Prosím o kontrolu

Zpráva

bmwacs · #1 Příspěvek od **bmwacs** » 19 lis 2010 16:51

Logfile of random's system information tool 1.08 (written by random/random)
Run by Hana at 2010-11-19 10:06:32
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 5 GB (16%) free of 30 GB
Total RAM: 959 MB (61% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2C688203-7EB3-4327-9995-1CB417BA23F9} - BS.Player ControlBar - C:\Program Files\BS.Player ControlBar\BSToolbar.dll [2008-08-13 757192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-09-22 90112]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2005-10-10 7286784]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2005-10-10 86016]
"NVRTCLK"=C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe [2003-12-30 24576]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe [2005-11-29 40960]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"ioCentre"=C:\Genius\ioCentre\gTaskBar.exe [2006-12-08 241664]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe -hide -runkey []
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-10-26 81920]
"selejoo"=C:\WINDOWS\system32\dyzyvow.exe [2010-11-12 201216]
"Windows Firewall"=C:\DOCUME~1\Hana\LOCALS~1\Temp\lsass.exe [2010-11-15 57344]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe [2005-11-29 57344]
"fsm"= []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-10-26 81920]
"Windows Firewall"=C:\DOCUME~1\Hana\LOCALS~1\Temp\lsass.exe [2010-11-15 57344]
"MSConfig"=C:\Documents and Settings\Hana\dgupts.exe [2010-11-15 19456]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Hana\Nabídka Start\Programy\Po spuštění
0c3oo3a.exe
0dzuk6w.exe
0epqb0x.exe
0idt9pq.exe
0jee6qq.exe
0jfavmm.exe
0nnezzq.exe
0oojaav.exe
0uupggb.exe
1gccxi3.exe
1ze1aww.exe
3gg3ss3.exe
3kkfwwr.exe
3mm7dze.exe
3uupggb.exe
3zpqq72.exe
4hdttpf.exe
5hcnoe0.exe
5jp5fwm.exe
5p1gbm5.exe
60u3gg3.exe
675tka5.exe
6cc6oo6.exe
6ee6qq6.exe
6oo6aa6.exe
6w9i70j.exe
70vrmm6.exe
7pqq720.exe
870lhcc.exe
870rcii.exe
8e0u3gg.exe
9i1eaav.exe
9i70jfa.exe
9whnyye.exe
aa6mm6otp.exe
bw9i70jfa.exe
c3oo3aa3.exe
cidzkav3rc.exe
cyytkkfwwr.exe
d75k70lhcc.exe
due4bmhhyt.exe
duupggbs.exe
ee6qq6cc6.exe
ekffwrrid.exe
ekqwcd5f.exe
f6lcxxoo9.exe
fa1wssneez.exe
faa6mm6yy.exe
ffbrrnddzpp.exe
g3i70jfaa6m.exe
g5h0dyeu.exe
g6ss6ee6.exe
gwhnyyekw.exe
hhi70jfaa6m.exe
hsnnezzql.exe
hxxtjjfv.exe
i3kkfwwriid.exe
i60pawr2.exe
i70jfaa6m.exe
idzkav3r.exe
io5p1gbm.exe
jfvvmrni.exe
jfvvrhhdtt.exe
jtepqb0x0n.exe
k70lhcc6o.exe
lm0c30u3.exe
lm70njee6q.exe
m1d3ka5l.exe
m75y76975.exe
mhyytkkf.exe
mmxojekq3.exe
n0jzf3l0h.exe
n23uu3gh.exe
nddep723.exe
neezqqlccxo.exe
njue4bmhhy.exe
nntzavbg.exe
no5p1gbm5n.exe
no70plgg6s.exe
ntjk0a3mm3.exe
ny3kfq91s.exe
o0pawr26o.exe
o5p0llcxxo.exe
oj3aqg0iio.exe
oojaavmm.exe
pffbrrnd.exe
pfg0w3itjk.exe
pggbssneezq.exe
pkk6ww6ii6u.exe
ppqq720215f.exe
qbc0yyekwm.exe
qq3cc30u3aa.exe
qq6sc3oo3aa.exe
riiduupggbs.exe
rinjzzvl.exe
rm1ieezqql.exe
rnddzppl.exe
s3uu5v0rrid.exe
sy5pkll0.exe
t0zkfwwri.exe
too6aa6ch.exe
tpkk6ww6.exe
ttpffbrrndd.exe
tze1awwrii.exe
u1qmmhyytk.exe
uka006u3k9.exe
upggbsstek.exe
v0rriddup.exe
va3mm3yy.exe
vbrs0jj60a.exe
vmmhyytk.exe
vq1cnii3uu.exe
vq1miiduup.exe
w1soojaa.exe
wr0nnezzql.exe
xd0zzqllc.exe
xoojaa5b0xx.exe
xtjjfvvm.exe
xtoo6aa6.exe
y5p0vmm5n0.exe
ydezpqb0xs.exe
yjpu3gg3ss.exe
z26wrrid.exe
zkffwrrid.exe
zuu6gg6ss6e.exe
zvllhxxt.exe
zvqq6cc6.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sarjuozb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\zulyvxsb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sarjuozb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\zulyvxsb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Documents and Settings\Hana\Plocha\incredimail_install.exe"="C:\Documents and Settings\Hana\Plocha\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Hana\Local Settings\Temporary Internet Files\Content.IE5\Z7WADBEK\P17535732.JPG-www.facebook[1].exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-11-19 10:06:32 ----D---- C:\rsit
2010-11-19 10:06:32 ----D---- C:\Program Files\trend micro
2010-11-17 17:26:31 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-11-17 17:26:31 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-11-17 17:26:30 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-11-17 17:20:35 ----A---- C:\setupcze.exe
2010-11-17 17:16:55 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-11-17 17:16:55 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-11-17 17:16:55 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-11-17 17:16:55 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-11-17 17:16:40 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-11-17 16:54:05 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-16 17:34:39 ----A---- C:\WINDOWS\system32\drivers\pkk3b5f.sys
2010-11-16 17:29:09 ----A---- C:\WINDOWS\system32\drivers\ppj8673.sys
2010-11-16 17:23:31 ----A---- C:\WINDOWS\system32\drivers\ttabhycv.sys
2010-11-16 12:46:37 ----A---- C:\WINDOWS\system32\drivers\onn233f.sys
2010-11-16 07:24:36 ----A---- C:\WINDOWS\system32\drivers\sarjuozb.sys
2010-11-16 05:45:11 ----A---- C:\winnt7.exe
2010-11-16 05:44:05 ----A---- C:\WINDOWS\system32\roorotatouj.exe
2010-11-15 19:57:02 ----A---- C:\WINDOWS\system32\drivers\zulyvxsb.sys
2010-11-12 21:26:51 ----A---- C:\WINDOWS\system32\jemmequypuqu.exe
2010-11-12 21:26:29 ----A---- C:\WINDOWS\system32\dyzyvow.exe
2010-11-12 21:25:28 ----RSH---- C:\Documents and Settings\Hana\Data aplikací\juzjf.exe
2010-11-12 21:25:08 ----A---- C:\min32.exe
2010-10-26 20:59:02 ----RSH---- C:\WINDOWS\nvsvc32.exe

