VIRY.CZ

Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFScriptu".
Soubor ulož na plochu jako CFScript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

ComboFix se spustí - počkej na log a vlož ho sem.
CFScript

ComboFix 13-05-24.01 - majer 25.05.2013 11:24:51.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3070.2346 [GMT 2:00]
Spuštěný z: c:\documents and settings\majer\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\majer\Plocha\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\documents and settings\majer\Data aplikací\Mozilla\Firefox\Profiles\k2wekq08.default\extensions\mckoao@zzcaxg.org"
"c:\documents and settings\majer\Data aplikací\Mozilla\Firefox\Profiles\k2wekq08.default\extensions\mckoao@zzcaxg.org"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-25 do 2013-05-25 )))))))))))))))))))))))))))))))
.
.
2013-05-24 19:57 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{459A299D-1377-49E6-ACBF-650BF9A176C7}\mpengine.dll
2013-05-23 18:32 . 2013-05-23 18:34 -------- d-----w- c:\program files\Counter-Strike 1.6 Non-Steam
2013-05-23 18:12 . 2013-05-23 18:12 -------- d-----w- c:\program files\dumps
2013-05-23 18:12 . 2013-05-23 18:12 -------- d-----w- c:\documents and settings\All Users\Nabdka Start
2013-05-23 18:12 . 2013-05-23 18:12 -------- d-----w- c:\program files\Common Files\Steam
2013-05-22 18:06 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-18 20:00 . 2013-05-18 20:00 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\DSS
2013-05-18 20:00 . 2013-05-18 20:00 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Codemasters
2013-05-18 19:47 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-05-18 19:47 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2013-05-18 19:47 . 2013-05-18 19:47 -------- d-----w- c:\windows\system32\xlive
2013-05-18 19:47 . 2013-05-18 19:47 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2013-05-18 19:46 . 2011-03-19 13:16 1417216 ----a-w- c:\windows\system32\rapture3d_oal.dll
2013-05-18 19:46 . 2010-09-22 11:12 19087360 ----a-w- c:\windows\system32\mkl_blueripple.dll
2013-05-18 19:46 . 2013-05-18 19:46 -------- d-----w- c:\program files\BRS
2013-05-18 19:46 . 2013-05-18 19:46 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2013-05-18 19:46 . 2013-05-18 19:46 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2013-05-18 19:46 . 2013-05-18 19:46 -------- d-----w- c:\program files\OpenAL
2013-05-18 19:32 . 2013-05-18 19:32 -------- d-----w- c:\program files\Codemasters
2013-05-12 08:15 . 2013-05-12 08:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Systweak
2013-05-12 08:14 . 2013-05-12 08:19 -------- d-----w- c:\documents and settings\majer\Data aplikací\Systweak
2013-05-12 08:13 . 2013-05-12 08:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\cOnttiynuuetoosavei
2013-05-12 08:12 . 2013-05-12 08:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\InstallMate
2013-05-11 20:29 . 2013-05-11 20:29 -------- d-----w- c:\documents and settings\majer\Data aplikací\DriverCure
2013-05-11 20:29 . 2013-05-11 20:29 -------- d-----w- c:\documents and settings\majer\Data aplikací\ParetoLogic
2013-05-11 20:29 . 2013-05-11 20:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ParetoLogic
2013-05-11 18:24 . 2013-05-11 18:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Logs
2013-05-11 18:24 . 2013-01-01 16:32 18952 ----a-w- c:\windows\system32\roboot.exe
2013-05-11 18:22 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-05-11 18:22 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-05-11 18:22 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2013-05-11 18:22 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-05-11 18:22 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2013-05-11 18:22 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2013-05-11 18:22 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-05-11 18:22 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-05-11 17:44 . 2013-05-11 18:46 -------- d-----w- c:\program files\Hitman Absolution
2013-05-11 15:57 . 2013-05-11 15:57 -------- d-----w- c:\program files\SQUARE ENIX
2013-05-10 13:38 . 2013-05-10 13:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Origin
2013-05-10 13:05 . 2013-05-10 13:05 -------- d-----w- c:\program files\EA Games
2013-05-08 10:52 . 2013-05-08 10:52 -------- d-----w- c:\program files\VS Revo Group
2013-05-07 17:02 . 2013-05-07 17:02 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 15:28 . 2012-07-01 20:43 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-16 22:26 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:26 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-04-16 22:26 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-04-12 14:01 . 2008-04-14 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-08 08:36 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2008-04-14 12:00 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 15:56 . 2008-04-14 08:06 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-27 07:58 . 2012-07-01 19:59 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-06-25 17887232]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"DLQLU"="c:\program files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" [2010-06-01 1127744]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2012-7-2 1662976]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Garena Plus\\Room\\garena_room.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\Codemasters\\DiRT 3\\dirt3_game.exe"=
"c:\\Program Files\\Counter-Strike 1.6 Non-Steam\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58906:TCP"= 58906:TCP:Pando Media Booster
"58906:UDP"= 58906:UDP:Pando Media Booster
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3.7.2012 8:51 242240]
R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [27.2.2013 22:25 226696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1.7.2012 22:09 1684736]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena Plus\Room\safedrv.sys --> c:\program files\Garena Plus\Room\safedrv.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [11.7.2012 22:23 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [11.7.2012 22:23 8576]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-16 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 10:11]
.
2013-05-25 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 10:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\majer\Data aplikací\DVDVideoSoftIEHelpers\freeytvdownloader.htm
TCP: DhcpNameServer = 10.10.21.1
FF - ProfilePath - c:\documents and settings\majer\Data aplikací\Mozilla\Firefox\Profiles\k2wekq08.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: 2013-05-12 10:55; mckoao@zzcaxg.org; c:\documents and settings\majer\Data aplikací\Mozilla\Firefox\Profiles\k2wekq08.default\extensions\mckoao@zzcaxg.org
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-25 11:30
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3000)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Ralink\Common\RalinkRegistryWriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2013-05-25 11:34:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-05-25 09:34
ComboFix2.txt 2013-05-24 17:14
.
Před spuštěním: Volných bajtů: 65 993 109 504
Po spuštění: Volných bajtů: 65 997 385 728
.
- - End Of File - - F0603D0B4A4F0037E939136D92CBDD4C

to se nepovedlo

c:\documents and settings\majer\Plocha\CFScript.txt.txt

zkus to znovu se správně pojmenovaným scriptem

Hodilo mi to zase ten samý log, tak nevím co dělám špatně. Udělal jsem to přesně jak píšete: Otevři Poznámkový blok (Notepad) a zkopíruj celý zelený text z "CFScriptu".
Soubor ulož na plochu jako CFScript.txt a jeho ikonu přetáhni myší nad ikonu ComboFixu - tam pusť.

Stáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „Moveit!“

Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\ - dej mi ho sem na kontrolu

Script OTM

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: majer
->Temp folder emptied: 147456 bytes
->Temporary Internet Files folder emptied: 524314 bytes
->FireFox cache emptied: 183856770 bytes
->Flash cache emptied: 3745 bytes

User: NetworkService
->Temp folder emptied: 1662 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2176 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 176,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: majer
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: majer

User: NetworkService

Total Java Files Cleaned = 0,00 mb


Restore point Set: OTM Restore Point
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
c:\documents and settings\All Users\Data aplikací\cOnttiynuuetoosavei folder moved successfully.
File/Folder c:\documents and settings\majer\Data aplikacĂ­\Mozilla\Firefox\Profiles\k2wekq08.default\extensions\mckoao@zzcaxg.org not found.
c:\documents and settings\majer\Data aplikací\Mozilla\Firefox\Profiles\k2wekq08.default\extensions\mckoao@zzcaxg.org\content folder moved successfully.
c:\documents and settings\majer\Data aplikací\Mozilla\Firefox\Profiles\k2wekq08.default\extensions\mckoao@zzcaxg.org folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1154C873-7921-7D1B-8387-AAF69C476F5F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1154C873-7921-7D1B-8387-AAF69C476F5F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\DWQueuedReporting not found.
Registry key HKEY_LOCAL_MACHINE\system\curentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\system\curentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\system\curentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\system\curentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List not found.
========== SERVICES/DRIVERS ==========

OTM by OldTimer - Version 3.1.21.0 log created on 05252013_145311

Files moved on Reboot...

Registry entries deleted on Reboot...

Jak to vypadá po této čistce?

Budu PC pozorovat, ale internet mi přestal blbnout.

Pozoruj a napiš.

Počítač vypadá v pořádku, tak snad to nějakou dobu vydrží. Díky

Nemáš zač - rádo se stalo a jsme tady i příště