VIRY.CZ

Ohledne te Opery - je potreba odstranit proxy

NÁSTROJE -> NASTAVENÍ -> záložka POKROČILÉ VOLBY -> v levém sloupečku klikněte na PŘIPOJENÍ -> klik na SERVER PROXY - odkliknout pokud je neco zaskrtnute

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  DDS::
  uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
  uInternet Connection Wizard,ShellNext = iexplore
  uInternet Settings,ProxyServer = http=127.0.0.1:50505
  
  Driver::
  Akamai
  ICQ Service
  gupdate
  gupdatem
  XDva341
  XDva343
  XDva346
  XDva347
  XDva349
  XDva352
  XDva358
  XDva359
  XDva370
  XDva375
  XDva380
  XDva385
  XDva386
  XDva387
  
  NetSvc::
  Akamai
  
  File::
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\program files\Softonic-Eng7\prxtbSof0.dll
  
  Folder::
  c:\program files\ICQ6Toolbar
  "c:\windows\update.tray-2-0
  c:\windows\av_ico
  c:\windows\update.tray-2-0-lnk
  c:\windows\update.tray-7-0
  c:\windows\update.tray-7-0-lnk
  
  Registry::
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "1033:TCP"=-
  "5000:UDP"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "FirewallOverride"=dword:00000000
  "DisableThumbnailCache"=dword:00000000
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "QuickTime Task"=-
  "DivXUpdate"=-
  "tray_ico1"=-
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "BitTorrent DNA"=-
  "DAEMON Tools Lite"=-
  "AlcoholAutomount"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"=-
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"=-
  "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"=-
  "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
  
  Collect::
  c:\windows\update.tray-2-0\svchost.exe
  c:\program files\Internet Explorer\conhost.exe
  c:\windows\gbot111.exe
  c:\program files\Windows NT\dwm.exe
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ahoj...mam tu istu havet co mal aj dotycny predomnou
spustil som RSIT a tu je vypis


//EDIT vyosek: log odmaznut aby nematl

Dobry den mam uplne ten stejny pripad jako Tomas s tim fb a i stim ze kdyz jsem zapl pocitac nenabehl mi ale v kazdym rohu jsem mel napis nouzovy rezim a neslo nic delat.. az na to ze se s Tomasem lisim v tom ze kdyz jsem to vypnul a zase zapnul tak se mi zase objevila cerna obrazovka a v rozich napisy nouzovy rezim a takhle je to porad dokola nevite nekdo co s tim? dekuju moc

jurys22 píše:Dobry den mam uplne ten stejny pripad jako Tomas s tim fb a i stim ze kdyz jsem zapl pocitac nenabehl mi ale v kazdym rohu jsem mel napis nouzovy rezim a neslo nic delat.. az na to ze se s Tomasem lisim v tom ze kdyz jsem to vypnul a zase zapnul tak se mi zase objevila cerna obrazovka a v rozich napisy nouzovy rezim a takhle je to porad dokola nevite nekdo co s tim? dekuju moc

Zdravím jurys22 a vítám Tě u nás na fóru.

Přečti si prosím pečlivě pravidla tohoto fóra!

Pak si založ nové téma (thread) a do něj vlož log ze RSITu podle tohoto návodu -> u nás platí, že každý uživatel má na svůj problém své vlastní téma. Takhle by tu byl jen zmatek.

Děkuji za pochopení a omlouvám se moderátorovi vyosek za vstup.

Totéž platí i pro usera fingolfin22, spamera si vyosek smaže.

Dekuji kolegove za zaskok

Není zač

tomy51 pak pokracujte timto http://viry.cz/forum/viewtopic.php?p=1004870#p1004870 , omlouvam se jmenem fora za komplikace

mam tu takovi mensi problem ,mam antivirak avast a nejde vipnout ani do jeho menu se nemuzu dostat neco mi predtim psal a vubec nic jinyho nedelal

