pro Motji, 4. PC

[nessay]

tu konzolu nemohlo stiahnut, kedze nie je pripojeny na net.. a cd so sp2 myslim ze mam.. ale nemam ju pri sebe

[motji]

chtěla jsem, aby jste při spuštění combofixu nainstaloval konzoli zotavení

Zkuste v nouzovém režimu ten soubor smazat c:\windows\system32\drivers\ndis.sys, napište, jestli to šlo

Přečtěte si sz

[motji]

Skript pro combofix

Kód: Vybrat vše

FCOPY::
c:\ndis.sys | c:\windows\system32\drivers\ndis.sys

[nessay]

ComboFix 10-03-25.04 - Janka S . 03. 2010 2:16.6.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2039.1781 [GMT 1:00]
Spuštěný z: c:\documents and settings\Janka S\Plocha\potvora.com.exe
Použité ovládací přepínače :: c:\documents and settings\Janka S\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\ndis.sys --> c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-26 do 2010-03-26 )))))))))))))))))))))))))))))))
.

2010-03-24 18:49 . 2010-03-24 18:49 -------- d-----w- c:\windows\system32\%USERPROFILE%
2010-03-23 21:12 . 2010-03-23 21:22 -------- d-----w- C:\potvora.com11051p
2010-03-23 20:34 . 2010-03-23 20:46 -------- d-----w- C:\potvora.com
2010-03-21 17:19 . 2010-03-25 20:01 114257 ----a-w- C:\UsbFix_Upload_Me_JANKA.zip
2010-03-21 16:48 . 2010-03-21 17:19 -------- d-----w- C:\UsbFix
2010-03-21 16:46 . 2010-03-21 16:47 -------- d-----w- C:\rsit
2010-03-21 16:46 . 2010-03-21 16:46 -------- d-----w- c:\program files\trend micro
2010-03-14 11:14 . 2010-03-14 19:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-13 16:22 . 2010-03-13 16:22 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-03-10 20:34 . 2010-03-10 20:34 -------- d-----w- c:\program files\Opera
2010-03-08 22:36 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-01 15:17 . 2010-03-01 15:17 -------- d-----w- c:\program files\ESET
2010-03-01 15:09 . 2008-06-14 18:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-01 15:08 . 2009-12-04 13:37 456832 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-01 15:07 . 2009-12-09 10:21 2065280 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-03-01 15:07 . 2009-12-09 10:21 2188160 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-01 15:07 . 2009-12-09 10:21 2144768 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-01 15:07 . 2009-12-09 10:21 2022912 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-28 20:36 . 2004-08-17 12:49 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2010-02-28 20:35 . 2004-08-17 12:49 24064 -c--a-w- c:\windows\system32\dllcache\compfilt.dll
2010-02-28 20:27 . 2004-08-03 21:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-02-28 20:20 . 2001-10-25 13:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-02-28 20:20 . 2001-10-25 13:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-02-28 20:20 . 2001-10-25 13:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-02-28 20:20 . 2001-10-25 13:00 13312 ----a-w- c:\windows\system32\irclass.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 06:15 . 2001-10-25 13:00 46394 ----a-w- c:\windows\system32\perfc005.dat
2010-03-04 06:15 . 2001-10-25 13:00 310228 ----a-w- c:\windows\system32\perfh005.dat
2010-02-28 20:32 . 2009-10-18 13:05 22916 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-31 15:06 . 2006-11-08 11:30 352640 ----a-w- c:\windows\system32\drivers\srv.sys
.

------- Sigcheck -------

[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\sfcfiles.dll
[-] 2006-11-08 . 84F5FA7480E5680B8DD5A90CE7D8CA73 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16. 11. 2009 9:03 108792]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16. 11. 2009 9:06 96408]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16. 11. 2009 9:04 735960]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [5. 8. 2008 19:10 1684736]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Janka S\Data aplikací\Mozilla\Firefox\Profiles\jjt0p7o7.default\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-26 02:18
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-03-26 02:19:36
ComboFix-quarantined-files.txt 2010-03-26 01:19
ComboFix2.txt 2010-03-26 00:47
ComboFix3.txt 2010-03-25 23:35

Před spuštěním: Volných bajtů: 12 801 388 544
Po spuštění: Volných bajtů: 12 792 172 544

- - End Of File - - 134EA04FC39C95C6C0D4D3BEF382B30F

[motji]

Potvora jedna, vypadá to, že už jsme se jí zbavili .
Ještě prosím otestujte na http://www.virustotal.com
c:\windows\system32\sfcfiles.dll
c:\windows\system32\drivers\ndis.sys
c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\sfcfiles.dll


A pak bych poprosila o nový log z Gmeru, ale to můžete udělat až ráno nebo během dne
Jak to vypadá s počítačem?

[nessay]

vsetky mali 0%

tu je gmer.. mal som robit iba ten zakladny sken, alebo mam spravit aj ten hlbsi..

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-26 02:28:48
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\JANKAS~1\LOCALS~1\Temp\uxtdypoc.sys


---- System - GMER 1.0.15 ----

Code \??\C:\DOCUME~1\JANKAS~1\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- EOF - GMER 1.0.15 ----

[motji]

I druhý

[nessay]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-26 09:28:08
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\JANKAS~1\LOCALS~1\Temp\uxtdypoc.sys


---- System - GMER 1.0.15 ----

SSDT 88D8AA70 ZwAssignProcessToJobObject
SSDT 88D8B5F0 ZwDebugActiveProcess
SSDT 88D8B020 ZwDuplicateObject
SSDT 88D8A1B0 ZwOpenProcess
SSDT 88D8A4B0 ZwOpenThread
SSDT 88D8AEB0 ZwProtectVirtualMemory
SSDT 88D8AD50 ZwSetContextThread
SSDT 88D8ABD0 ZwSetInformationThread
SSDT 88D87A90 ZwSetSecurityObject
SSDT 88D8A910 ZwSuspendProcess
SSDT 88D8A7B0 ZwSuspendThread
SSDT 88D8A340 ZwTerminateProcess
SSDT 88D8A640 ZwTerminateThread
SSDT 88D8B440 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[160] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1448] kernel32.dll!SetUnhandledExceptionFilter 7C844915 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- EOF - GMER 1.0.15 ----

[motji]

Fajn, jak to vypadá s počítačem?

[nessay]

vsetko je zda sa fajn, tak ako ma.. bezi takmer nonstop a nenasiel som ziadnu chybicku krasy. myslim ze sme nad tymi potvorami konecne vyhrali. mozme to ist zapit

[motji]

Myslím že Vám zbývá ještě jeden počítač v rodině, nebo se pletu?
Nakterém počítači Vám nešel internet, ten jste už rozchodil?

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

[nessay]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Janka S at 2010-03-26 20:24:20
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 12 GB (31%) free of 40 GB
Total RAM: 2039 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:24:36, on 26. 3. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Janka S\Plocha\RSIT.exe
C:\Program Files\trend micro\Janka S.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

--
End of file - 2761 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-01-21 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-03-26 20:24:21 ----D---- C:\Program Files\trend micro
2010-03-26 20:24:20 ----D---- C:\rsit
2010-03-26 20:15:06 ----D---- C:\Program Files\CCleaner
2010-03-26 20:13:15 ----SHD---- C:\RECYCLER
2010-03-26 02:19:37 ----D---- C:\WINDOWS\temp
2010-03-24 19:49:38 ----D---- C:\WINDOWS\system32\%USERPROFILE%
2010-03-23 23:05:08 ----D---- C:\Documents and Settings\Janka S\Data aplikací\WinRAR
2010-03-23 23:03:49 ----D---- C:\Program Files\WinRAR
2010-03-23 22:12:28 ----D---- C:\potvora.com11051p
2010-03-23 21:34:11 ----D---- C:\potvora.com
2010-03-21 18:19:49 ----RAD---- C:\autorun.inf
2010-03-14 20:58:33 ----D---- C:\Program Files\Adobe
2010-03-14 12:14:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-03-14 12:14:45 ----D---- C:\Program Files\Common Files\Adobe
2010-03-11 10:37:33 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-10 21:34:58 ----D---- C:\Documents and Settings\Janka S\Data aplikací\Opera
2010-03-10 21:34:29 ----D---- C:\Program Files\Opera
2010-03-10 18:16:04 ----D---- C:\Documents and Settings\Janka S\Data aplikací\Mozilla
2010-03-10 18:15:58 ----D---- C:\Program Files\Mozilla Firefox
2010-03-09 18:27:01 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$
2010-03-08 23:36:35 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-04 07:13:08 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-03-04 07:12:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-03-03 04:37:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-03-03 04:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-03-03 04:37:19 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-03-03 04:37:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-03-03 04:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-03-03 04:36:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-03-03 04:36:43 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-03-03 04:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-03-03 04:36:25 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-03-03 04:36:15 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-03-03 04:35:58 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-03-02 10:04:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-03-02 10:04:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-03-02 10:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-03-02 10:03:45 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-03-02 10:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-03-02 10:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-03-02 10:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-03-02 10:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2010-03-02 10:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-03-02 10:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-03-02 10:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-03-02 10:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-03-02 10:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-03-02 10:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-03-02 10:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-03-02 10:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-03-02 10:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-03-02 10:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-03-02 10:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-03-02 10:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-03-02 09:59:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-03-02 09:59:52 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-03-02 09:59:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-03-02 09:59:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-03-02 09:58:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-03-02 09:58:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-03-02 09:58:23 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-03-02 09:58:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-03-02 09:57:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-03-02 09:57:43 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-03-02 09:57:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-03-02 09:57:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-03-02 09:56:51 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-03-02 09:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-03-02 09:56:18 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-03-02 09:56:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-03-02 09:55:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-03-02 09:55:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-03-02 09:55:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2010-03-02 09:54:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-03-02 09:54:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-03-02 09:54:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-03-02 09:54:13 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-03-02 09:53:54 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-03-02 09:53:26 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-03-01 16:17:05 ----D---- C:\Program Files\ESET
2010-02-28 21:39:54 ----D---- C:\WINDOWS\Prefetch
2010-02-28 21:33:35 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-02-28 21:20:56 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-02-28 21:20:56 ----A---- C:\WINDOWS\system32\irclass.dll
2010-02-28 21:20:26 ----RA---- C:\WINDOWS\SETC7.tmp
2010-02-28 21:20:21 ----RA---- C:\WINDOWS\SETBB.tmp
2010-02-28 21:20:19 ----RA---- C:\WINDOWS\SETB8.tmp

