454b2e94a2eb9109245f0&ds=gm011&v=10.2.0.3&lang=cs&pr=sa&d=2012-04-08%2021%3A28%3A22&sap=ku&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-21 12:36
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ba,5c,a4,29,d0,41,4f,99,32,66,59,cd,fb,70,e5,65,46,ee,69,43,7f,7e,fe,
5b,63,21,e0,7f,90,9a,df,34,4f,cc,e8,23,56,e1,f6,e7,64,59,65,1c,88,8e,82,32,\
"??"=hex:7d,a3,bc,43,e8,3d,9d,d2,e7,7d,6b,03,c5,d0,ec,54
.
Celkový čas: 2012-04-21 12:38:14
ComboFix-quarantined-files.txt 2012-04-21 10:38
.
Před spuštěním: 702 808 064
Po spuštění: 678 793 216
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 942BAD9A58B57C148EE17CCD527C753A

[vyosek]

Odinstalujte GridinSoft Trojan Killer - o jeho pochybach se da uspesne pochybovat - navic ted je uz k nicemu kdyz to lecime jinak

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Adobe Reader Speed Launcher"=-
  "QuickTime Task"=-
  "VirtualCloneDrive"=-
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS]
  "ImagePath"=hex(2):25,73,79,73,74,65,6D,72,6F,6F,74,25,5C,73,\
    79,73,74,65,6D,33,32,5C,73,76,63,68,6F,73,74,2E,65,78,65,20,2D,6B,20,\
    6E,65,74,73,76,63,73,00
  "Type"=dword:00000020
  "Start"=dword:00000002
  "ErrorControl"=dword:00000001
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv]
  "ImagePath"=hex(2):25,73,79,73,74,65,6D,72,6F,6F,74,25,5C,73,\
    79,73,74,65,6D,33,32,5C,73,76,63,68,6F,73,74,2E,65,78,65,20,2D,6B,20,\
    6E,65,74,73,76,63,73,00
  "Type"=dword:00000020
  "Start"=dword:00000002
  "ErrorControl"=dword:00000001
  
  Collect::
  c:\windows\system32\drivers\f22439f7.sys
  
  Driver::
  f22439f7
  cpuz131
  TrojanKillerDriver
  
  File::
  c:\windows\Tasks\Adobe Flash Player Updater.job
  
  Folder::
  c:\program files\GridinSoft Trojan Killer
  
  DDS::
  uStart Page = hxxp://isearch.avg.com/?cid={55D59794-F570-4279-A406-E6A4319A8B13}&mid=3fccb95cb7b347d0a239d1544951b53c-87bf21a33efadf5df38454b2e94a2eb9109245f0&lang=cs&ds=gm011&pr=sa&d=2012-04-08 21:28&v=10.2.0.3&sap=hp
  uDefault_Search_URL = hxxp://search.qip.ru
  uInternet Settings,ProxyOverride = *.local
  uSearchAssistant = hxxp://search.qip.ru/ie
  uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
  
  Firefox::
  FF - ProfilePath - c:\documents and settings\rostik\Data aplikací\Mozilla\Firefox\Profiles\l2vd61ks.default\
  FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B62 ... &sap=ku&q=
  
  RegNull::
  [HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[rostaVR6]

Windows naběhl v pohodě, zde log po restartu:

ComboFix 12-04-20.03 - rostik 21.04.2012 18:25:19.2.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.895.528 [GMT 2:00]
Spuštěný z: c:\documents and settings\rostik\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\rostik\Plocha\CFScript.txt
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
file zipped: c:\windows\system32\drivers\f22439f7.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\GridinSoft Trojan Killer
c:\program files\GridinSoft Trojan Killer\logs\scan-2012-04-21 [11-13-06].log
c:\program files\GridinSoft Trojan Killer\logs\scan-2012-04-21 [11-13-21].log
c:\program files\GridinSoft Trojan Killer\storage\410204674826389.info
c:\program files\GridinSoft Trojan Killer\storage\410204674826389.zip
c:\windows\system32\drivers\f22439f7.sys
c:\windows\Tasks\Adobe Flash Player Updater.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_cpuz131
-------\Service_f22439f7
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-21 do 2012-04-21 )))))))))))))))))))))))))))))))
.
.
2012-04-21 16:22 . 2012-04-21 16:22 -------- d-----w- c:\windows\LastGood.Tmp
2012-04-21 09:47 . 2012-04-21 09:48 -------- d-----w- c:\program files\trend micro
2012-04-21 09:47 . 2012-04-21 09:48 -------- d-----w- C:\rsit
2012-04-21 08:36 . 2012-04-21 08:47 -------- d-----w- c:\documents and settings\Administrator
2012-04-08 19:28 . 2012-04-08 19:28 -------- d-----w- c:\documents and settings\rostik\Data aplikací\AVG Secure Search
2012-04-08 19:28 . 2012-04-08 19:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG Secure Search
2012-04-08 19:28 . 2012-04-08 19:28 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-04-08 19:28 . 2012-04-21 08:54 -------- d-----w- c:\program files\AVG Secure Search
2012-04-08 19:27 . 2012-04-08 19:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Common Files
2012-04-07 06:41 . 2012-04-14 14:24 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 10:03 . 2012-04-01 10:03 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 14:24 . 2011-05-16 04:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 12:48 . 2012-02-03 12:48 52736 ----a-w- c:\windows\ipuninst.exe
2012-01-24 22:06 . 2012-01-24 22:04 184320 ----a-w- c:\windows\mpqctl.ocx
2012-03-20 06:19 . 2011-10-05 12:46 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-12-09 . C81D6A930A7805F6DAA0C7902B99037E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2004-08-17 . DC0447EDA50475E6EB9AA14C308EFD9B . 100864 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2004-08-17 . DC0447EDA50475E6EB9AA14C308EFD9B . 100864 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe
.
[-] 2004-08-17 . 292A052A6AE36CC512419DDCE6A9DD2F . 3444224 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-08-17 . 292A052A6AE36CC512419DDCE6A9DD2F . 3444224 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll
.
[-] 2004-08-17 . 321E734A0B91C43725463C509056B2AA . 691712 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-08-17 . 321E734A0B91C43725463C509056B2AA . 691712 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll
.
[-] 2004-08-17 . 4D32D7FFC2F583FE21EF0A4F99EABB12 . 974848 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-17 . 4D32D7FFC2F583FE21EF0A4F99EABB12 . 974848 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2004-08-17 . CA44503D05AF695538944E06A5CC5D77 . 225792 . . [5.1.2600.2180] . . c:\windows\regedit.exe
[-] 2004-08-17 . CA44503D05AF695538944E06A5CC5D77 . 225792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2004-08-17 . 92BCE607A8AEA8E7AEE2C15BC157D109 . 832512 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-04-21_10.36.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-21 16:29 . 2012-04-21 16:29 16384 c:\windows\temp\Perflib_Perfdata_5f0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-08 19:28 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-04-08 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="g:\peerblock\peerblock.exe" [2010-11-06 1867888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"nwiz"="nwiz.exe" [2006-10-31 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"C-Media Mixer"="Mixer.exe" [2002-03-04 1454080]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-08 982880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\rostik\Nabídka Start\Programy\Po spuštění\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-2-3 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"d:\\ŠYSTÉM\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.4.2008 21:44 716272]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [8.4.2012 21:28 918880]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7.4.2012 8:41 253088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 12:36]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.110 213.46.172.36
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\rostik\Data aplikací\Mozilla\Firefox\Profiles\l2vd61ks.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-21 18:30
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(4076)
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\RUNDLL32.EXE
c:\windows\Mixer.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-04-21 18:31:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-21 16:31
ComboFix2.txt 2012-04-21 10:38
.
Před spuštěním: 713 154 560
Po spuštění: 693 153 792
.
- - End Of File - - 9CC86A14B6B4EA32DB6C8C4A89941FF9
Nahr nˇ probŘhlo ŁspŘçnŘ

[vyosek]

Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/

• c:\windows\system32\wuauclt.exe
  c:\windows\explorer.exe
  c:\windows\regedit.exe
• Kliknete na Choose file
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Kliknete na Scan It
• Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
  
• Vysledek analyzy sem vlozte (jako odkaz)

[rostaVR6]

btw. Vypadá to, že už PC pracuje normálně. Prosím o kontrolu logu a čekám na zelenou

[vyosek]

Ja log prosel a prosim o test tech souboru co jsem uvedl

[rostaVR6]

https://www.virustotal.com/file/e8ce193 ... 335026912/

https://www.virustotal.com/file/10ba0fb ... 335027045/

https://www.virustotal.com/file/5cb1ce1 ... 335027210/

[vyosek]

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[rostaVR6]

Tleskám Maestro, excelentní práce! Mnohokráte děkuji, máte to u mne



a já se jdu porozhlídnout po foru...

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy