nejde už téměř nic

[blazenka]

no a z těma fleškama sem si moc fandila, ten malware z nich nejde smazat piše mi to jen že to zastavilo hrozbu ale že na nich nic není (jsou tam dva skryty soubory a jedna složka co nejdou smazat - teda jdou ale zas se tam samy objeví):-/

[vyosek]

Zatim to neprenasejte at nenakazite i ten druhy PC. Neco malo pomazem pres OTL a pak tam pustime dalsi nastroj

Spustte znovu OTL

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]
  
  :otl
  PRC - [2011.02.16 17:45:50 | 000,385,024 | RHS- | M] () -- C:\Documents and Settings\Mike\Microsoft-Driver-1-85-45488-2348-1467\wincdsvn.exe
  SRV - File not found [Auto | Stopped] -- -- (CesarFTP)
  SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
  SRV - [2011.01.30 15:26:33 | 000,365,056 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\WINDOWS\system32\sshnas21.dll -- (SSHNAS)
  SRV - [2004.08.18 13:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)
  DRV - [2010.12.19 14:51:47 | 000,040,128 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\tgratapj.sys -- (tgratapj)
  FF - prefs.js..browser.search.selectedEngine: "Google Search Community"
  FF - prefs.js..browser.startup.homepage: "http://search.speedbit.com/"
  FF - prefs.js..extensions.enabledItems: googleplusvideos@googleplusvideos.com:1.0
  FF - prefs.js..keyword.URL: "http://search.speedbit.com/searchresults.asp?src=default&q="
  [2009.03.05 18:26:50 | 000,002,383 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seekapp122.xml
  [2009.03.05 18:29:35 | 000,002,386 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seekapp123.xml
  [2009.03.11 16:00:10 | 000,002,386 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seekapp125.xml
  O3 - HKLM\..\Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.
  O3 - HKU\S-1-5-21-606747145-1788223648-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {60270DC7-9EA0-472F-9B77-66652C06246E} - No CLSID value found.
  O3 - HKU\S-1-5-21-606747145-1788223648-839522115-1004\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  O4 - HKU\S-1-5-21-606747145-1788223648-839522115-1004..\Run: [MicrosoftRTDriver] File not found
  O4 - HKU\S-1-5-21-606747145-1788223648-839522115-1004..\Run: [MSConfig] File not found
  O4 - HKU\S-1-5-21-606747145-1788223648-839522115-1004..\Run: [MSDNMService] File not found
  O4 - HKU\S-1-5-21-606747145-1788223648-839522115-1004..\Run: [WindowsLiveUpdateService] File not found
  O4 - Startup: C:\Documents and Settings\Mike\Nabídka Start\Programy\Po spuštění\Quick'n Easy FTP Server.lnk = C:\Documents and Settings\Mike\Local Settings\Temp\_AZTMP1_\Exec\FTPServer.exe (Pablo Software Solutions)
  O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - Reg Error: Key error. File not found
  O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - Reg Error: Key error. File not found
  O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - Reg Error: Key error. File not found
  O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - Reg Error: Key error. File not found
  O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - Reg Error: Key error. File not found
  O9 - Extra Button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
  O33 - MountPoints2\{0b88d064-bbc8-11de-9802-001346b221a1}\Shell - "" = AutoRun
  O33 - MountPoints2\{18e169f8-f013-11df-9925-001346b221a1}\Shell - "" = AutoRun
  O33 - MountPoints2\{ac410e07-e4c0-11dd-9629-001346b221a1}\Shell - "" = AutoRun
  [2011.02.16 17:45:51 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Mike\Microsoft-Driver-1-85-45488-2348-1467
  [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  [2011.02.16 17:14:18 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1788223648-839522115-1004UA.job
  [2011.02.14 21:25:34 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1788223648-839522115-1004Core.job
  [2010.12.20 05:52:48 | 000,225,280 | ---- | C] () -- C:\Documents and Settings\Mike\Data aplikací\chrtmp
  [2010.12.19 14:51:47 | 000,040,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\tgratapj.sys
  [2010.12.19 14:13:13 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mike\Data aplikací\GJ6AC1NGjh.txt
  [2010.12.19 14:02:08 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mike\Data aplikací\dg6Ce1LFkK.txt
  [2010.12.18 17:29:42 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Mike\Data aplikací\wincbdrv32.txt
  [2010.12.18 17:29:35 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mike\Data aplikací\f1mHMIJdJm.txt
  [2010.12.13 21:49:58 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Mike\Data aplikací\msnsvconfig.txt
  @Alternate Data Stream - 514613 bytes -> C:\WINDOWS\Temp:temp
  @Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:الهريرة
  @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A9662AE0
  
  :files
  C:\Documents and Settings\Mike\Microsoft-Driver-1-85-45488-2348-1467
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp /s

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[blazenka]

opět nemužu pracovat v PC, stejný jako předtím, sekne se...přitom je to nastavený z CD.....

[vyosek]

A nacte se Vam z toho CD

[blazenka]

jo to nevim...popišu presne: v biosu je nastaveny first boot device z cd-rom(už to tak bylo)....pak jak se to načita tak to piše boot z cd....pak naskočí ta obrazovka kde je výběr OS a možnost řešení problému (kde ale nemužu nic delat tlačitka nefungují) spustí se ten s bootscreenem, vítejte, najede plocha na kt nemužu nic delat (zkoušel sem to CD dat do všech mechanik, nevim totiž ktera je prioritni) ...predtim to vypadalo stejne akorat se na ty ploše dalo pracovat

[vyosek]

Dle meho je spatne vypalene ten hirens boot, nebo byla jste v nem - melo by to by takove mini XP, mela jste tam programy jako Combofix, Drweb cure IT apod

Jak mate stahly ten hirens boot CD, tak jste jej rozbalila a jak jste jej vypalila na CD

[blazenka]

žadny mini XP jsem nevidela (teda ani nevim co si mam predstavit) ty programy taky ne
stahla sem zip složku tu sem rozbalila a v ty složce bylo šest souboru a ten nejvetší sem vypálila na CD - hirens boot CD13.1 )soubor ISO
vypálilo se to podle průvodce co byl v notasu nainstalovanej a samo to vyjelo z mechaniky a napsalo dokončeno (z nabízených formátů sem vybrala ten nepřepisovatelnej - pak tam byl ete format co by mel dovolovat mazani z disku bylo to popsany tak že by se ten disk měl chovat jako fleška.....

[vyosek]

Asi je spatne vypaleny, kdyz date to CD do mechaniky - v tom PC co Vam funguje, tak jsou tam nejake soubory nebo jen to ISO

Prectete si prosim soukromou zpravu

[vyosek]

Probehla komunikace na icq, takze log co zde je, je jen pro zasvecene

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  c:\program files (x86)\ICQ6Toolbar
  c:\users\Blaženka\Microsoft-Driver-1-85-45488-2348-1467
  
  Driver::
  ICQ Service
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Google Update"=-
  "Microsoft(R)UpdateManager"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  
  Firefox::
  FF - ProfilePath - c:\users\Blaženka\AppData\Roaming\Mozilla\Firefox\Profiles\3mv572fx.default\
  FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
  FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
  FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci