Prosim o kontrolu logu - pomale PC Vyřešeno

[tomas_ch]

musim pockat az mi dobehne chkdsk, pak se do toho pustim...

[Reklama]

[tomas_ch]

ComboFix 11-01-20.04 - Administrator 21.01.2011 20:51:49.8.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1186 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\windows\Setup1.exe"
"c:\windows\temp.001"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Data aplikací\AVG9
c:\documents and settings\Administrator\Data aplikací\AVG9\cfgall\usergui.cfg
c:\windows\Setup1.exe
c:\windows\temp.001

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_adusbser


((((((((((((((((((((((((( Soubory vytvořené od 2010-12-21 do 2011-01-21 )))))))))))))))))))))))))))))))
.

2011-01-21 17:32 . 2011-01-21 17:32 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\AVG10
2011-01-21 17:32 . 2011-01-21 17:32 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-01-21 16:49 . 2011-01-21 16:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-01-20 22:14 . 2011-01-20 22:14 -------- d-----w- C:\i386
2011-01-20 22:14 . 2011-01-20 22:14 -------- d-----w- C:\DRV
2011-01-20 21:21 . 2011-01-20 21:21 -------- d-----w- C:\CNTemp
2011-01-20 19:02 . 2011-01-20 19:03 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2011-01-20 16:54 . 2011-01-20 16:54 388096 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-20 16:54 . 2011-01-20 16:54 -------- d-----w- c:\program files\Trend Micro
2011-01-01 10:58 . 2001-11-22 21:39 28672 ----a-w- c:\windows\lmunin2.exe
2010-12-23 15:53 . 2010-12-23 15:53 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\free-3gp-video-converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:15 . 2003-02-25 08:47 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-07-29 09:45 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:25 . 2004-08-23 19:35 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:25 . 2004-08-17 22:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:25 . 2004-07-29 09:46 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:25 . 1979-12-31 23:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2004-08-17 22:44 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 1979-12-31 23:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 1979-12-31 23:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 1979-12-31 23:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2003-09-05 09:52 . 2003-09-05 09:52 2893952 ----a-w- c:\program files\PPView97.exe
.

((((((((((((((((((((((((((((( SnapShot@2011-01-21_18.06.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-21 19:59 . 2011-01-21 19:59 16384 c:\windows\temp\Perflib_Perfdata_6b4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"ICQ"="c:\progra~1\ICQ7.2\ICQ.exe" [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SW20"="c:\windows\system32\sw20.exe" [2005-06-29 212992]
"SW24"="c:\windows\system32\sw24.exe" [2005-07-04 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-10-15 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-12 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CNAP2 Launcher]
2007-09-05 23:48 406944 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-10-18 10:58 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-06-15 10:20 6803456 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-06-15 10:20 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-06-15 10:20 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-12-12 17:00 155648 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 09:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\TOTALCMD\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"h:\\Anonymne\\Torpark 2.0.0.3a\\App\\torpark\\firefox\\firefox.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [12.10.2005 18:22 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [12.10.2005 18:22 5248]
R1 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [27.10.2005 22:20 52544]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [6.1.2010 19:20 7680]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [7.9.2006 21:16 10112]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [6.1.2010 19:31 110592]
.
Obsah adresáře 'Naplánované úlohy'

2011-01-21 c:\windows\Tasks\WebReg 20050616101430.job
- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2002-10-16 14:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = 127.0.0.1:8080
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {5F4DE4DF-5029-4414-B387-0688808AEAE3} = 192.168.1.3
TCP: {8043079A-D5C6-4DAB-8DCE-93BBE9FF64B2} = 192.168.1.1
TCP: {A1DA04D7-FC7D-469F-A66A-C25A84B119EA} = 192.168.1.3
TCP: {FE93E5B0-8CA4-48E0-9691-BCDDFECCEE45} = 192.168.0.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-21 20:59
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(924)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(3824)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\winproxy\WinProxy.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-01-21 21:03:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-21 20:03
ComboFix2.txt 2011-01-21 18:08

Před spuštěním: 6 907 379 712
Po spuštění: 6 795 526 144

- - End Of File - - A16483D07E9A72BDFC187BF278B040AA

[tomas_ch]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:06:27, on 21.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WinProxy\WinProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\totalcmd\TOTALCMD.EXE
H:\Anonymne\Torpark 2.0.0.3a\App\torpark\firefox\firefox.exe
H:\vir\2011\avg_free_stb_eu_2011_1191_free.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS6.tmp\avgmfapx.exe
C:\WINDOWS\system32\msiexec.exe
H:\Anonymne\Torpark 2.0.0.3a\App\torpark\firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\MsiExec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F4DE4DF-5029-4414-B387-0688808AEAE3}: NameServer = 192.168.1.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{8043079A-D5C6-4DAB-8DCE-93BBE9FF64B2}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1DA04D7-FC7D-469F-A66A-C25A84B119EA}: NameServer = 192.168.1.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE93E5B0-8CA4-48E0-9691-BCDDFECCEE45}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WinProxy - M&M hist - C:\WinProxy\WinProxy.exe

--
End of file - 5740 bytes

[tomas_ch]

http://www.virustotal.com/file-scan/rep ... 1295640536

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT


Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

[tomas_ch]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:05:24, on 21.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WinProxy\WinProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\totalcmd\TOTALCMD.EXE
H:\vir\2011\avg_free_stb_eu_2011_1191_free.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zSC.tmp\avgmfapx.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
H:\Anonymne\Torpark 2.0.0.3a\App\torpark\firefox\firefox.exe
H:\Anonymne\Torpark 2.0.0.3a\App\torpark\firefox\plugin-container.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MFARestart] "C:\Documents and Settings\All Users\Data aplikací\MFAData\pack\avgrunasx.exe" /usereg
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F4DE4DF-5029-4414-B387-0688808AEAE3}: NameServer = 192.168.1.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{8043079A-D5C6-4DAB-8DCE-93BBE9FF64B2}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1DA04D7-FC7D-469F-A66A-C25A84B119EA}: NameServer = 192.168.1.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE93E5B0-8CA4-48E0-9691-BCDDFECCEE45}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WinProxy - M&M hist - C:\WinProxy\WinProxy.exe

--
End of file - 5717 bytes

[tomas_ch]

ComboFix 11-01-20.04 - Administrator 21.01.2011 21:50:33.9.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1184 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-12-21 do 2011-01-21 )))))))))))))))))))))))))))))))
.

2011-01-21 17:32 . 2011-01-21 17:32 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\AVG10
2011-01-21 17:32 . 2011-01-21 17:32 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-01-21 16:49 . 2011-01-21 16:49 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-01-20 22:14 . 2011-01-20 22:14 -------- d-----w- C:\i386
2011-01-20 22:14 . 2011-01-20 22:14 -------- d-----w- C:\DRV
2011-01-20 21:21 . 2011-01-20 21:21 -------- d-----w- C:\CNTemp
2011-01-20 19:02 . 2011-01-20 19:03 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2011-01-20 16:54 . 2011-01-20 16:54 388096 ----a-r- c:\documents and settings\Administrator\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-20 16:54 . 2011-01-20 16:54 -------- d-----w- c:\program files\Trend Micro
2011-01-01 10:58 . 2001-11-22 21:39 28672 ----a-w- c:\windows\lmunin2.exe
2010-12-23 15:53 . 2010-12-23 15:53 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\free-3gp-video-converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:15 . 2003-02-25 08:47 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2004-07-29 09:45 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:25 . 2004-08-23 19:35 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:25 . 2004-08-17 22:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-06 00:25 . 2004-07-29 09:46 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:25 . 1979-12-31 23:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2004-08-17 22:44 389120 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 1979-12-31 23:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 1979-12-31 23:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 1979-12-31 23:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2003-09-05 09:52 . 2003-09-05 09:52 2893952 ----a-w- c:\program files\PPView97.exe
.

((((((((((((((((((((((((((((( SnapShot@2011-01-21_18.06.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-21 20:44 . 2011-01-21 20:44 16384 c:\windows\temp\Perflib_Perfdata_670.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"ICQ"="c:\progra~1\ICQ7.2\ICQ.exe" [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SW20"="c:\windows\system32\sw20.exe" [2005-06-29 212992]
"SW24"="c:\windows\system32\sw24.exe" [2005-07-04 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-10-15 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CNAP2 Launcher]
2007-09-05 23:48 406944 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\CNAP2LAK.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-10-18 10:58 278528 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-06-15 10:20 6803456 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-06-15 10:20 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-06-15 10:20 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-12-12 17:00 155648 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 09:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\TOTALCMD\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"h:\\Anonymne\\Torpark 2.0.0.3a\\App\\torpark\\firefox\\firefox.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer_Service.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [12.10.2005 18:22 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [12.10.2005 18:22 5248]
R1 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [27.10.2005 22:20 52544]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [6.1.2010 19:20 7680]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [7.9.2006 21:16 10112]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [6.1.2010 19:31 110592]
.
Obsah adresáře 'Naplánované úlohy'

2011-01-21 c:\windows\Tasks\WebReg 20050616101430.job
- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2002-10-16 14:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = 127.0.0.1:8080
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {5F4DE4DF-5029-4414-B387-0688808AEAE3} = 192.168.1.3
TCP: {8043079A-D5C6-4DAB-8DCE-93BBE9FF64B2} = 192.168.1.1
TCP: {A1DA04D7-FC7D-469F-A66A-C25A84B119EA} = 192.168.1.3
TCP: {FE93E5B0-8CA4-48E0-9691-BCDDFECCEE45} = 192.168.0.1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-21 21:56
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(940)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'explorer.exe'(2624)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-01-21 21:59:11
ComboFix-quarantined-files.txt 2011-01-21 20:59
ComboFix2.txt 2011-01-21 20:03
ComboFix3.txt 2011-01-21 18:08

Před spuštěním: 6 645 612 544
Po spuštění: 6 627 295 232

- - End Of File - - 69A9E0E7347760C86E878AE21443A918

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


Tuto proxy používáš:
ProxyServer = 127.0.0.1:8080 ??

Jak to vypadá , problémy?

[tomas_ch]

proxy nepouzivam...
akorat mam problem s defragmentaci disku C, jak jsem popisoval vcera vecer...
jinak pc vypada OK

[tomas_ch]

diky za pomoc.... :-)