Zatim to neprenasejte at nenakazite i ten druhy PC. Neco malo pomazem pres OTL a pak tam pustime dalsi nastroj Spustte znovu OTL
Kód: Vybrat vše
:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
:otl
PRC - [2011.02.16 17:45:50 | 000,385,024 | RHS- | M] () -- C:\Documents and Settings\Mike\Microsoft-Driver-1-85-45488-2348-1467\wincdsvn.exe
SRV - File not found [Auto | Stopped] -- -- (CesarFTP)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.01.30 15:26:33 | 000,365,056 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\WINDOWS\system32\sshnas21.dll -- (SSHNAS)
SRV - [2004.08.18 13:00:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)
DRV - [2010.12.19 14:51:47 | 000,040,128 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\tgratapj.sys -- (tgratapj)
FF - prefs.js..browser.search.selectedEngine: "Google Search Community"
FF - prefs.js..browser.startup.homepage: "http://search.speedbit.com/"
FF - prefs.js..extensions.enabledItems: googleplusvideos@googleplusvideos.com:1.0
FF - prefs.js..keyword.URL: "http://search.speedbit.com/searchresults.asp?src=default&q="
[2009.03.05 18:26:50 | 000,002,383 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seekapp122.xml
[2009.03.05 18:29:35 | 000,002,386 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seekapp123.xml
[2009.03.11 16:00:10 | 000,002,386 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seekapp125.xml
O3 - HKLM\..\Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.
O3 - HKU\S-1-5-21-606747145-1788223648-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {60270DC7-9EA0-472F-9B77-66652C06246E} - No CLSID value found.
O3 - HKU\S-1-5-21-606747145-1788223648-839522115-1004\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-606747145-1788223648-839522115-1004..\Run: [MicrosoftRTDriver] File not found
O4 - HKU\S-1-5-21-606747145-1788223648-839522115-1004..\Run: [MSConfig] File not found
O4 - HKU\S-1-5-21-606747145-1788223648-839522115-1004..\Run: [MSDNMService] File not found
O4 - HKU\S-1-5-21-606747145-1788223648-839522115-1004..\Run: [WindowsLiveUpdateService] File not found
O4 - Startup: C:\Documents and Settings\Mike\Nabídka Start\Programy\Po spuštění\Quick'n Easy FTP Server.lnk = C:\Documents and Settings\Mike\Local Settings\Temp\_AZTMP1_\Exec\FTPServer.exe (Pablo Software Solutions)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - Reg Error: Key error. File not found
O9 - Extra Button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O33 - MountPoints2\{0b88d064-bbc8-11de-9802-001346b221a1}\Shell - "" = AutoRun
O33 - MountPoints2\{18e169f8-f013-11df-9925-001346b221a1}\Shell - "" = AutoRun
O33 - MountPoints2\{ac410e07-e4c0-11dd-9629-001346b221a1}\Shell - "" = AutoRun
[2011.02.16 17:45:51 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\Mike\Microsoft-Driver-1-85-45488-2348-1467
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2011.02.16 17:14:18 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1788223648-839522115-1004UA.job
[2011.02.14 21:25:34 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1788223648-839522115-1004Core.job
[2010.12.20 05:52:48 | 000,225,280 | ---- | C] () -- C:\Documents and Settings\Mike\Data aplikací\chrtmp
[2010.12.19 14:51:47 | 000,040,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\tgratapj.sys
[2010.12.19 14:13:13 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mike\Data aplikací\GJ6AC1NGjh.txt
[2010.12.19 14:02:08 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mike\Data aplikací\dg6Ce1LFkK.txt
[2010.12.18 17:29:42 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Mike\Data aplikací\wincbdrv32.txt
[2010.12.18 17:29:35 | 000,000,000 | R--- | C] () -- C:\Documents and Settings\Mike\Data aplikací\f1mHMIJdJm.txt
[2010.12.13 21:49:58 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Mike\Data aplikací\msnsvconfig.txt
@Alternate Data Stream - 514613 bytes -> C:\WINDOWS\Temp:temp
@Alternate Data Stream - 48 bytes -> C:\Documents and Settings\All Users\DRM:الهريرة
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A9662AE0
:files
C:\Documents and Settings\Mike\Microsoft-Driver-1-85-45488-2348-1467
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
Dle meho je spatne vypalene ten hirens boot, nebo byla jste v nem - melo by to by takove mini XP, mela jste tam programy jako Combofix, Drweb cure IT apod Jak mate stahly ten hirens boot CD, tak jste jej rozbalila a jak jste jej vypalila na CD Asi je spatne vypaleny, kdyz date to CD do mechaniky - v tom PC co Vam funguje, tak jsou tam nejake soubory nebo jen to ISO Prectete si prosim soukromou zpravu Probehla komunikace na icq, takze log co zde je, je jen pro zasvecene Pokud nemate, tak presunte Combofix na plochu
Kód: Vybrat vše
KillAll::
Folder::
c:\program files (x86)\ICQ6Toolbar
c:\users\Blaženka\Microsoft-Driver-1-85-45488-2348-1467
Driver::
ICQ Service
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
"Microsoft(R)UpdateManager"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
Firefox::
FF - ProfilePath - c:\users\Blaženka\AppData\Roaming\Mozilla\Firefox\Profiles\3mv572fx.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Reboot::
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci