Prosim o radu a omrknuti logu... diky

[stell]

ok-MBR-je ok
sprav novy .bat a spust log vloz sem

Kód: Vybrat vše

@echo off
net user LogMeInRemoteUser /active:no
net localgroup Administrators LogMeInRemoteUser /delete
net user LogMeInRemoteUser>"%userprofile%\plocha\log.txt"
start notepad "%userprofile%\plocha\log.txt"
cls

[ray204]

U§ivatelsk‚ jm‚no LogMeInRemoteUser
Jm‚no a pýˇjmenˇ
Koment ý Account for remote control
Koment ý u§ivatele
SmŘrov‚ źˇslo zemŘ 000 (Věchozˇ syst‚mov‚ nastavenˇ)
éźet je aktivnˇ Ne
éźet vyprçel Nikdy

Heslo bylo naposledy nastaveno 7/7/2008 11:24 AM
Heslo vyprçˇ Nikdy
Heslo lze mŘnit 7/7/2008 11:24 AM
Heslo je vy§adov no Ano
U§ivatel smˇ mŘnit heslo Ano

Pracovnˇ stanice byla povolena Vçe
Pýihlaçovacˇ skript
Profil u§ivatele
Domovskě adres ý
Naposledy pýihl çen 4/2/2008 3:15 PM

Povolen‚ pýihlaçovacˇ hodiny Vçe

¬lenstvˇ v mˇstnˇch skupin ch
¬lenstvˇ v glob lnˇch skupin ch *None
Pýˇkaz byl ŁspŘçnŘ dokonźen.

[stell]

ok
toto si vytvoril ty??
O4 - HKLM\..\Run: [system_tray] shutdown -r -f -t 0

[ray204]

Urcite ne

[stell]

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
File::
c:\windows\system32\ezsidmv.dat
c:\windows\S3646007D.tmp
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"system_tray"=-
"Trans"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
Driver::
ICQ Service
Folder::
c:\program files\Spybot - Search & Destroy
C:\SDFix

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

a uz pust windows do normalneho rezimu,

[ray204]

ComboFix 10-08-03.04 - Administrator . 08. 2010 22:15:26.2.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.815 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator.LENOVO3000N200\Plocha\ComboFix2.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator.LENOVO3000N200\Plocha\CFScript.txt.txt
AV: avast! antivirus 4.8.1368 [VPS 100803-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *enabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}

FILE ::
"c:\windows\S3646007D.tmp"
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy\advcheck.dll
c:\program files\Spybot - Search & Destroy\aports.dll
c:\program files\Spybot - Search & Destroy\blindman.exe
c:\program files\Spybot - Search & Destroy\DACOROHJU.scr
c:\program files\Spybot - Search & Destroy\Default configuration.ini
c:\program files\Spybot - Search & Destroy\DelZip179.dll
c:\program files\Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll
c:\program files\Spybot - Search & Destroy\Dummies\dummy.dap.gif
c:\program files\Spybot - Search & Destroy\Dummies\dummy.data.xml
c:\program files\Spybot - Search & Destroy\Dummies\dummy.default.gif
c:\program files\Spybot - Search & Destroy\Dummies\dummy.related.htm
c:\program files\Spybot - Search & Destroy\EEMLBAONNGNFAMQSO.scr
c:\program files\Spybot - Search & Destroy\FHCULH.scr
c:\program files\Spybot - Search & Destroy\FTWEHTRI.scr
c:\program files\Spybot - Search & Destroy\Help\Brasil.license.txt
c:\program files\Spybot - Search & Destroy\Help\Cesky.license.txt
c:\program files\Spybot - Search & Destroy\Help\Cesky.Resident.chm
c:\program files\Spybot - Search & Destroy\Help\Deutsch.license.txt
c:\program files\Spybot - Search & Destroy\Help\English.chm
c:\program files\Spybot - Search & Destroy\Help\English.license.txt
c:\program files\Spybot - Search & Destroy\Help\Espanol.license.txt
c:\program files\Spybot - Search & Destroy\Help\Francais.license.txt
c:\program files\Spybot - Search & Destroy\Help\Hellenic.license.txt
c:\program files\Spybot - Search & Destroy\Help\Italiano.license.txt
c:\program files\Spybot - Search & Destroy\Help\Japanese.license.ansi.txt
c:\program files\Spybot - Search & Destroy\Help\Japanese.license.txt
c:\program files\Spybot - Search & Destroy\Help\Korean.license.txt
c:\program files\Spybot - Search & Destroy\Help\Nederlands.license.txt
c:\program files\Spybot - Search & Destroy\Help\Polski.license.txt
c:\program files\Spybot - Search & Destroy\Help\Russkiy.license.txt
c:\program files\Spybot - Search & Destroy\Help\Slovensky.license.txt
c:\program files\Spybot - Search & Destroy\Help\Srpski.license.txt
c:\program files\Spybot - Search & Destroy\Help\Suomi.license.txt
c:\program files\Spybot - Search & Destroy\Includes\AdvWhite.sbs
c:\program files\Spybot - Search & Destroy\Includes\Adware.sbi
c:\program files\Spybot - Search & Destroy\Includes\AdwareC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Browserpages.sbs
c:\program files\Spybot - Search & Destroy\Includes\CLSIDs.sbs
c:\program files\Spybot - Search & Destroy\Includes\Cookies.sbi
c:\program files\Spybot - Search & Destroy\Includes\Cookies.sbs
c:\program files\Spybot - Search & Destroy\Includes\Dialer.sbi
c:\program files\Spybot - Search & Destroy\Includes\Dialer.sbs
c:\program files\Spybot - Search & Destroy\Includes\DialerC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Domains.sbs
c:\program files\Spybot - Search & Destroy\Includes\HeavyDuty.sbi
c:\program files\Spybot - Search & Destroy\Includes\Hijackers.sbi
c:\program files\Spybot - Search & Destroy\Includes\HijackersC.sbi
c:\program files\Spybot - Search & Destroy\Includes\HintOfTheDay.sbs
c:\program files\Spybot - Search & Destroy\Includes\Keyloggers.sbi
c:\program files\Spybot - Search & Destroy\Includes\KeyloggersC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Logs.uts
c:\program files\Spybot - Search & Destroy\Includes\LSP.sbi
c:\program files\Spybot - Search & Destroy\Includes\LSP.sbs
c:\program files\Spybot - Search & Destroy\Includes\Malware.sbi
c:\program files\Spybot - Search & Destroy\Includes\MalwareC.sbi
c:\program files\Spybot - Search & Destroy\Includes\OperaPlugins.sbs
c:\program files\Spybot - Search & Destroy\Includes\ProcWatch.sbs
c:\program files\Spybot - Search & Destroy\Includes\PUPS.sbi
c:\program files\Spybot - Search & Destroy\Includes\PUPSC.sbi
c:\program files\Spybot - Search & Destroy\Includes\RegDFLinks.sbs
c:\program files\Spybot - Search & Destroy\Includes\RegWatch.sbs
c:\program files\Spybot - Search & Destroy\Includes\RegXLinks.sbs
c:\program files\Spybot - Search & Destroy\Includes\Revision.sbi
c:\program files\Spybot - Search & Destroy\Includes\Revision.sbs
c:\program files\Spybot - Search & Destroy\Includes\Searchpages.sbs
c:\program files\Spybot - Search & Destroy\Includes\Security.sbi
c:\program files\Spybot - Search & Destroy\Includes\SecurityC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Services.sbs
c:\program files\Spybot - Search & Destroy\Includes\Spybots.sbi
c:\program files\Spybot - Search & Destroy\Includes\SpybotsC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Spyware.sbi
c:\program files\Spybot - Search & Destroy\Includes\SpywareC.sbi
c:\program files\Spybot - Search & Destroy\Includes\Startup.tnfo
c:\program files\Spybot - Search & Destroy\Includes\Targets.nfo
c:\program files\Spybot - Search & Destroy\Includes\Tracks.uti
c:\program files\Spybot - Search & Destroy\Includes\Trojans.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC-02.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC-03.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC-04.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC-05.sbi
c:\program files\Spybot - Search & Destroy\Includes\TrojansC.sbi
c:\program files\Spybot - Search & Destroy\Includes\TTLASSH.sbs
c:\program files\Spybot - Search & Destroy\Includes\URL-Blacklist.sbs
c:\program files\Spybot - Search & Destroy\Includes\X509White.sbs
c:\program files\Spybot - Search & Destroy\is-D3I27.tmp
c:\program files\Spybot - Search & Destroy\ISXHJI.scr
c:\program files\Spybot - Search & Destroy\JSXFGHSQDZ.scr
c:\program files\Spybot - Search & Destroy\KMKURWRNNROPN.scr
c:\program files\Spybot - Search & Destroy\Languages\Afrikaans.sbl
c:\program files\Spybot - Search & Destroy\Languages\Arabic.sbl
c:\program files\Spybot - Search & Destroy\Languages\Azeri.sbl
c:\program files\Spybot - Search & Destroy\Languages\Bahasa Indonesia.sbl
c:\program files\Spybot - Search & Destroy\Languages\Belarusskiy.sbl
c:\program files\Spybot - Search & Destroy\Languages\Bosanski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Brasil.sbl
c:\program files\Spybot - Search & Destroy\Languages\Bulgarski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Catalan.sbl
c:\program files\Spybot - Search & Destroy\Languages\Cesky.sbl
c:\program files\Spybot - Search & Destroy\Languages\Dansk.sbl
c:\program files\Spybot - Search & Destroy\Languages\Deutsch.sbl
c:\program files\Spybot - Search & Destroy\Languages\Eesti.sbl
c:\program files\Spybot - Search & Destroy\Languages\English.sbl
c:\program files\Spybot - Search & Destroy\Languages\Espanol.sbl
c:\program files\Spybot - Search & Destroy\Languages\Esperanto.sbl
c:\program files\Spybot - Search & Destroy\Languages\Euskera.sbl
c:\program files\Spybot - Search & Destroy\Languages\Farsi.sbl
c:\program files\Spybot - Search & Destroy\Languages\Francais.sbl
c:\program files\Spybot - Search & Destroy\Languages\Furlan.sbl
c:\program files\Spybot - Search & Destroy\Languages\Galego.sbl
c:\program files\Spybot - Search & Destroy\Languages\Hebrew.sbl
c:\program files\Spybot - Search & Destroy\Languages\Hellenic.sbl
c:\program files\Spybot - Search & Destroy\Languages\Hindi.sbl
c:\program files\Spybot - Search & Destroy\Languages\Hrvatski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Chinese (simplified).sbl
c:\program files\Spybot - Search & Destroy\Languages\Chinese (traditional).sbl
c:\program files\Spybot - Search & Destroy\Languages\Islenska.sbl
c:\program files\Spybot - Search & Destroy\Languages\Italiano.sbl
c:\program files\Spybot - Search & Destroy\Languages\Japanese.sbl
c:\program files\Spybot - Search & Destroy\Languages\Korean.sbl
c:\program files\Spybot - Search & Destroy\Languages\Latvian.sbl
c:\program files\Spybot - Search & Destroy\Languages\Letzebuergesch.sbl
c:\program files\Spybot - Search & Destroy\Languages\Lietuviu.sbl
c:\program files\Spybot - Search & Destroy\Languages\Magyar.sbl
c:\program files\Spybot - Search & Destroy\Languages\Makedonski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Melayu.sbl
c:\program files\Spybot - Search & Destroy\Languages\Nederlands.sbl
c:\program files\Spybot - Search & Destroy\Languages\Norsk.sbl
c:\program files\Spybot - Search & Destroy\Languages\Polski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Portugues.sbl
c:\program files\Spybot - Search & Destroy\Languages\Romaneste.sbl
c:\program files\Spybot - Search & Destroy\Languages\Russkiy.sbl
c:\program files\Spybot - Search & Destroy\Languages\Shqip.sbl
c:\program files\Spybot - Search & Destroy\Languages\Slovenscina.sbl
c:\program files\Spybot - Search & Destroy\Languages\Slovensky.sbl
c:\program files\Spybot - Search & Destroy\Languages\Srpski.sbl
c:\program files\Spybot - Search & Destroy\Languages\Suomi.sbl
c:\program files\Spybot - Search & Destroy\Languages\Svenska.sbl
c:\program files\Spybot - Search & Destroy\Languages\Thai.sbl
c:\program files\Spybot - Search & Destroy\Languages\Turkce.sbl
c:\program files\Spybot - Search & Destroy\Languages\Ukrainian.sbl
c:\program files\Spybot - Search & Destroy\Languages\Uzbek.sbl
c:\program files\Spybot - Search & Destroy\LCGNXQ.scr
c:\program files\Spybot - Search & Destroy\messages.zres
c:\program files\Spybot - Search & Destroy\OptOut.ini
c:\program files\Spybot - Search & Destroy\Plugins\Fennel.dll
c:\program files\Spybot - Search & Destroy\Plugins\Chai.dll
c:\program files\Spybot - Search & Destroy\Plugins\Mate.dll
c:\program files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
c:\program files\Spybot - Search & Destroy\SDDelFile.exe
c:\program files\Spybot - Search & Destroy\SDFiles.exe
c:\program files\Spybot - Search & Destroy\SDHelper.dll
c:\program files\Spybot - Search & Destroy\SDMain.exe
c:\program files\Spybot - Search & Destroy\SDShred.exe
c:\program files\Spybot - Search & Destroy\SDUpdate.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Spybot - Search & Destroy\Skins\Colorblind.ini
c:\program files\Spybot - Search & Destroy\Skins\Italia.ini
c:\program files\Spybot - Search & Destroy\Skins\Italia.jpg
c:\program files\Spybot - Search & Destroy\Skins\Peace.ini
c:\program files\Spybot - Search & Destroy\Skins\Peace.jpg
c:\program files\Spybot - Search & Destroy\SpybotSD.exe
c:\program files\Spybot - Search & Destroy\sqlite3.dll
c:\program files\Spybot - Search & Destroy\TeaTimer.exe
c:\program files\Spybot - Search & Destroy\Tools.dll
c:\program files\Spybot - Search & Destroy\unins000.dat
c:\program files\Spybot - Search & Destroy\unins000.exe
c:\program files\Spybot - Search & Destroy\unins000.msg
c:\program files\Spybot - Search & Destroy\UninsSrv.dll
c:\program files\Spybot - Search & Destroy\Update.exe
c:\program files\Spybot - Search & Destroy\Updates\advcheck165.exe
c:\program files\Spybot - Search & Destroy\Updates\advcheck165.zip
c:\program files\Spybot - Search & Destroy\Updates\clsid.zip
c:\program files\Spybot - Search & Destroy\Updates\downloaded.ini
c:\program files\Spybot - Search & Destroy\Updates\includes.keyloggers.zip
c:\program files\Spybot - Search & Destroy\Updates\includes.malware.zip
c:\program files\Spybot - Search & Destroy\Updates\includes.spybots.zip
c:\program files\Spybot - Search & Destroy\Updates\includes.trojans.zip
c:\program files\Spybot - Search & Destroy\Updates\includes.zip
c:\program files\Spybot - Search & Destroy\Updates\online.ini
c:\program files\Spybot - Search & Destroy\Updates\online.ini.uiz
c:\program files\Spybot - Search & Destroy\Updates\supplemental.zip
c:\program files\Spybot - Search & Destroy\Updates\teatimer166.exe
c:\program files\Spybot - Search & Destroy\Updates\teatimer166.zip
C:\SDFix
c:\sdfix\Add_DBFix_RunOnce_key.inf
c:\sdfix\apps\assosfix.reg
c:\sdfix\apps\Cghtme.exe
c:\sdfix\apps\cliptext.exe
c:\sdfix\apps\DBFix.inf
c:\sdfix\apps\download.exe
c:\sdfix\apps\dummy.sys
c:\sdfix\apps\Enable_Command_Prompt.inf
c:\sdfix\apps\Enable_Command_Prompt.reg
c:\sdfix\apps\ERDNT.E_E
c:\sdfix\apps\ERDNTDOS.LOC
c:\sdfix\apps\ERDNTWIN.LOC
c:\sdfix\apps\ERUNT.EXE
c:\sdfix\apps\ERUNT.LOC
c:\sdfix\apps\fix.reg
c:\sdfix\apps\FixBeep.reg
c:\sdfix\apps\FixBH.reg
c:\sdfix\apps\FixComponents.reg
c:\sdfix\apps\FIXCU.reg
c:\sdfix\apps\FIXLM.reg
c:\sdfix\apps\FixPath.exe
c:\sdfix\apps\FixRedir.reg
c:\sdfix\apps\FixSchedule.reg
c:\sdfix\apps\FixWebCheck.reg
c:\sdfix\apps\fixXP.reg
c:\sdfix\apps\FixXPsp2.reg
c:\sdfix\apps\grep.exe
c:\sdfix\apps\HaxdFix.reg
c:\sdfix\apps\HPFix.reg
c:\sdfix\apps\HPFix2.reg
c:\sdfix\apps\HPFix3.reg
c:\sdfix\apps\HPFix4.reg
c:\sdfix\apps\HPFix5.reg
c:\sdfix\apps\HPFix6.reg
c:\sdfix\apps\HPFix7.reg
c:\sdfix\apps\HPFix8.reg
c:\sdfix\apps\HPFix9.reg
c:\sdfix\apps\Installed.txt
c:\sdfix\apps\isadmin.exe
c:\sdfix\apps\leg2.txt
c:\sdfix\apps\legacy.txt
c:\sdfix\apps\legacybk.txt
c:\sdfix\apps\locate.com
c:\sdfix\apps\LS.exe
c:\sdfix\apps\MD5File.exe
c:\sdfix\apps\moveex.exe
c:\sdfix\apps\MyGcpvFix.reg
c:\sdfix\apps\MyGkFix2.reg
c:\sdfix\apps\Process.exe
c:\sdfix\apps\procs.exe
c:\sdfix\apps\psservice.exe
c:\sdfix\apps\Rem.txt
c:\sdfix\apps\Rem2.txt
c:\sdfix\apps\Replace\regedit.exe
c:\sdfix\apps\Replace\w2k\AUTOEXEC.NT
c:\sdfix\apps\Replace\w2k\beep.sys
c:\sdfix\apps\Replace\w2k\command.com
c:\sdfix\apps\Replace\w2k\command.PIF
c:\sdfix\apps\Replace\w2k\CONFIG.NT
c:\sdfix\apps\Replace\w2k\null.sys
c:\sdfix\apps\Replace\xp\AUTOEXEC.NT
c:\sdfix\apps\Replace\xp\beep.sys
c:\sdfix\apps\Replace\xp\command.com
c:\sdfix\apps\Replace\xp\command.PIF
c:\sdfix\apps\Replace\xp\CONFIG.NT
c:\sdfix\apps\Replace\xp\null.sys
c:\sdfix\apps\Reset_AppInit_DLLs.reg
c:\sdfix\apps\RestartIt!.exe
c:\sdfix\apps\Restore_SafeBoot_Windows2000.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
c:\sdfix\apps\Restore_SecurityCenter.reg
c:\sdfix\apps\Restore_SharedAccess.reg
c:\sdfix\apps\sc.exe
c:\sdfix\apps\sed.exe
c:\sdfix\apps\SF.exe
c:\sdfix\apps\shutdown.exe
c:\sdfix\apps\srv2.txt
c:\sdfix\apps\srv2bk.txt
c:\sdfix\apps\svc.txt
c:\sdfix\apps\svcbk.txt
c:\sdfix\apps\Swreg.exe
c:\sdfix\apps\swsc.exe
c:\sdfix\apps\UnRAR.exe
c:\sdfix\apps\unzip.exe
c:\sdfix\apps\vfind.exe
c:\sdfix\apps\WINMSG.EXE
c:\sdfix\apps\winsec.reg
c:\sdfix\apps\zip.exe
c:\sdfix\backups\backupreg.zip
c:\sdfix\backups\backups.zip
c:\sdfix\backups\catchme.log
c:\sdfix\backups\HOSTS
c:\sdfix\catchme.exe
c:\sdfix\DBFix.bat
c:\sdfix\dummy.sys
c:\sdfix\Report.txt
c:\sdfix\RunThis.bat
c:\sdfix\SDFIX_ReadMe_Online.url
c:\sdfix\W2K_VirusAlert_Repair.inf
c:\sdfix\XP_VirusAlert_Repair.inf
c:\windows\regedit.com
c:\windows\S3646007D.tmp
c:\windows\system32\ezsidmv.dat
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-04 do 2010-08-04 )))))))))))))))))))))))))))))))
.

2010-08-04 17:54 . 2010-08-04 17:54 -------- d---a-w- c:\windows\VDLL.DLL
2010-08-04 17:54 . 2010-08-04 17:54 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-08-04 17:54 . 2010-08-04 17:54 -------- d---a-w- c:\windows\logo1_.exe
2010-08-04 17:54 . 2010-08-04 17:54 -------- d---a-w- c:\windows\system32\runouce.exe
2010-08-04 17:54 . 2010-08-04 17:54 -------- d---a-w- c:\windows\rundll16.exe
2010-08-04 17:54 . 2010-08-04 17:54 -------- d---a-w- c:\windows\logo_1.exe
2010-08-04 17:53 . 2010-08-04 17:53 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-08-04 17:53 . 2010-08-04 17:53 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-08-04 17:53 . 2010-08-04 17:53 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-08-04 17:53 . 2008-04-14 14:00 147968 ----a-w- c:\windows\R.COM
2010-08-04 17:53 . 2008-04-14 14:00 137216 ----a-w- c:\windows\system32\T.COM
2010-08-04 17:53 . 2010-08-04 17:53 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-08-04 16:23 . 2010-08-04 16:29 -------- d-----w- C:\ComboFix23459C
2010-08-04 16:21 . 2010-08-04 16:21 -------- d-sh--w- c:\documents and settings\Administrator.LENOVO3000N200\PrivacIE
2010-08-04 16:08 . 2010-08-04 17:56 -------- d-----w- C:\ComboFix2
2010-08-04 15:59 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 15:59 . 2010-08-04 16:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 15:59 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-04 15:23 . 2010-08-04 15:23 -------- d-----w- c:\windows\ERUNT
2010-08-04 15:03 . 2010-08-04 15:03 5153350 ----a-w- c:\windows\REGBK00.ZIP
2010-08-04 14:28 . 2010-08-04 16:58 -------- d-----w- c:\program files\Trend Micro
2010-08-04 06:27 . 2010-08-04 06:27 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-08-03 12:57 . 2010-08-04 20:22 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-08-03 12:56 . 2010-08-04 18:56 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-08-03 09:30 . 2010-08-03 09:30 156 ----a-w- c:\windows\z.reg
2010-08-02 20:01 . 2010-08-02 20:01 -------- d-----w- c:\program files\GRETECH
2010-08-02 19:20 . 2010-08-02 19:20 -------- d-----w- C:\found.001
2010-08-02 19:16 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-08-02 19:16 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-08-02 19:16 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-08-02 19:16 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-08-02 19:16 . 2010-03-10 19:29 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-08-02 19:16 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\divx.dll
2010-08-02 19:16 . 2010-07-14 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-08-02 19:16 . 2010-08-02 19:16 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-22 16:56 . 2010-07-22 16:56 -------- d-----w- c:\program files\Vodafone
2010-07-15 10:38 . 2010-07-15 11:00 -------- d-----w- c:\program files\Trans

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 20:25 . 2010-08-04 20:25 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-04 20:22 . 2010-08-04 20:22 0 ----a-w- c:\windows\S3646007D.tmp
2010-08-04 16:13 . 2008-03-29 16:12 -------- d-----r- c:\program files\Skype
2010-08-04 16:06 . 2008-04-01 10:52 441282 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-08-03 12:21 . 2009-07-17 09:45 44544 ----a-w- c:\windows\system32\agremove.exe
2010-07-02 15:49 . 2009-10-26 16:41 -------- d-----w- c:\program files\ICQ6.5
2010-06-30 07:01 . 2006-03-02 11:00 78250 ----a-w- c:\windows\system32\perfc005.dat
2010-06-30 07:01 . 2006-03-02 11:00 429262 ----a-w- c:\windows\system32\perfh005.dat
2010-06-14 14:31 . 2008-03-25 12:35 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2004-10-01 14:00 . 2008-03-26 07:43 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2009-05-14 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-08-04_17.09.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-04 20:22 . 2010-08-04 20:22 16384 c:\windows\temp\Perflib_Perfdata_72c.dat
+ 2010-08-04 20:22 . 2010-08-04 20:22 16384 c:\windows\temp\Perflib_Perfdata_218.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-21 7585792]
"nwiz"="nwiz.exe" [2007-03-21 1622016]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-09-06 54824]
"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-03-16 31840]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 89542]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-30 149280]
"Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-11-13 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2007-02-27 16:26 131072 ----a-w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2007-12-14 15:36 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
2002-11-02 06:33 45056 ----a-w- c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2006-07-12 09:58 1397760 ------w- c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [13.1.2009 13:40 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [13.1.2009 13:40 5248]
R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [28.11.2002 12:43 22016]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5.10.2008 13:37 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 11:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 11:21 72624]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24.5.2006 12:48 10240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.10.2008 13:37 20560]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [19.1.2007 16:16 61440]
R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [9.4.2007 11:24 54832]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 11:21 1234480]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [18.9.2009 17:48 9216]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [19.6.2009 13:59 12032]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [19.6.2009 13:59 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [19.6.2009 13:59 12928]
RUnknown rpcnetp;rpcnetp; [x]
S2 gupdate1caf07255dc939c;Služba Google Update (gupdate1caf07255dc939c);c:\program files\Google\Update\GoogleUpdate.exe [10.5.2010 20:55 133104]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\docume~1\ADMINI~1.LEN\LOCALS~1\Temp\EverestDriver.sys --> c:\docume~1\ADMINI~1.LEN\LOCALS~1\Temp\EverestDriver.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [27.4.2010 19:05 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [29.4.2010 18:00 100480]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4.8.2010 17:59 38224]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19ef6c2a-95ad-11df-a543-001b380a978b}]
\Shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72cb14d4-521e-11df-a485-001b380a978b}]
\Shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a191a478-59f7-11df-a499-001b380a978b}]
\Shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence
.
Obsah adresáře 'Naplánované úlohy'

2010-01-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 15:53]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 18:55]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-10 18:55]

2010-08-04 c:\windows\Tasks\User_Feed_Synchronization-{752B43E6-B86D-40EC-A2D7-1CADB49EE03A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

2010-08-02 c:\windows\Tasks\Vyčištění disku.job
- c:\windows\system32\cleanmgr.exe [2008-04-14 14:00]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Veronika\Data aplikací\Mozilla\Firefox\Profiles\kmj2rrx1.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files\Spybot - Search & Destroy\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 22:24
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1100)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'explorer.exe'(2668)
c:\windows\system32\btmmhook.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Lenovo\PM Driver\PMSveH.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\rpcnetp.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\AGRSMMSG.exe
c:\program files\Lexmark X6100 Series\lxbfbmon.exe
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\Skype\Phone\Skype.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\progra~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-08-04 22:30:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-04 20:30
ComboFix2.txt 2010-08-04 17:11

Před spuštěním: Volných bajtů: 129 171 738 624
Po spuštění: Volných bajtů: 129 370 165 248

- - End Of File - - 79D62503A1D8DCE4F3CEE25229AAA56A

[stell]

ok,este spust tento program-UsbFix.exe-stiahni na plochu-pripoj vsetko co pouzivas cez USB-kluce,mp3,kameru,,,vsetko a spust-klik-DELETE-log vloz sem
Potom pc precisti CCleanerom,napis ako sa chova pc,a zajtra to dokoncime, dnes koncim
-Stiahni na plochu UsbFix
a spust,

[ray204]

Ok, zatim diky moc

[stell]

ok,takze log z USB-Fix a napis ako sa chova pc,,potom este docistime.

[ray204]

Tady je log z USBfix. Jinak kdyz najedu normalne do windows, tak restart se jiz neprovadi, ale pri pokusu otevrit "Tento Pocitac" nebo "Dokumenty" mi naskoci modra smrt (ne vzdy).

############################## | UsbFix 7.019 | [Research]

User: Administrator (Administrator) # LENOVO3000N200 [ ]
Updated 03/08/10 by El Desaparecido / C_XX
Started at 16:20:38 | 05/08/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Windows Firewall: Disabled /!\
Antivirus: avast! antivirus 4.8.1368 [VPS 100804-1] 4.8.1368 [Enabled | Updated]
Firewall: Sunbelt Personal Firewall 4.5.916 T [Enabled]
RAM -> 1022 Mb
C:\ (%systemdrive%) -> Fixed drive # 143 Gb (120 Mb free - 83%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
G:\ -> Removable drive # 8 Gb (8 Mb free - 100%) [] # FAT32

################## | Files # Infected Folders |

Found ! C:\WINDOWS\rundl132.exe

################## | Registry |

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |


################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |

[stell]

http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
logy vloz sem

[ray204]

PRVNI

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-05 17:05:57
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1.LEN\LOCALS~1\Temp\kgliifod.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- System - GMER 1.0.15 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF73E52A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF73F0910]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86F05C08
Device \FileSystem\Fastfat \Fat 837B52C0

AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip 863DD8C0
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp 863DD8C0
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp 863DD8C0
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp 863DD8C0
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Modules - GMER 1.0.15 ----

Module _________ F72B7000-F72CF000 (98304 bytes)

---- EOF - GMER 1.0.15 ----

[ray204]

DRUHY

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-05 17:33:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1.LEN\LOCALS~1\Temp\kgliifod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwClose [0xF6B34F80]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xF6B34552]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateKey [0xF6B30882]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF73E4A20]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xF6B33A1A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xF6B33910]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xF6B33F2A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xF6B35034]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xF6B30D54]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteValueKey [0xF6B30E70]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF73E52A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF73F0910]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xF6B34906]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xF6B30B78]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF73E52C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF73F0866]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xF6B340DC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xF6B34CE0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF73F00B0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwSetValueKey [0xF6B31038]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xF6B34BB2]

---- Kernel code sections - GMER 1.0.15 ----

PAGENDSM NDIS.sys!NdisMIndicateStatus F71BB9EF 6 Bytes JMP F6B28C5E \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F6B28B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F6B28B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F6B28B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F6B28B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F6B28B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F6B28B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F6B28B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86F05C08
Device \FileSystem\Fastfat \FatCdrom 837B52C0

AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip 863DD8C0
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp 863DD8C0
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\fwdrv \Device\FWDRV 863DD8C0
Device \Driver\Cdrom \Device\CdRom0 86F347D8
Device \FileSystem\Rdbss \Device\FsWrap 8378A030
Device \Driver\Cdrom \Device\CdRom1 86F347D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 865E1740
Device \Driver\atapi \Device\Ide\IdePort0 865E1740
Device \Driver\atapi \Device\Ide\IdePort1 865E1740
Device \FileSystem\Srv \Device\LanmanServer 836F32E8

AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp 863DD8C0
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp 863DD8C0
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 83810FB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 83810FB0
Device \FileSystem\Npfs \Device\NamedPipe 83ADF2F0
Device \FileSystem\Msfs \Device\Mailslot 83A79308
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 8644B7A8
Device \Driver\d347prt \Device\Scsi\d347prt1 8644B7A8
Device \FileSystem\Fastfat \Fat 837B52C0
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 83B95DF0
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 83B95DF0
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 83B95DF0
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 83B95DF0
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 83B95DF0
Device \FileSystem\Cdfs \Cdfs 837684A0

---- Modules - GMER 1.0.15 ----

Module _________ F72B7000-F72CF000 (98304 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x67 0xB0 0xF9 0xAF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x14 0x82 0x68 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8C 0x25 0x10 0xE9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0xD1 0x22 0x8C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x14 0x82 0x68 0x5C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8C 0x25 0x10 0xE9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{700BCBF5-676E-DB7E-5254-367DEC5373A5}\InprocServer32@ C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE11\MSO.DLL

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- Files - GMER 1.0.15 ----

ADS C:\System Volume Information\_restore{71329A27-DCA7-4056-A843-C7AC46853AC6}\RP188\A0302962.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{71329A27-DCA7-4056-A843-C7AC46853AC6}\RP189\A0303979.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{71329A27-DCA7-4056-A843-C7AC46853AC6}\RP190\A0304217.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{71329A27-DCA7-4056-A843-C7AC46853AC6}\RP190\A0304235.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{71329A27-DCA7-4056-A843-C7AC46853AC6}\RP190\A0305254.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{71329A27-DCA7-4056-A843-C7AC46853AC6}\RP190\A0305312.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{71329A27-DCA7-4056-A843-C7AC46853AC6}\RP191\A0306650.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{71329A27-DCA7-4056-A843-C7AC46853AC6}\RP191\A0307660.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{71329A27-DCA7-4056-A843-C7AC46853AC6}\RP191\A0307671.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{71329A27-DCA7-4056-A843-C7AC46853AC6}\RP191\A0308682.exe:BAK 22528 bytes executable
ADS C:\System Volume Information\_restore{71329A27-DCA7-4056-A843-C7AC46853AC6}\RP191\A0309696.exe:BAK 22528 bytes executable

---- EOF - GMER 1.0.15 ----

[stell]

odinstaluj
Sunbelt Personal Firewall
precisti CCleanerom
Vypnut obnovu systemu na vsetkych jednotkach-restart a zapnut spat.
system volume information/restore (Obnova systému):
1. Je potřeba vypnout nástroj obnova systému - Ovládací panely>systém>obnovení systému>vypnout nástroj obnovení systému>OK nebo použít a nyní jen restartovat PC
2. Po restartu je tento adresář kompletně smazán, obnovu opět zapnout.http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

Je tam zazanam v sectore 61-62-ale pod;a mna to je ok,uvidime.
Stahni OTListIt2>> OTL
Označ položku Pro všechny uživatele.
Označ položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikn na tlačítko Prohledat
Po dokončení, sem vlož logy OTL.Txt a Extras.txt

Kód: Vybrat vše

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90

- spust
-zafajkni
-Scan all users.
-Lop check.
-Purity check.
-v sekciiExtra Registry>zaboduj>Use SafeList
-do okna Custom Scans/Fixes>vloz zeleny text a klik Run SCAN
-scan trva [10-15 min]>.potom vloz sem
-OTL.txt (bude na ploche).

[ray204]

Test se nedokoncil a naskocila mi modra smrt : KERNEL_STACK_INPAGE_ERROR