======List of files/folders modified in the last 1 months======

2010-11-19 10:06:32 ----RD---- C:\Program Files
2010-11-19 10:05:56 ----AD---- C:\WINDOWS\Temp
2010-11-19 09:44:08 ----RSHD---- C:\RECYCLER
2010-11-19 09:41:56 ----D---- C:\WINDOWS
2010-11-19 09:41:39 ----D---- C:\Documents and Settings\Hana\Data aplikací\Skype
2010-11-17 17:26:31 ----D---- C:\WINDOWS\system32\drivers
2010-11-17 17:21:41 ----AC---- C:\WINDOWS\NeroDigital.ini
2010-11-17 17:16:55 ----D---- C:\WINDOWS\system32
2010-11-17 17:16:38 ----D---- C:\WINDOWS\Prefetch
2010-11-17 16:58:15 ----D---- C:\Program Files\Software Informer
2010-11-17 16:54:29 ----D---- C:\Documents and Settings
2010-11-17 16:34:57 ----D---- C:\WINDOWS\Debug
2010-11-17 16:27:21 ----D---- C:\Program Files\CCleaner
2010-11-16 08:11:50 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-10-31 20:06:43 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-31 20:05:28 ----D---- C:\Documents and Settings\Hana\Data aplikací\skypePM
2010-10-29 17:10:26 ----D---- C:\Program Files\Mozilla Firefox
2010-10-29 10:03:49 ----HD---- C:\WINDOWS\inf
2010-10-29 10:03:47 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-26 20:59:04 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-04-23 36624]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-04-04 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-04-14 19968]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-08-24 717296]
R0 zulyvxsb;zulyvxsb; C:\WINDOWS\System32\Drivers\zulyvxsb.sys [2010-11-15 40128]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-09-10 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 gHidPnp;USB Device Enhanced Function Driver; C:\WINDOWS\System32\Drivers\gHidPnp.Sys [2006-07-14 14848]
R3 gMouUsb;USB Mouse Device Drv; C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [2006-07-14 9984]
R3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-10-10 3530432]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S1 onn233f;onn233f; C:\WINDOWS\System32\drivers\onn233f.sys [2010-11-16 138272]
S2 sarjuozb;sarjuozb; C:\WINDOWS\system32\drivers\sarjuozb.sys [2010-11-16 82944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 gMouPS2;PS2 Scroll Mouse Device; C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [2006-07-12 17408]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2005-10-10 131139]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-19 348344]
S2 eiiau5yqpeaeyuop;Blue Coat K9 Web Protection; C:\WINDOWS\system32\jemmequypuqu.exe [2010-11-12 201216]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S4 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 19 lis 2010 17:18

Zdravim a pekny den preji

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

bmwacs · #3 Příspěvek od **bmwacs** » 23 lis 2010 14:44

Log šel provést pouze v režimu stav nouze

ComboFix 10-11-22.05 - Administrator 23.11.2010 14:07:03.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.959.676 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\pgmy.exe
c:\documents and settings\Hana\dgupts.exe
c:\documents and settings\Hana\wuaucldt.exe
c:\windows\System32\drivers\onn233f.sys
c:\windows\system32\drivers\pkk3b5f.sys
c:\windows\system32\drivers\ppj8673.sys
c:\windows\system32\Drivers\zulyvxsb.sys
c:\windows\system32\dyzyvow.exe
c:\windows\system32\jemmequypuqu.exe

Nakažená kopie c:\windows\system32\drivers\cdrom.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\cdrom.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_eiiau5yqpeaeyuop
-------\Legacy_onn233f
-------\Legacy_zulyvxsb
-------\Service_eiiau5yqpeaeyuop
-------\Service_onn233f
-------\Service_zulyvxsb

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-23 do 2010-11-23 )))))))))))))))))))))))))))))))
.

2010-11-23 12:18 . 2010-11-23 12:18 -------- d-----w- c:\documents and settings\Hana\Data aplikací\Motive
2010-11-23 12:16 . 2010-11-23 12:16 -------- d-----w- c:\program files\TO2SAM
2010-11-23 12:15 . 2010-11-23 12:16 -------- d-----w- c:\program files\Common Files\Motive
2010-11-23 12:14 . 2010-11-23 12:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Motive
2010-11-22 18:51 . 2010-11-22 18:51 33280 ----a-w- c:\windows\system32\wuaucldt.exe
2010-11-19 09:06 . 2010-11-19 09:06 -------- d-----w- C:\rsit
2010-11-19 09:06 . 2010-11-19 09:06 -------- d-----w- c:\program files\trend micro
2010-11-17 16:20 . 2009-04-08 11:25 26042880 ----a-w- C:\setupcze.exe
2010-11-17 15:54 . 2010-11-23 13:14 -------- d-----w- c:\documents and settings\Administrator
2010-11-16 16:23 . 2010-11-16 16:23 82944 ----a-w- c:\windows\system32\drivers\ttabhycv.sys
2010-11-16 06:24 . 2010-11-16 06:24 82944 ----a-w- c:\windows\system32\drivers\sarjuozb.sys
2010-11-16 04:45 . 2010-11-16 04:45 91136 ----a-w- C:\winnt7.exe
2010-11-16 04:44 . 2010-11-23 12:43 201216 ----a-w- c:\windows\system32\roorotatouj.exe
2010-11-12 20:25 . 2010-11-12 20:25 91136 --sh--r- c:\documents and settings\Hana\Data aplikací\juzjf.exe
2010-11-12 20:25 . 2010-11-12 20:25 91136 ----a-w- C:\min32.exe
2010-10-26 19:59 . 2010-10-26 19:59 81920 --sh--r- c:\windows\nvsvc32.exe
2010-10-26 06:48 . 2010-10-07 23:21 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{CFDC42E3-69FF-40EA-BC57-D9B69EF20CF6}\mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2010-08-27 15:21 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2010-08-28 19:32 6146896 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-10-10 7286784]
"nwiz"="nwiz.exe" [2005-10-10 1519616]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-10-10 86016]
"NVRTCLK"="c:\windows\System32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 40960]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2006-12-08 241664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Hana\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0c3oo3a.exe [2010-11-14 60416]
0dzuk6w.exe [2010-11-16 60416]
0epqb0x.exe [2010-11-13 60416]
0ggbssn.exe [2010-11-23 43008]
0idt9pq.exe [2010-11-19 43008]
0jee6qq.exe [2010-11-17 60416]
0jfavmm.exe [2010-11-16 60416]
0nnezzq.exe [2010-11-13 60416]
0oojaav.exe [2010-11-15 60416]
0uupggb.exe [2010-11-16 60416]
0xc86ue.exe [2010-11-23 43008]
1gccxi3.exe [2010-11-16 60416]
1ze1aww.exe [2010-11-17 60416]
3gg3ss3.exe [2010-11-14 60416]
3kkfwwr.exe [2010-11-17 60416]
3mm7dze.exe [2010-11-13 60416]
3mmhnje.exe [2010-11-23 43008]
3uupggb.exe [2010-11-13 60416]
3zpqq72.exe [2010-11-14 60416]
4hdttpf.exe [2010-11-15 60416]
5hcnoe0.exe [2010-11-19 43008]
5jp5fwm.exe [2010-11-13 60416]
5p1gbm5.exe [2010-11-13 60416]
60u3gg3.exe [2010-11-13 60416]
60vvrhh.exe [2010-11-22 43008]
675tka5.exe [2010-11-15 60416]
6cc6oo6.exe [2010-11-15 60416]
6ee6qq6.exe [2010-11-14 60416]
6kawmcc.exe [2010-11-22 43008]
6oo6aa6.exe [2010-11-13 60416]
6w9i70j.exe [2010-11-14 60416]
70vrmm6.exe [2010-11-16 60416]
7pqq720.exe [2010-11-14 60416]
870lhcc.exe [2010-11-17 60416]
870rcii.exe [2010-11-16 60416]
8e0u3gg.exe [2010-11-19 43008]
9a1wssn.exe [2010-11-23 43008]
9i1eaav.exe [2010-11-16 60416]
9i70jfa.exe [2010-11-14 60416]
9whnyye.exe [2010-11-16 60416]
aa6mm6otp.exe [2010-11-16 60416]
bw9i70jfa.exe [2010-11-14 60416]
c3oo3aa3.exe [2010-11-13 60416]
cidzkav3rc.exe [2010-11-12 60416]
cyytkkfwwr.exe [2010-11-13 60416]
d75k70lhcc.exe [2010-11-17 60416]
due4bmhhyt.exe [2010-11-19 43008]
duupggbs.exe [2010-11-16 60416]
ee6qq6cc6.exe [2010-11-14 60416]
ekffwrrid.exe [2010-11-13 60416]
ekqwcd5f.exe [2010-11-19 43008]
f6lcxxoo9.exe [2010-11-12 60416]
fa1wssneez.exe [2010-11-13 60416]
faa6mm6yy.exe [2010-11-13 60416]
favrmm3yy3u.exe [2010-11-22 43008]
ffbrrnddzpp.exe [2010-11-13 60416]
g3i70jfaa6m.exe [2010-11-14 60416]
g5h0dyeu.exe [2010-11-13 60416]
g6ss6ee6.exe [2010-11-17 60416]
gwhnyyekw.exe [2010-11-16 60416]
hhi70jfaa6m.exe [2010-11-15 60416]
hsnnezzql.exe [2010-11-13 60416]
hxxtjjfv.exe [2010-11-13 60416]
i3kkfwwriid.exe [2010-11-14 60416]
i60pawr2.exe [2010-11-16 60416]
i70jfaa6m.exe [2010-11-15 60416]
idzkav3r.exe [2010-11-12 60416]
io5p1gbm.exe [2010-11-13 60416]
jfvvmrni.exe [2010-11-17 60416]
jfvvrhhdtt.exe [2010-11-17 60416]
jtepqb0x0n.exe [2010-11-13 60416]
k70lhcc6o.exe [2010-11-16 60416]
lg703yu0k3.exe [2010-11-23 43008]
lm0c30u3.exe [2010-11-13 60416]
lm70njee6q.exe [2010-11-17 60416]
m1d3ka5l.exe [2010-11-15 60416]
m75y76975.exe [2010-11-15 60416]
mc3ii3uu3.exe [2010-11-23 43008]
mh0ddupk0l.exe [2010-11-23 43008]
mhyytkkf.exe [2010-11-13 60416]
mmxojekq3.exe [2010-11-16 60416]
n0jzf3l0h.exe [2010-11-19 43008]
n23uu3gh.exe [2010-11-19 43008]
nddep723.exe [2010-11-12 60416]
neezqqlccxo.exe [2010-11-14 60416]
nezzqllcxx.exe [2010-11-23 43008]
njue4bmhhy.exe [2010-11-19 43008]
nntzavbg.exe [2010-11-19 43008]
no5p1gbm5n.exe [2010-11-13 60416]
no70plgg6s.exe [2010-11-15 60416]
ntjk0a3mm3.exe [2010-11-13 60416]
ny3kfq91s.exe [2010-11-13 60416]
o0pawr26o.exe [2010-11-16 60416]
o3qqlrnii75.exe [2010-11-22 43008]
o5p0llcxxo.exe [2010-11-15 60416]
oe3ggbm3y.exe [2010-11-22 43008]
oj3aqg0iio.exe [2010-11-14 60416]
oojaavmm.exe [2010-11-13 60416]
pffbrrnd.exe [2010-11-13 60416]
pfg0w3itjk.exe [2010-11-13 60416]
pggbssneezq.exe [2010-11-13 60416]
pkawmcc4tuk.exe [2010-11-22 43008]
pkk6ww6ii6u.exe [2010-11-17 60416]
ppqq720215f.exe [2010-11-14 60416]
q8703yu0k3w.exe [2010-11-23 43008]
qbc0yyekwm.exe [2010-11-16 60416]
qq3cc30u3aa.exe [2010-11-13 60416]
qq6sc3oo3aa.exe [2010-11-16 60416]
rhi0y3u3ww.exe [2010-11-22 43008]
riiduupggbs.exe [2010-11-15 60416]
rinjzzvl.exe [2010-11-15 60416]
rm1ieezqql.exe [2010-11-17 60416]
rnddzppl.exe [2010-11-13 60416]
s3uu5v0rrid.exe [2010-11-16 60416]
sy5pkll0.exe [2010-11-19 43008]
t0zkfwwri.exe [2010-11-17 60416]
tkkfwmcc.exe [2010-11-22 43008]
too6aa6ch.exe [2010-11-17 60416]
tpkk6ww6.exe [2010-11-17 60416]
ttpffbrrndd.exe [2010-11-15 60416]
tze1awwrii.exe [2010-11-17 60416]
u1qmmhyytk.exe [2010-11-16 60416]
u5v0rriddu.exe [2010-11-23 43008]
uka006u3k9.exe [2010-11-19 43008]
upggbsstek.exe [2010-11-16 60416]
v0rriddup.exe [2010-11-15 60416]
va3mm3yy.exe [2010-11-15 60416]
vbrs0jj60a.exe [2010-11-13 60416]
vmmhyytk.exe [2010-11-17 60416]
vq1cnii3uu.exe [2010-11-16 60416]
vq1miiduup.exe [2010-11-16 60416]
vqq6cc6oo6a.exe [2010-11-23 43008]
w1soojaa.exe [2010-11-15 60416]
wr0nnezzql.exe [2010-11-13 60416]
xd0zzqllc.exe [2010-11-13 60416]
xoojaa5b0xx.exe [2010-11-16 60416]
xtjjfvvm.exe [2010-11-17 60416]
xtoo6aa6.exe [2010-11-17 60416]
y5p0vmm5n0.exe [2010-11-16 60416]
ydezpqb0xs.exe [2010-11-13 60416]
yjpu3gg3ss.exe [2010-11-13 60416]
z26wrrid.exe [2010-11-15 60416]
zkffwrrid.exe [2010-11-15 60416]
zuu6gg6ss6e.exe [2010-11-13 60416]
zvllhxxt.exe [2010-11-13 60416]
zvqq6cc6.exe [2010-11-16 60416]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
cnju6fvww3i.exe [2010-11-23 43008]
nju6fvww.exe [2010-11-23 43008]
x0y11vq3c.exe [2010-11-23 43008]
yoekvq3cc.exe [2010-11-23 43008]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="c:\documents and settings\Hana\Data aplikací\juzjf.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.8.2008 12:50 717296]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [3.7.2008 10:33 14848]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [3.7.2008 10:33 9984]
S2 sarjuozb;sarjuozb;c:\windows\system32\drivers\sarjuozb.sys [16.11.2010 7:24 82944]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [3.7.2008 10:33 17408]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - Aavmker4
*Deregistered* - aswFsBlk
*Deregistered* - aswMon2
*Deregistered* - aswRdr
*Deregistered* - aswSP
*Deregistered* - aswTdi

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{699a0816-58ac-11dc-90c5-00138f95a2d2}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.03\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.03\MediaManager\grab.html
FF - ProfilePath - c:\documents and settings\Hana\Data aplikací\Mozilla\Firefox\Profiles\n50e81x7.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Hana\Data aplikací\Mozilla\Firefox\Profiles\n50e81x7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-fsm - (no file)
HKCU-Run-Windows Firewall - c:\docume~1\Hana\LOCALS~1\Temp\lsass.exe
HKCU-Run-wuaucldt - c:\documents and settings\hana\wuaucldt.exe
HKLM-Run-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
HKLM-Run-selejoo - c:\windows\system32\dyzyvow.exe
SafeBoot-sarjuozb
SafeBoot-zulyvxsb.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 14:16
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3288)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\10\1029\OWCI10.DLL
c:\windows\System32\MSCTF.dll
c:\windows\system32\msls31.dll
c:\windows\System32\msimtf.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2010-11-23 14:21:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-23 13:21

Před spuštěním: 5 016 858 624
Po spuštění: 4 984 725 504

- - End Of File - - 13861FFF15305C6DB15863F2B96D3BE9

#4 Příspěvek od **vyosek** » 23 lis 2010 16:25

Vy jste se dal na chov konicku trojskych a stadecka rootkitu

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Collect::
C:\setupcze.exe
c:\windows\system32\wuaucldt.exe
c:\windows\system32\drivers\ttabhycv.sys
c:\windows\system32\drivers\sarjuozb.sys
C:\winnt7.exe
c:\windows\system32\roorotatouj.exe
C:\documents and settings\Hana\Data aplikací\juzjf.exe
C:\min32.exe
c:\windows\nvsvc32.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{699a0816-58ac-11dc-90c5-00138f95a2d2}]

Folder::
c:\documents and settings\Hana\Nabídka Start\Programy\Po spuštění
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění

File::
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk

Driver::
Aavmker4
aswFsBlk
aswMon2
aswRdr
aswSP
aswTdi
sarjuozb

DDS::
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

Firefox::
FF - ProfilePath - c:\documents and settings\Hana\Data aplikací\Mozilla\Firefox\Profiles\n50e81x7.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.7&q=

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

bmwacs · #5 Příspěvek od **bmwacs** » 23 lis 2010 17:20

Dobrý večer

toto je počítač tchána kdoví co kde s tím dělá. No strávil jsem tady celej den. nic nešlo takže moc děkuji za pomoc¨

ComboFix 10-11-22.05 - Hana 23.11.2010 17:05:47.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.959.570 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hana\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Hana\Plocha\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk"

file zipped: C:\min32.exe
file zipped: C:\setupcze.exe
file zipped: c:\windows\nvsvc32.exe
file zipped: c:\windows\system32\drivers\sarjuozb.sys
file zipped: c:\windows\system32\drivers\ttabhycv.sys
file zipped: C:\winnt7.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\cqkrugq.exe
c:\documents and settings\Administrator\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Administrator\secupdat.dat
c:\documents and settings\Administrator\wuaucldt.exe
c:\documents and settings\Hana\Dokumenty\cc_20100827_172813.reg
c:\documents and settings\Hana\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Hana\secupdat.dat
C:\min32.exe
c:\recycler\S-1-5-21-2711754200-7799282348-269696915-0987\yv8g67.exe
C:\setupcze.exe
c:\windows\nvsvc32.exe
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\drivers\sarjuozb.sys
c:\windows\system32\drivers\ttabhycv.sys
c:\windows\system32\secupdat.dat
C:\winnt7.exe

Nakažená kopie c:\windows\system32\drivers\cdrom.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\cdrom.sys

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AAVMKER4
-------\Legacy_ASWFSBLK
-------\Legacy_ASWMON2
-------\Legacy_ASWRDR
-------\Legacy_ASWSP
-------\Legacy_ASWTDI
-------\Legacy_SARJUOZB
-------\Service_sarjuozb

((((((((((((((((((((((((( Soubory vytvořené od 2010-10-23 do 2010-11-23 )))))))))))))))))))))))))))))))
.

2010-11-23 15:39 . 2010-11-23 15:51 -------- d-----w- C:\7da30aee9737780cebabd4605d50
2010-11-23 15:22 . 2010-11-23 15:22 -------- d-----w- c:\documents and settings\Hana\Data aplikací\CheckPoint
2010-11-23 15:20 . 2010-11-23 15:20 -------- d-----w- c:\program files\CheckPoint
2010-11-23 15:19 . 2010-09-02 08:20 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-11-23 15:19 . 2010-09-02 08:20 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-11-23 15:19 . 2010-09-02 08:20 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-11-23 15:19 . 2010-11-23 15:52 -------- d-----w- c:\windows\system32\ZoneLabs
2010-11-23 15:16 . 2008-01-17 17:59 713216 -c----w- c:\windows\system32\dllcache\sxs.dll
2010-11-23 15:09 . 2010-11-23 15:09 -------- d-----w- c:\program files\Zone Labs
2010-11-23 15:08 . 2010-11-23 16:01 -------- d-----w- c:\windows\Internet Logs
2010-11-23 15:02 . 2010-11-09 19:33 6273872 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6808C530-F2DF-4655-9E1A-2B2205F7747E}\mpengine.dll
2010-11-23 14:57 . 2010-11-23 14:58 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-23 12:18 . 2010-11-23 12:18 -------- d-----w- c:\documents and settings\Hana\Data aplikací\Motive
2010-11-23 12:16 . 2010-11-23 12:16 -------- d-----w- c:\program files\TO2SAM
2010-11-23 12:15 . 2010-11-23 12:16 -------- d-----w- c:\program files\Common Files\Motive
2010-11-23 12:14 . 2010-11-23 12:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Motive
2010-11-19 09:06 . 2010-11-19 09:06 -------- d-----w- C:\rsit
2010-11-19 09:06 . 2010-11-19 09:06 -------- d-----w- c:\program files\trend micro
2010-11-17 15:54 . 2010-11-23 16:08 -------- d-----w- c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2010-08-27 15:21 222080 ------w- c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 57344]
"wuaucldt"="c:\documents and settings\hana\wuaucldt.exe" [BU]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-10-10 7286784]
"nwiz"="nwiz.exe" [2005-10-10 1519616]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-10-10 86016]
"NVRTCLK"="c:\windows\System32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 40960]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2006-12-08 241664]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
cnju6fvww3i.exe [2010-11-23 43008]
nju6fvww.exe [2010-11-23 43008]
x0y11vq3c.exe [2010-11-23 43008]
yoekvq3cc.exe [2010-11-23 43008]