tak uz sme to vyresil a tady je ten log

ComboFix 11-07-15.03 - Moje 20.07.2011 14:24:57.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1448 [GMT 2:00]
Spuštěný z: c:\documents and settings\Moje\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Moje\Plocha\CFScript.lnk
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Moje\LOCALS~1\Temp\9284407.exe
c:\documents and settings\Moje\Data aplikací\dwm.exe
c:\documents and settings\Moje\Data aplikací\Microsoft\conhost.exe
C:\Microsoft
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\proc_list1.log
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\TEMP\6586545.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Legacy_srvbtcclient
-------\Legacy_srvbtcclient
-------\Service_srvbtcclient
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-20 do 2011-07-20 )))))))))))))))))))))))))))))))
.
.
2011-07-15 20:08 . 2011-07-15 20:08 -------- d-----w- c:\windows\rpcminer
2011-07-15 20:08 . 2011-07-15 20:08 -------- d-----w- c:\windows\ufa
2011-07-15 20:08 . 2011-07-15 20:08 -------- d-----w- c:\windows\phoenix
2011-07-15 20:08 . 2011-07-19 13:14 246272 ----a-w- c:\windows\unrar.exe
2011-07-15 20:05 . 2011-07-16 09:25 -------- d-----w- c:\program files\trend micro
2011-07-15 20:05 . 2011-07-15 20:06 -------- d-----w- C:\rsit
2011-07-15 19:36 . 2011-07-15 19:36 180224 ----a-w- c:\program files\Windows NT\dwm.exe
2011-07-15 19:35 . 2011-07-16 10:51 169472 ----a-w- c:\program files\Internet Explorer\conhost.exe
2011-07-15 19:35 . 2011-07-16 10:50 169472 ----a-w- c:\windows\gbot111.exe
2011-07-15 19:34 . 2011-07-15 19:34 -------- d-----w- c:\windows\av_ico
2011-07-15 19:30 . 2011-07-15 19:30 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-15 19:30 . 2011-07-15 19:30 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-15 19:30 . 2011-07-16 10:18 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-15 19:30 . 2011-07-15 19:30 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-15 19:27 . 2011-07-15 19:27 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-15 04:37 . 2011-07-15 04:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\boost_interprocess
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 04:38 . 2011-05-17 14:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2009-06-08 10:08 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-30 20:07 . 2010-11-16 19:35 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-29 17:25 . 2004-08-18 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2004-08-18 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 15:45 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:45 . 2004-08-18 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:45 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:45 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2004-08-18 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-18 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-16_10.28.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-20 12:34 . 2011-07-20 12:34 16384 c:\windows\Temp\Perflib_Perfdata_16c.dat
+ 2009-06-08 11:57 . 2011-07-20 12:18 121336 c:\windows\system32\FNTCACHE.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"Steam"="f:\steam\Steam.exe" [2011-02-08 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-17 17508864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"tray_ico1"="c:\windows\update.tray-2-0\svchost.exe" [2011-07-15 1170432]
"sysdriver32.exe"="c:\windows\sysdriver32.exe" [BU]
"sysdriver32_.exe"="c:\windows\sysdriver32_.exe" [BU]
"l1rezerv.exe"="c:\windows\l1rezerv.exe" [BU]
"systemup"="c:\windows\systemup.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Moje\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"f:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\STEAM\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"=
"c:\\WINDOWS\\update.tray-7-0-lnk\\svchost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"59070:TCP"= 59070:TCP:Pando Media Booster
"59070:UDP"= 59070:UDP:Pando Media Booster
"56760:TCP"= 56760:TCP:Pando Media Booster
"56760:UDP"= 56760:UDP:Pando Media Booster
"6883:TCP"= 6883:TCP:Blizzard Downloader: 6883
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.6.2009 21:04 436792]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [18.8.2004 14:00 14336]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [28.1.2010 18:20 246520]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 0:06 49152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20.4.2011 16:08 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8.6.2009 12:41 1684736]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20.4.2011 16:08 135664]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 13:29 162176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S3 XDva341;XDva341;\??\c:\windows\system32\XDva341.sys --> c:\windows\system32\XDva341.sys [?]
S3 XDva343;XDva343;\??\c:\windows\system32\XDva343.sys --> c:\windows\system32\XDva343.sys [?]
S3 XDva346;XDva346;\??\c:\windows\system32\XDva346.sys --> c:\windows\system32\XDva346.sys [?]
S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva358;XDva358;\??\c:\windows\system32\XDva358.sys --> c:\windows\system32\XDva358.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva386;XDva386;\??\c:\windows\system32\XDva386.sys --> c:\windows\system32\XDva386.sys [?]
S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 14:08]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 14:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:50505
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 93.91.144.100 212.80.67.98
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Opera 11.50.1074 - f:\opera\Opera.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-20 14:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3052)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-20 14:41:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-20 12:41
ComboFix2.txt 2011-07-16 10:34
.
Před spuštěním: Volných bajtů: 24 176 549 888
Po spuštění: Volných bajtů: 24 170 762 240
.
- - End Of File - - E679E7DF3E10F94AECEDAB6AC2BC7211

Omlouvam se za zpozdeni, pracovni povinnosti

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  DDS::
  uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
  uInternet Settings,ProxyServer = http=127.0.0.1:50505
  
  File::
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\program files\Softonic-Eng7\prxtbSof0.dll
  
  Driver::
  XDva341
  XDva343
  XDva346
  XDva347
  XDva349
  XDva352
  XDva358
  XDva359
  XDva370
  XDva375
  XDva380
  XDva385
  XDva386
  Akamai
  gupdate
  gupdatem
  ICQ Service
  
  NetSvc::
  Akamai
  
  Folder::
  c:\program files\ICQ6Toolbar
  c:\windows\update.tray-2-0
  c:\windows\rpcminer
  c:\windows\ufa
  c:\windows\av_ico
  c:\windows\update.tray-2-0
  c:\windows\update.tray-2-0-lnk
  c:\windows\update.tray-7-0
  c:\windows\update.tray-7-0-lnk
  
  Registry::
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "1034:TCP"=-
  "5000:UDP"=-
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "c:\\WINDOWS\\update.tray-7-0-lnk\\svchost.exe"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "DisableThumbnailCache"=dword:00000000
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "QuickTime Task"=-
  "DivXUpdate"=-
  "tray_ico1"=-
  "sysdriver32.exe"=-
  "sysdriver32_.exe"=-
  "l1rezerv.exe"=-
  "systemup"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"=-
  [-HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"=-
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
  "netsvcs"=hex(7):36,74,6F,34,00,41,70,70,4D,67,6D,74,00,41,\
    75,64,69,6F,53,72,76,00,42,72,6F,77,73,65,72,00,43,72,79,70,74,53,76,\
    63,00,44,4D,53,65,72,76,65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,\
    76,65,6E,74,53,79,73,74,65,6D,00,46,61,73,74,55,73,65,72,53,77,69,74,\
    63,68,69,6E,67,43,6F,6D,70,61,74,69,62,69,6C,69,74,79,00,48,69,64,53,\
    65,72,76,00,49,61,73,00,49,70,72,69,70,00,49,72,6D,6F,6E,00,4C,61,6E,\
    6D,61,6E,53,65,72,76,65,72,00,4C,61,6E,6D,61,6E,57,6F,72,6B,73,74,61,\
    74,69,6F,6E,00,4D,65,73,73,65,6E,67,65,72,00,4E,65,74,6D,61,6E,00,4E,\
    6C,61,00,4E,74,6D,73,73,76,63,00,4E,57,43,57,6F,72,6B,73,74,61,74,69,\
    6F,6E,00,4E,77,73,61,70,61,67,65,6E,74,00,52,61,73,61,75,74,6F,00,52,\
    61,73,6D,61,6E,00,52,65,6D,6F,74,65,61,63,63,65,73,73,00,53,63,68,65,\
    64,75,6C,65,00,53,65,63,6C,6F,67,6F,6E,00,53,45,4E,53,00,53,68,61,72,\
    65,64,61,63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,\
    73,72,76,00,54,68,65,6D,65,73,00,54,72,6B,57,6B,73,00,57,33,32,54,69,\
    6D,65,00,57,5A,43,53,56,43,00,57,6D,69,00,57,6D,64,6D,50,6D,53,70,00,77,\
    69,6E,6D,67,6D,74,00,77,73,63,73,76,63,00,78,6D,6C,70,72,6F,76,00,6E,\
    61,70,61,67,65,6E,74,00,68,6B,6D,73,76,63,00,42,49,54,53,00,77,75,61,\
    75,73,65,72,76,00,53,68,65,6C,6C,48,57,44,65,74,65,63,74,69,6F,6E,00,68,\
    65,6C,70,73,76,63,00,57,6D,64,6D,50,6D,53,4E,00,00
  
  Collect::
  c:\windows\systemup.exe
  c:\windows\l1rezerv.exe
  c:\windows\sysdriver32_.exe
  c:\windows\sysdriver32.exe
  c:\windows\unrar.exe
  c:\program files\Windows NT\dwm.exe
  c:\program files\Internet Explorer\conhost.exe
  c:\windows\gbot111.exe
  
  Reboot::
  

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

zde je zadany log

ComboFix 11-07-15.03 - Moje 21.07.2011 8:08.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1450 [GMT 2:00]
Spuštěný z: c:\documents and settings\Moje\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Moje\Plocha\CFScript.lnk
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\proc_list1.log
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-21 do 2011-07-21 )))))))))))))))))))))))))))))))
.
.
2011-07-15 20:08 . 2011-07-15 20:08 -------- d-----w- c:\windows\rpcminer
2011-07-15 20:08 . 2011-07-15 20:08 -------- d-----w- c:\windows\ufa
2011-07-15 20:08 . 2011-07-15 20:08 -------- d-----w- c:\windows\phoenix
2011-07-15 20:08 . 2011-07-19 13:14 246272 ----a-w- c:\windows\unrar.exe
2011-07-15 20:05 . 2011-07-16 09:25 -------- d-----w- c:\program files\trend micro
2011-07-15 20:05 . 2011-07-15 20:06 -------- d-----w- C:\rsit
2011-07-15 19:36 . 2011-07-15 19:36 180224 ----a-w- c:\program files\Windows NT\dwm.exe
2011-07-15 19:35 . 2011-07-16 10:51 169472 ----a-w- c:\program files\Internet Explorer\conhost.exe
2011-07-15 19:35 . 2011-07-16 10:50 169472 ----a-w- c:\windows\gbot111.exe
2011-07-15 19:34 . 2011-07-15 19:34 -------- d-----w- c:\windows\av_ico
2011-07-15 19:30 . 2011-07-15 19:30 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-15 19:30 . 2011-07-15 19:30 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-15 19:30 . 2011-07-16 10:18 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-15 19:30 . 2011-07-15 19:30 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-15 19:27 . 2011-07-15 19:27 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-15 04:37 . 2011-07-15 04:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\boost_interprocess
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 04:38 . 2011-05-17 14:25 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2009-06-08 10:08 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-30 20:07 . 2010-11-16 19:35 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-29 17:25 . 2004-08-18 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2004-08-18 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 15:45 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:45 . 2004-08-18 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:45 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 15:45 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01 . 2004-08-18 12:00 389120 ----a-w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Softonic-Eng7\prxtbSof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"Steam"="f:\steam\Steam.exe" [2011-02-08 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-17 17508864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"tray_ico1"="c:\windows\update.tray-2-0\svchost.exe" [2011-07-15 1170432]
"sysdriver32.exe"="c:\windows\sysdriver32.exe" [BU]
"sysdriver32_.exe"="c:\windows\sysdriver32_.exe" [BU]
"l1rezerv.exe"="c:\windows\l1rezerv.exe" [BU]
"systemup"="c:\windows\systemup.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Moje\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"f:\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\STEAM\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"=
"c:\\WINDOWS\\update.tray-7-0-lnk\\svchost.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"f:\\World of Warcraft\\Wow.exe"=
"c:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"59070:TCP"= 59070:TCP:Pando Media Booster
"59070:UDP"= 59070:UDP:Pando Media Booster
"56760:TCP"= 56760:TCP:Pando Media Booster
"56760:UDP"= 56760:UDP:Pando Media Booster
"6883:TCP"= 6883:TCP:Blizzard Downloader: 6883
"4399:TCP"= 4399:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.6.2009 21:04 436792]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [18.8.2004 14:00 14336]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [28.1.2010 18:20 246520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20.4.2011 16:08 135664]
S2 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?]
S2 srvsysdriver32;srvsysdriver32;c:\windows\sysdriver32.exe srv --> c:\windows\sysdriver32.exe srv [?]
S2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 0:06 49152]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8.6.2009 12:41 1684736]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20.4.2011 16:08 135664]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 13:29 162176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S3 XDva341;XDva341;\??\c:\windows\system32\XDva341.sys --> c:\windows\system32\XDva341.sys [?]
S3 XDva343;XDva343;\??\c:\windows\system32\XDva343.sys --> c:\windows\system32\XDva343.sys [?]
S3 XDva346;XDva346;\??\c:\windows\system32\XDva346.sys --> c:\windows\system32\XDva346.sys [?]
S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva358;XDva358;\??\c:\windows\system32\XDva358.sys --> c:\windows\system32\XDva358.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva386;XDva386;\??\c:\windows\system32\XDva386.sys --> c:\windows\system32\XDva386.sys [?]
S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 14:08]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 14:08]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:50505
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 93.91.144.100 212.80.67.98
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-8574198.exe - c:\docume~1\Moje\LOCALS~1\Temp\8574198.exe
HKLM-Run-3161910.exe - c:\windows\TEMP\3161910.exe
HKLM-Run-2338270.exe - c:\windows\TEMP\2338270.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-21 08:10
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\$NtUninstallKB279$:SummaryInformation 0 bytes hidden from API
.
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Celkový čas: 2011-07-21 08:12:45
ComboFix-quarantined-files.txt 2011-07-21 06:12
ComboFix2.txt 2011-07-20 12:41
ComboFix3.txt 2011-07-16 10:34
.
Před spuštěním: Volných bajtů: 24 557 981 696
Po spuštění: Volných bajtů: 24 552 747 008
.
- - End Of File - - D173ED93BEB6645C534A22C6B933CD3D

Stahnete OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :reg
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "1034:TCP"=-
  "5000:UDP"=-
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "c:\\WINDOWS\\update.tray-7-0-lnk\\svchost.exe"=-
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "DisableThumbnailCache"=dword:00000000
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "QuickTime Task"=-
  "DivXUpdate"=-
  "tray_ico1"=-
  "sysdriver32.exe"=-
  "sysdriver32_.exe"=-
  "l1rezerv.exe"=-
  "systemup"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"=-
  [-HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"=-
  [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
  "netsvcs"=hex(7):36,74,6F,34,00,41,70,70,4D,67,6D,74,00,41,\
    75,64,69,6F,53,72,76,00,42,72,6F,77,73,65,72,00,43,72,79,70,74,53,76,\
    63,00,44,4D,53,65,72,76,65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,\
    76,65,6E,74,53,79,73,74,65,6D,00,46,61,73,74,55,73,65,72,53,77,69,74,\
    63,68,69,6E,67,43,6F,6D,70,61,74,69,62,69,6C,69,74,79,00,48,69,64,53,\
    65,72,76,00,49,61,73,00,49,70,72,69,70,00,49,72,6D,6F,6E,00,4C,61,6E,\
    6D,61,6E,53,65,72,76,65,72,00,4C,61,6E,6D,61,6E,57,6F,72,6B,73,74,61,\
    74,69,6F,6E,00,4D,65,73,73,65,6E,67,65,72,00,4E,65,74,6D,61,6E,00,4E,\
    6C,61,00,4E,74,6D,73,73,76,63,00,4E,57,43,57,6F,72,6B,73,74,61,74,69,\
    6F,6E,00,4E,77,73,61,70,61,67,65,6E,74,00,52,61,73,61,75,74,6F,00,52,\
    61,73,6D,61,6E,00,52,65,6D,6F,74,65,61,63,63,65,73,73,00,53,63,68,65,\
    64,75,6C,65,00,53,65,63,6C,6F,67,6F,6E,00,53,45,4E,53,00,53,68,61,72,\
    65,64,61,63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,\
    73,72,76,00,54,68,65,6D,65,73,00,54,72,6B,57,6B,73,00,57,33,32,54,69,\
    6D,65,00,57,5A,43,53,56,43,00,57,6D,69,00,57,6D,64,6D,50,6D,53,70,00,77,\
    69,6E,6D,67,6D,74,00,77,73,63,73,76,63,00,78,6D,6C,70,72,6F,76,00,6E,\
    61,70,61,67,65,6E,74,00,68,6B,6D,73,76,63,00,42,49,54,53,00,77,75,61,\
    75,73,65,72,76,00,53,68,65,6C,6C,48,57,44,65,74,65,63,74,69,6F,6E,00,68,\
    65,6C,70,73,76,63,00,57,6D,64,6D,50,6D,53,4E,00,00
  
  :services
  XDva341
  XDva343
  XDva346
  XDva347
  XDva349
  XDva352
  XDva358
  XDva359
  XDva370
  XDva375
  XDva380
  XDva385
  XDva386
  Akamai
  gupdate
  gupdatem
  ICQ Service
  
  :files
  c:\program files\ICQ6Toolbar
  c:\windows\update.tray-2-0
  c:\windows\rpcminer
  c:\windows\ufa
  c:\windows\av_ico
  c:\windows\update.tray-2-0
  c:\windows\update.tray-2-0-lnk
  c:\windows\update.tray-7-0
  c:\windows\update.tray-7-0-lnk
  c:\windows\systemup.exe
  c:\windows\l1rezerv.exe
  c:\windows\sysdriver32_.exe
  c:\windows\sysdriver32.exe
  c:\windows\unrar.exe
  c:\program files\Windows NT\dwm.exe
  c:\program files\Internet Explorer\conhost.exe
  c:\windows\gbot111.exe
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\program files\Softonic-Eng7\prxtbSof0.dll
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

kde stahnu ten OTM ?

Zde
http://oldtimer.geekstogo.com/OTM.exe