======List of files/folders modified in the last 1 months======

2010-03-26 20:24:21 ----RD---- C:\Program Files
2010-03-26 20:22:01 ----D---- C:\WINDOWS
2010-03-26 20:21:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-26 20:18:56 ----D---- C:\WINDOWS\Debug
2010-03-26 20:12:07 ----SHD---- C:\System Volume Information
2010-03-26 20:12:07 ----D---- C:\WINDOWS\system32\Restore
2010-03-26 14:27:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-26 14:27:26 ----D---- C:\WINDOWS\system32\CatRoot_bak
2010-03-26 14:27:26 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-26 14:27:24 ----HD---- C:\WINDOWS\inf
2010-03-26 09:44:34 ----SHD---- C:\WINDOWS\CSC
2010-03-26 02:19:38 ----D---- C:\WINDOWS\system32\drivers
2010-03-26 02:18:39 ----A---- C:\WINDOWS\system.ini
2010-03-26 02:18:02 ----D---- C:\WINDOWS\system32
2010-03-26 02:18:01 ----D---- C:\WINDOWS\AppPatch
2010-03-26 02:17:57 ----D---- C:\Program Files\Common Files
2010-03-26 00:36:37 ----SHD---- C:\WINDOWS\Installer
2010-03-26 00:29:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-25 23:55:41 ----D---- C:\WINDOWS\system32\config
2010-03-23 14:11:54 ----D---- C:\Documents and Settings\Janka S\Data aplikací\vlc
2010-03-21 14:32:54 ----SD---- C:\Documents and Settings\Janka S\Data aplikací\Microsoft
2010-03-14 12:15:35 ----D---- C:\Documents and Settings\Janka S\Data aplikací\Adobe
2010-03-14 12:15:02 ----D---- C:\WINDOWS\WinSxS
2010-03-11 10:37:37 ----D---- C:\Program Files\Movie Maker
2010-03-11 10:36:58 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-10 20:02:18 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-04 07:15:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-03 04:36:37 ----D---- C:\Program Files\Outlook Express
2010-03-02 10:05:51 ----D---- C:\WINDOWS\system32\wbem
2010-03-02 10:05:50 ----D---- C:\WINDOWS\system32\Setup
2010-03-02 10:02:53 ----D---- C:\Program Files\Internet Explorer
2010-03-01 08:56:50 ----D---- C:\WINDOWS\SoftwareDistribution
2010-03-01 08:56:47 ----D---- C:\WINDOWS\Help
2010-02-28 22:17:46 ----D---- C:\WINDOWS\system
2010-02-28 22:17:39 ----D---- C:\WINDOWS\system32\usmt
2010-02-28 22:17:30 ----D---- C:\WINDOWS\Media
2010-02-28 22:17:23 ----RSD---- C:\WINDOWS\Fonts
2010-02-28 22:17:15 ----D---- C:\WINDOWS\PeerNet
2010-02-28 22:17:14 ----D---- C:\WINDOWS\ime
2010-02-28 22:16:51 ----D---- C:\WINDOWS\system32\npp
2010-02-28 22:16:42 ----D---- C:\WINDOWS\msagent
2010-02-28 22:16:11 ----D---- C:\WINDOWS\ehome
2010-02-28 22:15:35 ----D---- C:\WINDOWS\twain_32
2010-02-28 22:15:19 ----D---- C:\WINDOWS\system32\icsxml
2010-02-28 22:14:51 ----D---- C:\WINDOWS\system32\ias
2010-02-28 22:14:44 ----D---- C:\WINDOWS\system32\1033
2010-02-28 22:14:44 ----D---- C:\WINDOWS\system32\1029
2010-02-28 22:13:52 ----D---- C:\WINDOWS\Driver Cache
2010-02-28 21:44:47 ----D---- C:\WINDOWS\security
2010-02-28 21:42:14 ----D---- C:\WINDOWS\Registration
2010-02-28 21:34:34 ----A---- C:\WINDOWS\ODBCINST.INI
2010-02-28 21:33:39 ----RD---- C:\WINDOWS\Web
2010-02-28 21:33:28 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-02-28 21:33:13 ----A---- C:\WINDOWS\win.ini
2010-02-28 21:33:08 ----D---- C:\WINDOWS\system32\oobe
2010-02-28 21:32:07 ----D---- C:\WINDOWS\system32\Com
2010-02-28 21:30:10 ----SH---- C:\boot.ini
2010-02-28 21:20:45 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-11-16 96408]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-10-18 1528928]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2006-11-08 14080]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-01-21 6278560]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-10-22 5922816]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2002-02-08 6004]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-09-08 51328]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2009-10-22 983936]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-10-22 1684736]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-10-22 1389056]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-11-08 12160]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-11-16 20680]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------

[motji]

:arrow:Stáhněte OTM http://oldtimer.geekstogo.com/OTM.exe
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru zkopírujete skript

Kód: Vybrat vše

:processes
explorer.exe
 
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\potvora.com11051p
C:\potvora.com

:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]

-klikněte na červené tlačítko Moveit!
-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem


Nemáte sp3 http://www.viry.cz/forum/viewtopic.php?f=46&t=86100

[nessay]

All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\SETB8.tmp moved successfully.
C:\WINDOWS\SETBB.tmp moved successfully.
C:\WINDOWS\SETC7.tmp moved successfully.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\potvora.com11051p folder moved successfully.
C:\potvora.com folder moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Janka S
->Temp folder emptied: 1339 bytes
->Temporary Internet Files folder emptied: 448714 bytes
->FireFox cache emptied: 56004757 bytes
->Flash cache emptied: 738 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 23496493 bytes
->Flash cache emptied: 434 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 27077230 bytes
RecycleBin emptied: 72481232 bytes

Total Files Cleaned = 171,00 mb


OTM by OldTimer - Version 3.1.10.1 log created on 03272010_105820

Files moved on Reboot...

Registry entries deleted on Reboot...

[nessay]

pocitac sa sprava myslim tak ako ma. akurat som sa pustil do instalacie sp3 aviry a zone alarmu..

doma mam este jeden pocitac, tak ako ste vraveli, to je zrovna ten kde mi nesiel internet. k tomu sa vsak dostanem az v stredu vecer, tak potom o nom napisem viac cez velku noc..