c:\documents and settings\Hana\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0c3oo3a.exe [2010-11-14 60416]
0dzuk6w.exe [2010-11-16 60416]
0epqb0x.exe [2010-11-13 60416]
0ggbssn.exe [2010-11-23 43008]
0idt9pq.exe [2010-11-19 43008]
0jee6qq.exe [2010-11-17 60416]
0jfavmm.exe [2010-11-16 60416]
0nnezzq.exe [2010-11-13 60416]
0oojaav.exe [2010-11-15 60416]
0uupggb.exe [2010-11-16 60416]
0xc86ue.exe [2010-11-23 43008]
1gccxi3.exe [2010-11-16 60416]
1ze1aww.exe [2010-11-17 60416]
2rmm6yy.exe [2010-11-23 43008]
3gg3ss3.exe [2010-11-14 60416]
3kkfwwr.exe [2010-11-17 60416]
3mm7dze.exe [2010-11-13 60416]
3mmhnje.exe [2010-11-23 43008]
3uupggb.exe [2010-11-13 60416]
3zpqq72.exe [2010-11-14 60416]
4hdttpf.exe [2010-11-15 60416]
5hcnoe0.exe [2010-11-19 43008]
5jp5fwm.exe [2010-11-13 60416]
5p1gbm5.exe [2010-11-13 60416]
60u3gg3.exe [2010-11-13 60416]
60vvrhh.exe [2010-11-22 43008]
675tka5.exe [2010-11-15 60416]
6cc6oo6.exe [2010-11-15 60416]
6ee6qq6.exe [2010-11-14 60416]
6kawmcc.exe [2010-11-22 43008]
6oo6aa6.exe [2010-11-13 60416]
6qq6cc6.exe [2010-11-23 43008]
6uu6gg6.exe [2010-11-23 43008]
6w9i70j.exe [2010-11-14 60416]
70vrmm6.exe [2010-11-16 60416]
71awwri.exe [2010-11-23 43008]
7pqq720.exe [2010-11-14 60416]
870lhcc.exe [2010-11-17 60416]
870rcii.exe [2010-11-16 60416]
8e0u3gg.exe [2010-11-19 43008]
9a1wssn.exe [2010-11-23 43008]
9i1eaav.exe [2010-11-16 60416]
9i70jfa.exe [2010-11-14 60416]
9whnyye.exe [2010-11-16 60416]
a3ccxoojaav.exe [2010-11-23 43008]
aa6mm6otp.exe [2010-11-16 60416]
bw9i70jfa.exe [2010-11-14 60416]
c3oo3aa3.exe [2010-11-13 60416]
cidzkav3rc.exe [2010-11-12 60416]
cyytkkfwwr.exe [2010-11-13 60416]
d75k70lhcc.exe [2010-11-17 60416]
due4bmhhyt.exe [2010-11-19 43008]
duupggbs.exe [2010-11-16 60416]
ee6qq6cc6.exe [2010-11-14 60416]
ekffwrrid.exe [2010-11-13 60416]
ekqwcd5f.exe [2010-11-19 43008]
f6lcxxoo9.exe [2010-11-12 60416]
fa1wssneez.exe [2010-11-13 60416]
faa6mm6yy.exe [2010-11-13 60416]
favrmm3yy3u.exe [2010-11-22 43008]
ffbrrnddzpp.exe [2010-11-13 60416]
g3i70jfaa6m.exe [2010-11-14 60416]
g5h0dyeu.exe [2010-11-13 60416]
g6ss6ee6.exe [2010-11-17 60416]
gwhnyyekw.exe [2010-11-16 60416]
hhi70jfaa6m.exe [2010-11-15 60416]
hsnnezzql.exe [2010-11-13 60416]
hxxtjjfv.exe [2010-11-13 60416]
i1eaavmmhy.exe [2010-11-23 43008]
i3kkfwwriid.exe [2010-11-14 60416]
i60pawr2.exe [2010-11-16 60416]
i70jfaa6m.exe [2010-11-15 60416]
idzkav3r.exe [2010-11-12 60416]
io5p1gbm.exe [2010-11-13 60416]
jfvvmrni.exe [2010-11-17 60416]
jfvvrhhdtt.exe [2010-11-17 60416]
jtepqb0x0n.exe [2010-11-13 60416]
k70lhcc6o.exe [2010-11-16 60416]
lg703yu0k3.exe [2010-11-23 43008]
lm0c30u3.exe [2010-11-13 60416]
lm70njee6q.exe [2010-11-17 60416]
m1d3ka5l.exe [2010-11-15 60416]
m75y76975.exe [2010-11-15 60416]
mc3ii3uu3.exe [2010-11-23 43008]
mh0ddupk0l.exe [2010-11-23 43008]
mhyytkkf.exe [2010-11-13 60416]
mmxojekq3.exe [2010-11-16 60416]
n0jzf3l0h.exe [2010-11-19 43008]
n23uu3gh.exe [2010-11-19 43008]
nddep723.exe [2010-11-12 60416]
neezqqlccxo.exe [2010-11-14 60416]
nezzqllcxx.exe [2010-11-23 43008]
nii6uu6gg6s.exe [2010-11-23 43008]
njue4bmhhy.exe [2010-11-19 43008]
njzzvllhxx.exe [2010-11-23 43008]
nntzavbg.exe [2010-11-19 43008]
no5p1gbm5n.exe [2010-11-13 60416]
no70plgg6s.exe [2010-11-15 60416]
ntjk0a3mm3.exe [2010-11-13 60416]
ny3kfq91s.exe [2010-11-13 60416]
o0pawr26o.exe [2010-11-16 60416]
o3qqlrnii75.exe [2010-11-22 43008]
o5p0llcxxo.exe [2010-11-15 60416]
o6aa6mm6.exe [2010-11-23 43008]
oe3ggbm3y.exe [2010-11-22 43008]
oj3aqg0iio.exe [2010-11-14 60416]
oojaavmm.exe [2010-11-13 60416]
pffbrrnd.exe [2010-11-13 60416]
pfg0w3itjk.exe [2010-11-13 60416]
pggbssneezq.exe [2010-11-13 60416]
pkawmcc4tuk.exe [2010-11-22 43008]
pkk6ww6ii6u.exe [2010-11-17 60416]
ppqq720215f.exe [2010-11-14 60416]
q8703yu0k3w.exe [2010-11-23 43008]
qbc0yyekwm.exe [2010-11-16 60416]
qq3cc30u3aa.exe [2010-11-13 60416]
qq6sc3oo3aa.exe [2010-11-16 60416]
rhi0y3u3ww.exe [2010-11-22 43008]
riiduupggbs.exe [2010-11-15 60416]
rinjzzvl.exe [2010-11-15 60416]
rm1ieezqql.exe [2010-11-17 60416]
rnddzppl.exe [2010-11-13 60416]
s3uu5v0rrid.exe [2010-11-16 60416]
sy5pkll0.exe [2010-11-19 43008]
t0zkfwwri.exe [2010-11-17 60416]
tkkfwmcc.exe [2010-11-22 43008]
too6aa6ch.exe [2010-11-17 60416]
too6aa6mm6y.exe [2010-11-23 43008]
tpkk6ww6.exe [2010-11-17 60416]
ttpffbrrndd.exe [2010-11-15 60416]
tze1awwrii.exe [2010-11-17 60416]
u1qmmhyy.exe [2010-11-23 43008]
u1qmmhyytk.exe [2010-11-16 60416]
u5v0rriddu.exe [2010-11-23 43008]
uka006u3k9.exe [2010-11-19 43008]
upggbsstek.exe [2010-11-16 60416]
v0rriddup.exe [2010-11-15 60416]
va3mm3yy.exe [2010-11-15 60416]
vbrs0jj60a.exe [2010-11-13 60416]
vmmhyytk.exe [2010-11-17 60416]
vq1cnii3uu.exe [2010-11-16 60416]
vq1miiduup.exe [2010-11-16 60416]
vqq6cc6oo6a.exe [2010-11-23 43008]
w1soojaa.exe [2010-11-15 60416]
wr0nnezzql.exe [2010-11-13 60416]
xd0zzqllc.exe [2010-11-13 60416]
xoojaa5b0xx.exe [2010-11-16 60416]
xtjjfvvm.exe [2010-11-17 60416]
xtoo6aa6.exe [2010-11-17 60416]
y5p0vmm5n0.exe [2010-11-16 60416]
ydezpqb0xs.exe [2010-11-13 60416]
yjpu3gg3ss.exe [2010-11-13 60416]
z0fbww6ii.exe [2010-11-23 43008]
z26wrrid.exe [2010-11-15 60416]
zkffwrrid.exe [2010-11-15 60416]
zuu6gg6ss6e.exe [2010-11-13 60416]
zvllhxxt.exe [2010-11-13 60416]
zvqq6cc6.exe [2010-11-16 60416]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.8.2008 12:50 717296]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [3.7.2008 10:33 14848]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [3.7.2008 10:33 9984]
S2 eiiau5yqpeaeyuop;Blue Coat K9 Web Protection;c:\windows\system32\jemmequypuqu.exe --> c:\windows\system32\jemmequypuqu.exe [?]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [3.7.2008 10:33 17408]
.
Obsah adresáře 'Naplánované úlohy'

2010-11-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]

2010-11-23 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.03\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.03\MediaManager\grab.html
FF - ProfilePath - c:\documents and settings\Hana\Data aplikací\Mozilla\Firefox\Profiles\n50e81x7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Hana\Data aplikací\Mozilla\Firefox\Profiles\n50e81x7.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 17:12
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3808)
c:\windows\system32\msi.dll
c:\windows\System32\msimtf.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\genius\ioCentre\gMouseTask.exe
c:\genius\ioCentre\gKbdTask.exe
c:\genius\ioCentre\gAutoPan.exe
c:\genius\ioCentre\gAutoScroll.exe
c:\genius\ioCentre\gZoom.exe
c:\genius\ioCentre\gMGlass.exe
c:\genius\ioCentre\gIMMgm.exe
c:\genius\ioCentre\gDeskMgm.exe
c:\genius\ioCentre\gTaskSwitch.exe
.
**************************************************************************
.
Celkový čas: 2010-11-23 17:17:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-23 16:17
ComboFix2.txt 2010-11-23 13:21

Před spuštěním: 4 939 841 536
Po spuštění: 4 895 875 072

- - End Of File - - ED05154044194184697D0E25CE9AE14E

#6 Příspěvek od **vyosek** » 23 lis 2010 17:29

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wuaucldt"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Hana\Local Settings\Temporary Internet Files\Content.IE5\Z7WADBEK\P17535732.JPG-www.facebook[1].exe"=-

:filesc:\documents and settings\Hana\Nabídka Start\Programy\Po spuštění\*.exe
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\*.exe
c:\documents and settings\hana\wuaucldt.exe
C:\Documents and Settings\Hana\Local Settings\Temporary Internet Files\Content.IE5\Z7WADBEK\P17535732.JPG-www.facebook[1].exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Sem pote dejte obsah okna Results (pod zelenou carou)
Pokud budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles

bmwacs · #7 Příspěvek od **bmwacs** » 23 lis 2010 18:19

Files moved on Reboot...
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#8 Příspěvek od **vyosek** » 23 lis 2010 19:11

Otevrete si poznamkovy blok

Start->spustit->notepad
Vlozte text nize

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wuaucldt"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Hana\Local Settings\Temporary Internet Files\Content.IE5\Z7WADBEK\P17535732.JPG-www.facebook[1].exe"=-

Soubor ulozte jako oprava.reg
Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
Zavrit notepad a spustit dvojklikem oprava.reg
Pripadny dotaz na zmenu registru potvrdte
Okno jen problikne a opravi regsitry - soubor muzete smazat

Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) a pouzijte pro OTM tento skript - log pak sem

Kód: Vybrat vše

:files
c:\documents and settings\Hana\Nabídka Start\Programy\Po spuštění\*.exe
c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\*.exe
c:\documents and settings\hana\wuaucldt.exe
C:\Documents and Settings\Hana\Local Settings\Temporary Internet Files\Content.IE5\Z7WADBEK\P17535732.JPG-www.facebook[1].exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

bmwacs · #9 Příspěvek od **bmwacs** » 05 pro 2010 13:12

v nouzovém režimu to hodilo chybu něco se systémem windoes 32 nepodařil se screen nešlo nic.

All processes killed
========== FILES ==========
File/Folder c:\documents and settings\Hana\Nabídka Start\Programy\Po spuštění\*.exe not found.
File/Folder c:\documents and settings\Administrator\Nabídka Start\Programy\Po spuštění\*.exe not found.
File/Folder c:\documents and settings\hana\wuaucldt.exe not found.
File/Folder C:\Documents and Settings\Hana\Local Settings\Temporary Internet Files\Content.IE5\Z7WADBEK\P17535732.JPG-www.facebook[1].exe not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
C:\WINDOWS\temp\ZLT05009.TMP moved successfully.
File move failed. C:\WINDOWS\temp\ZLT0641a.TMP scheduled to be moved on reboot.
========== COMMANDS ==========
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.

#10 Příspěvek od **vyosek** » 05 pro 2010 13:39

Dejte mi prosim novy log z RSITu

bmwacs · #11 Příspěvek od **bmwacs** » 05 pro 2010 13:47

Logfile of random's system information tool 1.08 (written by random/random)
Run by Hana at 2010-12-05 13:47:06
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (15%) free of 30 GB
Total RAM: 959 MB (50% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}]
vShare Plugin - C:\Program Files\vShare\vshare_toolbar.dll [2010-10-20 481872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2C688203-7EB3-4327-9995-1CB417BA23F9} - BS.Player ControlBar - C:\Program Files\BS.Player ControlBar\BSToolbar.dll [2008-08-13 757192]
{043C5167-00BB-4324-AF7E-62013FAEDACF} - vShare Plugin - C:\Program Files\vShare\vshare_toolbar.dll [2010-10-20 481872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-09-22 90112]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2005-10-10 7286784]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2005-10-10 86016]
"NVRTCLK"=C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe [2003-12-30 24576]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe [2005-11-29 40960]
"ioCentre"=C:\Genius\ioCentre\gTaskBar.exe [2006-12-08 241664]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-09-15 1094224]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-09-02 1043968]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe [2005-11-29 57344]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-12-05 13:06:32 ----A---- C:\otm.txt
2010-11-29 12:29:26 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-11-27 20:11:16 ----D---- C:\Documents and Settings\Hana\Data aplikací\vShare
2010-11-27 20:11:12 ----D---- C:\Program Files\vShare
2010-11-26 22:47:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-11-23 19:39:53 ----SHD---- C:\RECYCLER
2010-11-23 18:12:59 ----D---- C:\_OTM
2010-11-23 18:07:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Motive
2010-11-23 17:17:52 ----D---- C:\WINDOWS\temp
2010-11-23 17:17:50 ----A---- C:\ComboFix.txt
2010-11-23 16:39:05 ----D---- C:\7da30aee9737780cebabd4605d50
2010-11-23 16:22:12 ----D---- C:\Documents and Settings\Hana\Data aplikací\CheckPoint
2010-11-23 16:20:16 ----D---- C:\Program Files\CheckPoint
2010-11-23 16:20:01 ----A---- C:\WINDOWS\system32\vsregexp.dll
2010-11-23 16:19:52 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-11-23 16:19:52 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-11-23 16:19:41 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-11-23 16:19:39 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-11-23 16:19:39 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-11-23 16:19:38 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-11-23 16:19:38 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-11-23 16:19:37 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-11-23 16:19:34 ----A---- C:\WINDOWS\system32\vsdatant.sys
2010-11-23 16:18:16 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-11-23 16:18:16 ----A---- C:\WINDOWS\system32\vsinit.dll
2010-11-23 16:18:16 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-11-23 16:16:45 ----HDC---- C:\WINDOWS\$NtUninstallKB943232$
2010-11-23 16:09:54 ----D---- C:\Program Files\Zone Labs
2010-11-23 16:08:49 ----D---- C:\WINDOWS\Internet Logs
2010-11-23 15:57:45 ----D---- C:\Program Files\Microsoft Security Essentials
2010-11-23 14:48:06 ----A---- C:\Boot.bak
2010-11-23 14:48:02 ----RASHD---- C:\cmdcons
2010-11-23 14:21:27 ----A---- C:\log.txt
2010-11-23 14:04:38 ----A---- C:\WINDOWS\zip.exe
2010-11-23 14:04:38 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-11-23 14:04:38 ----A---- C:\WINDOWS\SWSC.exe
2010-11-23 14:04:38 ----A---- C:\WINDOWS\SWREG.exe
2010-11-23 14:04:38 ----A---- C:\WINDOWS\sed.exe
2010-11-23 14:04:38 ----A---- C:\WINDOWS\PEV.exe
2010-11-23 14:04:38 ----A---- C:\WINDOWS\NIRCMD.exe
2010-11-23 14:04:38 ----A---- C:\WINDOWS\MBR.exe
2010-11-23 14:04:38 ----A---- C:\WINDOWS\grep.exe
2010-11-23 14:04:33 ----D---- C:\WINDOWS\ERDNT
2010-11-23 13:49:24 ----D---- C:\Qoobox
2010-11-23 13:41:43 ----SHD---- C:\WINDOWS\CSC
2010-11-23 12:45:10 ----RA---- C:\Documents and Settings\Hana\Data aplikací\hDlkH.txt
2010-11-22 19:33:58 ----RA---- C:\Documents and Settings\Hana\Data aplikací\k6jLC.txt
2010-11-22 19:33:58 ----RA---- C:\Documents and Settings\Hana\Data aplikací\BG0Ai.txt
2010-11-19 10:06:32 ----D---- C:\rsit
2010-11-19 10:06:32 ----D---- C:\Program Files\trend micro

======List of files/folders modified in the last 1 months======

2010-12-05 13:47:14 ----D---- C:\WINDOWS\Prefetch
2010-12-05 13:15:00 ----D---- C:\WINDOWS\Debug
2010-12-05 13:15:00 ----D---- C:\WINDOWS
2010-12-05 13:12:29 ----SD---- C:\WINDOWS\Tasks
2010-12-05 13:07:22 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-05 13:00:15 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-12-05 12:43:50 ----D---- C:\WINDOWS\system32
2010-12-05 12:43:46 ----SHD---- C:\WINDOWS\Installer
2010-11-30 22:32:41 ----AC---- C:\WINDOWS\NeroDigital.ini
2010-11-30 09:52:15 ----D---- C:\WINDOWS\AppPatch
2010-11-29 15:26:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-11-29 12:30:51 ----D---- C:\WINDOWS\system32\CatRoot
2010-11-29 12:30:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-29 12:30:09 ----HD---- C:\WINDOWS\inf
2010-11-29 12:28:54 ----D---- C:\Program Files\Windows Media Player
2010-11-29 12:28:51 ----D---- C:\WINDOWS\Help
2010-11-27 20:11:12 ----RD---- C:\Program Files
2010-11-26 22:41:14 ----SD---- C:\WINDOWS\system32\Microsoft
2010-11-23 18:25:24 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-23 18:07:41 ----D---- C:\Program Files\Common Files
2010-11-23 17:17:52 ----D---- C:\WINDOWS\system32\drivers
2010-11-23 17:11:29 ----A---- C:\WINDOWS\system.ini
2010-11-23 17:09:35 ----D---- C:\WINDOWS\system32\config
2010-11-23 16:39:15 ----AC---- C:\WINDOWS\system32\MRT.exe
2010-11-23 16:08:29 ----D---- C:\WINDOWS\WinSxS
2010-11-23 15:57:16 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-11-23 15:57:08 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-11-23 15:54:21 ----D---- C:\Program Files\CCleaner
2010-11-23 14:48:06 ----RASH---- C:\boot.ini
2010-11-19 13:34:25 ----D---- C:\WINDOWS\network diagnostic
2010-11-19 10:15:30 ----D---- C:\Documents and Settings\Hana\Data aplikací\Skype
2010-11-17 16:58:15 ----D---- C:\Program Files\Software Informer
2010-11-17 16:54:29 ----D---- C:\Documents and Settings

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-04-23 36624]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-04-04 48640]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-04-14 19968]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-08-24 717296]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-09-10 5632]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680]
R3 gHidPnp;USB Device Enhanced Function Driver; C:\WINDOWS\System32\Drivers\gHidPnp.Sys [2006-07-14 14848]
R3 gMouUsb;USB Mouse Device Drv; C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [2006-07-14 9984]
R3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-10-10 3530432]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 gMouPS2;PS2 Scroll Mouse Device; C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [2006-07-12 17408]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2005-10-10 131139]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-09-02 2435592]
S2 eiiau5yqpeaeyuop;Blue Coat K9 Web Protection; C:\WINDOWS\system32\jemmequypuqu.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]

-----------------EOF-----------------

#12 Příspěvek od **vyosek** » 05 pro 2010 14:05

Stahnete Avenger (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize

Kód: Vybrat vše

Files to delete:
C:\WINDOWS\system32\jemmequypuqu.exe

Drivers to delete:
eiiau5yqpeaeyuop

Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | QuickTime Task

Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt

bmwacs · #13 Příspěvek od **bmwacs** » 05 pro 2010 14:22

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\WINDOWS\system32\jemmequypuqu.exe" not found!
Deletion of file "C:\WINDOWS\system32\jemmequypuqu.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Driver "eiiau5yqpeaeyuop" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|QuickTime Task" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

#14 Příspěvek od **vyosek** » 05 pro 2010 14:29

Odinstalujte Combofix

Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
Napiste ComboFix /Uninstall
Stisknete Enter
Tohle smaze Combofix a jeho slozky

T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

Napiste jak se chova PC

#15 Příspěvek od **vyosek** » 05 pro 2010 14:39

Vsak jsem se o tom zminoval ze jej nektere AV vyhodnocuji jako trojana - jedna se o chybnou detekci...

vyosek píše: T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
Stahnete a spustte

Pro potvrzeni volby mackejte A, Enter

Po pouziti utilitu smazte

Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

VIRY.CZ

Prosím o kontrolu

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu