Antivir (nebo snad vir?) Vyřešeno

[jaro3]

a když dám to druhé, ten regedit, tak se nestane nic. jen to v pc chrasti, jakoby se neco melo otevrit, ale nic

To je v pořádku, log z příkazu regedit... se ti neotevře, najdeš ho na disku C v souboru regl.txt

Řiď se pokyny fredika . Podívej se zda tam máš ten text. soubor:
C:\regl.txt Zkopíruj text v něm myší a vlož ho sem.

[Reklama]

[MaxDamageCZ]

jo a ještě něco bys měl vědět:

Když zapnu PC, tak mi to hlásí:

generic host process for win 32 services
Operace byla ukončena z důvodu možného poškození systému windows. (tak nějak to zní, nevím jestli je to doslova, ale obsah je takový.)
Zavřít okno



Když dám zavřít okno, ještě se mě to zeptá, jestli chci odeslat chybu, to celé se několikrát opakuje (okno "generic" se mi po zavření zase objeví, asi tak 5x)

[MaxDamageCZ]

no jo, ale jak to sem mám dostat? má to 218 MB, to se mi nevešlo ani do té Ctrl C paměti.

[jaro3]

Ta chyba , můžeš upřesnit , udělat screen, ale vše nasvědčuje tomu , že tam máš spyware, to přesměrování.

Ten soubor má u mě 26kB, to máš asi jiný soubor.
Zkus znovu:
Start-spustit napiš:
regedit /e "c:\regl.txt" "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters"
popř. potvrď přepsání souboru , nebo se vygeneruje pod názvem regl1.txt
Po malé chvíli bys měl mít text.soubor regl.txt v C:\
viz screen.

[MaxDamageCZ]

jo už jsem ho našel


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters]
"NV Hostname"="sestava"
"DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="sestava"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp]
"LLInterface"="WANARP"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,37,00,30,00,32,00,34,00,43,00,\
30,00,33,00,2d,00,44,00,34,00,43,00,41,00,2d,00,34,00,39,00,34,00,35,00,2d,\
00,39,00,43,00,38,00,38,00,2d,00,44,00,34,00,36,00,42,00,31,00,30,00,43,00,\
39,00,31,00,45,00,44,00,31,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,\
00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,\
6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,41,00,42,\
00,44,00,46,00,36,00,43,00,33,00,41,00,2d,00,33,00,36,00,38,00,41,00,2d,00,\
34,00,32,00,36,00,33,00,2d,00,41,00,42,00,36,00,46,00,2d,00,45,00,35,00,31,\
00,38,00,33,00,32,00,32,00,45,00,39,00,46,00,39,00,32,00,7d,00,00,00,54,00,\
63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,\
00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,\
73,00,5c,00,7b,00,36,00,42,00,43,00,43,00,32,00,38,00,35,00,43,00,2d,00,38,\
00,35,00,42,00,43,00,2d,00,34,00,32,00,38,00,31,00,2d,00,42,00,45,00,31,00,\
31,00,2d,00,41,00,30,00,39,00,38,00,35,00,42,00,46,00,33,00,39,00,36,00,45,\
00,34,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,\
61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,\
00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,34,00,31,00,37,00,30,00,37,00,\
32,00,39,00,41,00,2d,00,36,00,35,00,44,00,41,00,2d,00,34,00,31,00,37,00,45,\
00,2d,00,42,00,42,00,41,00,45,00,2d,00,42,00,43,00,34,00,46,00,37,00,42,00,\
35,00,34,00,31,00,46,00,34,00,32,00,7d,00,00,00,00,00
"NumInterfaces"=dword:00000004
"IpInterfaces"=hex:03,4c,02,47,ca,d4,45,49,9c,88,d4,6b,10,c9,1e,d1,3a,6c,df,ab,\
8a,36,63,42,ab,6f,e5,18,32,2e,9f,92,5c,28,cc,6b,bc,85,81,42,be,11,a0,98,5b,\
f3,96,e4,9a,72,70,41,da,65,7e,41,bb,ae,bc,4f,7b,54,1f,42

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{0B24B74A-2E6E-498E-9631-D7845471CB28}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,30,00,42,00,32,00,34,00,42,00,37,00,\
34,00,41,00,2d,00,32,00,45,00,36,00,45,00,2d,00,34,00,39,00,38,00,45,00,2d,\
00,39,00,36,00,33,00,31,00,2d,00,44,00,37,00,38,00,34,00,35,00,34,00,37,00,\
31,00,43,00,42,00,32,00,38,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{343A3DFB-1851-47C5-A4E8-9A7D09BFF39E}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,33,00,34,00,33,00,41,00,33,00,44,00,\
46,00,42,00,2d,00,31,00,38,00,35,00,31,00,2d,00,34,00,37,00,43,00,35,00,2d,\
00,41,00,34,00,45,00,38,00,2d,00,39,00,41,00,37,00,44,00,30,00,39,00,42,00,\
46,00,46,00,33,00,39,00,45,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{3A0AAD32-0050-472A-89D8-25DC94ABA079}]
"LLInterface"="ARP1394"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,33,00,41,00,30,00,41,00,41,00,44,00,\
33,00,32,00,2d,00,30,00,30,00,35,00,30,00,2d,00,34,00,37,00,32,00,41,00,2d,\
00,38,00,39,00,44,00,38,00,2d,00,32,00,35,00,44,00,43,00,39,00,34,00,41,00,\
42,00,41,00,30,00,37,00,39,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{3C3DA8E1-B7F1-4FCA-B5A9-E07A775CDB40}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,33,00,43,00,33,00,44,00,41,00,38,00,\
45,00,31,00,2d,00,42,00,37,00,46,00,31,00,2d,00,34,00,46,00,43,00,41,00,2d,\
00,42,00,35,00,41,00,39,00,2d,00,45,00,30,00,37,00,41,00,37,00,37,00,35,00,\
43,00,44,00,42,00,34,00,30,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{E363812D-8CF9-4289-B871-D537D57012F9}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,45,00,33,00,36,00,33,00,38,00,31,00,\
32,00,44,00,2d,00,38,00,43,00,46,00,39,00,2d,00,34,00,32,00,38,00,39,00,2d,\
00,42,00,38,00,37,00,31,00,2d,00,44,00,35,00,33,00,37,00,44,00,35,00,37,00,\
30,00,31,00,32,00,46,00,39,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0B24B74A-2E6E-498E-9631-D7845471CB28}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{343A3DFB-1851-47C5-A4E8-9A7D09BFF39E}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000000
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
32,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="5.0.0.1"
"Lease"=dword:000000ff
"LeaseObtainedTime"=dword:4a7443f7
"T1"=dword:4a744476
"T2"=dword:4a7444d6
"LeaseTerminatesTime"=dword:4a7444f6
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
"IPAutoconfigurationEnabled"=dword:00000000
"DisableDynamicUpdate"=dword:00000001
"IsServerNapAware"=dword:00000000
"DhcpIPAddress"="5.89.141.60"
"DhcpSubnetMask"="255.0.0.0"
"DhcpRetryTime"=dword:0000007e
"DhcpRetryStatus"=dword:00000000
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,30,00,2e,00,30,00,2e,00,30,\
00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A0AAD32-0050-472A-89D8-25DC94ABA079}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C3DA8E1-B7F1-4FCA-B5A9-E07A775CDB40}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
33,00,00,00,00,00
"DhcpClassIdBin"=hex:

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4170729A-65DA-417E-BBAE-BC4F7B541F42}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
34,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="0.0.0.0"
"Domain"=""
"NameServer"=""
"RegistrationEnabled"=dword:00000000
"RegisterAdapterName"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{47024C03-D4CA-4945-9C88-D46B10C91ED1}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6BCC285C-85BC-4281-BE11-A0985BF396E4}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ABDF6C3A-368A-4263-AB6F-E518322E9F92}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
34,00,00,00,00,00
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="0.0.0.0"
"Domain"=""
"NameServer"=""
"RegistrationEnabled"=dword:00000000
"RegisterAdapterName"=dword:00000000
"DhcpClassIdBin"=hex:

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E363812D-8CF9-4289-B871-D537D57012F9}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
33,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="10.0.0.138"
"Lease"=dword:0003f480
"LeaseObtainedTime"=dword:4a74319d
"T1"=dword:4a762bdd
"T2"=dword:4a77a78d
"LeaseTerminatesTime"=dword:4a78261d
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:81694328
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpIPAddress"="10.0.0.1"
"DhcpSubnetMask"="255.255.255.0"
"DhcpRetryTime"=dword:0001fa3d
"DhcpRetryStatus"=dword:00000000
"DhcpNameServer"="10.0.0.138"
"DhcpDefaultGateway"=hex(7):31,00,30,00,2e,00,30,00,2e,00,30,00,2e,00,31,00,33,\
00,38,00,00,00,00,00
"DhcpDomain"=""
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
00,35,00,35,00,2e,00,30,00,00,00,00,00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock]
"UseDelayedAcceptance"=dword:00000000
"HelperDllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,00,6c,00,\
00,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,\
00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,00,00,\
00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,\
00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,00,02,\
00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00

[jaro3]

To je ono , kontaktuji fredika , musíš počkat.

[fredik]

Dej sem ještě tyto logy:
Start => Spustit...
cmd /c dir /a %WINDIR%\system32\drivers\etc>>dirl.txt&dirl.txt&del dirl.txt
a vlož sem log co se ti zobrazí.

a pak znovu stejný postup s tímto příkazem
cmd /c type %WINDIR%\system32\drivers\etc\hosts.new>>host.txt&host.txt&del host.txt

Na disku C se ti vytvořil adresář/složka Qoobox v něm se dostaneš přes adresáře Quarantine => C => WINDOWS => system32 až k souboru
sfcfiles.dll tak ho otestuj na Virustotal a vlož sem pak výsledek.

Stáhni si znovu ComboFix a spusť ho. Ten co máš tak ho smaž. Vlož sem pak z něho log.

[MaxDamageCZ]

to první

vazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 38C9-F8E2.

Výpis adresáře C:\WINDOWS\system32\drivers\etc

01.08.2009 09:48 <DIR> .
01.08.2009 09:48 <DIR> ..
26.07.2009 18:18 7 602 hosts
01.08.2009 09:48 1 206 hosts.new
18.08.2004 14:00 3 615 lmhosts.sam
18.08.2004 14:00 412 networks
18.08.2004 14:00 831 protocol
18.08.2004 14:00 7 137 services
6 souborů, 20 803 bajtů
Adresářů: 2, Volných bajtů: 144 212 586 496

[MaxDamageCZ]

to druhé


# Copyright (c) 1993-1999 Microsoft Corp.
#
# Toto je uk zka souboru HOSTS pou§ˇvan‚ho slu§bou Microsoft TCP/IP for Windows.
#
# Soubor obsahuje mapov nˇ adres IP na n zvy hostitel…. Ka§d  polo§ka
# by mŘla bět na jednom ý dku. Adresa IP by mŘla bět umˇstŘna
# v prvnˇm sloupci a mŘla by bět n sledov na odpovˇdajˇcˇm n zvem hostitele.
# Adresa IP a n zev hostitele by mŘly bět oddŘleny nejm‚nŘ jednou
# mezerou.
#
# Koment ýe (jako napýˇklad tento) lze vkl dat na jednotliv‚ ý dky
# nebo za n zev hostitele, koment ý je urźen znakem '#'.
#
# Pýˇklad:
#
# 102.54.94.97 rhino.acme.com # zdrojově server
# 38.25.63.10 x.acme.com # hostitel klient… x

127.0.0.1 localhost
74.125.45.100 test1111.com
74.125.45.100 test1112.com
74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 www.securesoftwarebill.com

[MaxDamageCZ]

Virtuosal

MD5: 56a6034e7764e23d9114223eb3523925
Poprvé zaslán: 2009.05.02 07:07:50 UTC
Datum: 2009.07.26 20:41:27 UTC [>6D]
Výsledky: 0/41
Stálý odkaz: analisis/0f4522834efb9f391397de6533c37873a55e670a3d8f001d485f395ed2f0f504-1248640887


Soubor sfcfiles.dll.vir přijatý 2009.07.26 20:41:27 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0.00%)
Formátované Formátované
Vytisknout výsledky Vytisknout výsledky
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.24 2009.07.26 -
AhnLab-V3 5.0.0.2 2009.07.26 -
AntiVir 7.9.0.228 2009.07.24 -
Antiy-AVL 2.0.3.7 2009.07.24 -
Authentium 5.1.2.4 2009.07.26 -
Avast 4.8.1335.0 2009.07.26 -
AVG 8.5.0.387 2009.07.26 -
BitDefender 7.2 2009.07.26 -
CAT-QuickHeal 10.00 2009.07.25 -
ClamAV 0.94.1 2009.07.26 -
Comodo 1775 2009.07.26 -
DrWeb 5.0.0.12182 2009.07.26 -
eSafe 7.0.17.0 2009.07.26 -
eTrust-Vet 31.6.6640 2009.07.25 -
F-Prot 4.4.4.56 2009.07.26 -
F-Secure 8.0.14470.0 2009.07.26 -
Fortinet 3.120.0.0 2009.07.26 -
GData 19 2009.07.26 -
Ikarus T3.1.1.64.0 2009.07.26 -
Jiangmin 11.0.800 2009.07.26 -
K7AntiVirus 7.10.802 2009.07.25 -
Kaspersky 7.0.0.125 2009.07.26 -
McAfee 5689 2009.07.26 -
McAfee+Artemis 5689 2009.07.26 -
McAfee-GW-Edition 6.8.5 2009.07.26 -
Microsoft 1.4903 2009.07.26 -
NOD32 4280 2009.07.26 -
Norman 6.01.09 2009.07.24 -
nProtect 2009.1.8.0 2009.07.26 -
Panda 10.0.0.14 2009.07.26 -
PCTools 4.4.2.0 2009.07.26 -
Prevx 3.0 2009.07.26 -
Rising 21.39.62.00 2009.07.26 -
Sophos 4.44.0 2009.07.26 -
Sunbelt 3.2.1858.2 2009.07.26 -
Symantec 1.4.4.12 2009.07.26 -
TheHacker 6.3.4.3.374 2009.07.26 -
TrendMicro 8.950.0.1094 2009.07.25 -
VBA32 3.12.10.9 2009.07.26 -
ViRobot 2009.7.25.1853 2009.07.25 -
VirusBuster 4.6.5.0 2009.07.26 -
Rozšiřující informace
File size: 1571840 bytes
MD5 : 56a6034e7764e23d9114223eb3523925
SHA1 : 886ea9e4eb843363decb534c67e024cf98236019
SHA256: 0f4522834efb9f391397de6533c37873a55e670a3d8f001d485f395ed2f0f504
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x120D
timedatestamp.....: 0x48025231 (Sun Apr 13 20:34:25 2008)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xCBF 0xE00 5.89 ccd83c1e26e262720c731cb56f817e7b
.data 0x2000 0x1744A8 0x174600 3.26 e58aed19433b12fea9d8093264bc807d
.rsrc 0x177000 0x408 0x600 2.50 51475f865b45066a3692f34ab9b77cd4
.reloc 0x178000 0x9CFC 0x9E00 5.77 7a58ceb675c48048ea9a69c7643e68d2

( 1 imports )

> ntdll.dll: LdrDisableThreadCalloutsForDll, NtClose, NtQueryValueKey, NtOpenKey, RtlInitUnicodeString, RtlGetVersion, NtTerminateProcess, RtlUnhandledExceptionFilter, RtlUnwind, NtQueryVirtualMemory

( 1 exports )

> SfcGetFiles
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 3072:d0+RebH/3ETKnPPrSMpxo7KlKR2IgYohuFII7KL3y7v+15F+bAVIv3eNmnW:dsosppx2KORFn0yD+v3E7W
PEiD : -
RDS : NSRL Reference Data Set
-

VAROVÁNÍ VAROVÁNÍ: VirusTotal je služba poskytovaná zdarma společnosti Hispasec Sistemas. Kvalita výsledků není nijak zaručena. Výsledky jsou závislé na tvůrci daného produktu. Vysledky testů nemusí být 100% správné. Tyto výsledky nemusí znamenat, že daný soubor je infikován, nebo čistý!

[MaxDamageCZ]

ComboFix



ComboFix 09-08-01.06 - Marek 02.08.2009 11:42.7.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.660 [GMT 2:00]
Spuštěný z: c:\documents and settings\Marek\Plocha\ComboFix.exe
AV: F-Secure Profi Antivirus 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Profi Antivirus 8.01 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-07-02 do 2009-08-02 )))))))))))))))))))))))))))))))
.

2009-08-01 15:05 . 2009-08-01 16:54 -------- d-----w- c:\program files\Crawler
2009-08-01 13:14 . 2009-08-01 13:26 -------- d-----w- c:\program files\PhotoFiltre
2009-07-31 17:32 . 2009-07-31 17:32 -------- d-----w- c:\windows\system32\CatRoot2
2009-07-31 15:05 . 2009-07-31 15:16 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-07-31 15:05 . 2008-12-04 13:57 79872 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2009-07-31 15:04 . 2009-08-01 15:59 -------- d-----w- c:\program files\F-Secure
2009-07-31 14:17 . 2009-07-31 14:46 -------- dc----w- C:\HostsXpert 4.3 - Hosts File Manager
2009-07-30 11:56 . 2009-08-01 15:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-29 21:09 . 2009-07-29 21:10 -------- dc----w- C:\HostsXpert 4.2 - Hosts File Manager
2009-07-28 19:19 . 2009-07-28 19:19 -------- dcs---w- C:\VerTerm
2009-07-28 17:50 . 2009-07-28 17:50 -------- d-----w- c:\program files\PetrLite
2009-07-28 16:14 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 16:14 . 2009-07-30 08:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 16:14 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-28 15:52 . 2009-07-28 15:52 28672 ----a-w- c:\windows\system32\eEmpty.exe
2009-07-28 15:36 . 2009-07-28 15:36 -------- d-----w- c:\program files\CCleaner
2009-07-28 15:30 . 2009-07-28 15:30 118842 ------r- c:\windows\bwUnin-6.3.2.116-7681197L.exe
2009-07-28 15:16 . 2009-07-28 15:25 -------- d-----w- c:\program files\RegCleaner
2009-07-28 14:03 . 2009-07-28 14:03 -------- d-----w- c:\program files\McAfee UnInstaller 6.5 Demo English
2009-07-28 13:58 . 2007-08-15 11:09 159744 ----a-w- c:\windows\system32\wt_menu.dll
2009-07-28 13:58 . 2007-08-15 11:09 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2009-07-28 13:58 . 1999-02-09 19:40 188928 ----a-w- c:\windows\system32\vbuzip10.DLL
2009-07-28 13:58 . 2009-07-28 13:59 -------- d-----w- c:\program files\Smarty Uninstaller Pro
2009-07-28 13:57 . 2009-07-28 13:57 -------- d-----w- c:\program files\VS Revo Group
2009-07-28 08:44 . 2009-07-31 13:25 -------- d-----w- c:\program files\Trend Micro
2009-07-27 15:13 . 2009-07-27 15:14 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-27 14:14 . 2009-07-27 14:14 -------- d-----w- c:\program files\XnView
2009-07-27 14:00 . 2009-07-27 14:00 -------- d-----w- c:\program files\RealWorld Cursor Editor
2009-07-27 13:56 . 2009-07-27 13:56 -------- d-----w- c:\program files\ImageForge3
2009-07-27 13:50 . 2009-07-27 13:50 -------- d-----w- c:\program files\HTML editor Yugie-shareware
2009-07-27 10:24 . 2009-07-27 10:24 -------- d-----w- c:\program files\BlueVoda Website Builder
2009-07-21 09:24 . 2009-07-21 09:24 -------- d-----w- c:\program files\Audacity
2009-07-21 09:21 . 2009-07-21 09:22 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-07-16 17:15 . 2009-07-16 17:18 -------- d-----w- c:\program files\Castle Strike

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 16:38 . 2008-08-02 17:50 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-01 15:00 . 2008-06-02 12:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-01 14:59 . 2004-08-18 12:00 93318 ----a-w- c:\windows\system32\perfc005.dat
2009-08-01 14:59 . 2004-08-18 12:00 461558 ----a-w- c:\windows\system32\perfh005.dat
2009-07-27 15:41 . 2006-07-04 06:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 15:10 . 2006-07-05 17:26 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-26 15:54 . 2006-09-18 08:29 -------- d-----w- c:\program files\Illusion Softworks
2009-07-20 12:45 . 2006-07-05 17:36 -------- d-----w- c:\program files\GameSpy Arcade
2009-07-03 16:59 . 2004-08-18 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 11:44 . 2009-06-30 11:44 -------- d-----w- c:\program files\MumboJumbo
2009-06-29 10:33 . 2009-05-06 17:54 -------- d-----w- c:\program files\Stykz
2009-06-29 06:30 . 2009-06-13 15:47 -------- d-----w- c:\program files\World of Warcraft
2009-06-28 18:06 . 2007-05-18 18:18 -------- d-----w- c:\program files\Take2
2009-06-20 11:45 . 2006-09-09 18:52 -------- d-----w- c:\program files\Google
2009-06-16 14:40 . 2004-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-14 11:50 . 2009-06-14 11:50 -------- d-----w- c:\program files\Zeallsoft
2009-06-14 11:29 . 2009-06-14 11:06 -------- d-----w- c:\program files\Active GIF Creator 2.23
2009-06-12 16:16 . 2007-12-25 16:46 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-06-03 19:11 . 2004-08-18 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-12 13:12 . 2006-07-04 06:30 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:33 . 2004-08-18 12:00 346624 ----a-w- c:\windows\system32\localspl.dll
2004-08-23 21:38 . 2004-08-23 21:38 3371 ----a-w- c:\program files\!!!readme.txt
2004-08-23 19:08 . 2004-08-23 19:08 83968 -c--a-w- c:\program files\NB_NB_2_12_37.xls
2009-06-21 17:55 . 2009-06-21 17:55 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

Chyba šifrovací služby !!
.
((((((((((((((((((((((((((((( SnapShot@2009-07-30_13.43.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-02 09:55 . 2009-08-02 09:55 16384 c:\windows\temp\Perflib_Perfdata_704.dat
+ 2006-07-03 14:57 . 2008-04-14 03:22 32256 c:\windows\system32\wups.dll
+ 2004-08-18 12:00 . 2009-08-01 14:59 82006 c:\windows\system32\perfc009.dat
+ 2008-10-16 12:08 . 2008-10-16 12:08 34328 c:\windows\SoftwareDistribution\SelfUpdate\wups.dll
+ 2008-10-16 12:09 . 2008-10-16 12:09 51224 c:\windows\SoftwareDistribution\SelfUpdate\wuauclt.exe
+ 2006-07-03 14:57 . 2008-04-14 03:22 120320 c:\windows\system32\wuweb.dll
+ 2006-07-03 14:57 . 2008-04-14 03:22 112640 c:\windows\system32\wucltui.dll
+ 2006-07-03 14:57 . 2008-04-14 03:22 183296 c:\windows\system32\wuaueng1.dll
+ 2006-07-03 14:57 . 2008-04-14 03:22 166912 c:\windows\system32\wuauclt1.exe
+ 2006-07-03 14:57 . 2008-04-14 03:22 111104 c:\windows\system32\wuauclt.exe
+ 2006-07-03 14:57 . 2008-04-14 03:22 431104 c:\windows\system32\wuapi.dll
+ 2004-08-18 12:00 . 2009-08-01 14:59 465124 c:\windows\system32\perfh009.dat
+ 2006-07-04 06:35 . 2006-07-04 06:35 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2008-10-16 12:13 . 2008-10-16 12:13 202776 c:\windows\SoftwareDistribution\SelfUpdate\wuweb.dll
+ 2008-10-16 12:12 . 2008-10-16 12:12 323608 c:\windows\SoftwareDistribution\SelfUpdate\wucltui.dll
+ 2008-10-16 12:12 . 2008-10-16 12:12 561688 c:\windows\SoftwareDistribution\SelfUpdate\wuapi.dll
+ 2006-07-03 14:57 . 2008-04-14 03:22 1135616 c:\windows\system32\wuaueng.dll
+ 2008-10-16 12:13 . 2008-10-16 12:13 1809944 c:\windows\SoftwareDistribution\SelfUpdate\wuaueng.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Marek\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-06-20 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-12-04 957024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"=
"c:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\hd2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Sierra\\CoolPool\\coolpool.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\Worms 4 Totalni narez\\Worms 4 Mayhem.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Documents and Settings\\Marek\\Local Settings\\Data aplikací\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\keyclone\\keyclone.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.1-to-3.0.2-enGB-Win-Update-downloader.exe"=
"c:\\Documents and Settings\\Marek\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Marek\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\MumboJumbo\\Luxor\\luxor.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2869:TCP"= 2869:TCP:@xpsp2res.dll,-22008
"11001:TCP"= 11001:TCP:H&D2 port 11001
"11001:UDP"= 11001:UDP:H&D2 port 11001
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port
"6112:TCP"= 6112:TCP:Blizzard Downloader

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [31.7.2009 17:05 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [31.7.2009 17:05 79872]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [31.7.2009 17:04 67808]
R2 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies Inc\SMART Board Software\WebServer.exe [19.4.2007 7:42 759312]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [31.7.2009 17:04 99960]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [31.7.2009 17:05 55904]
S3 axskbus;axskbus;c:\windows\system32\DRIVERS\axskbus.sys --> c:\windows\system32\DRIVERS\axskbus.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.2.2008 20:49 13352]
S3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\drivers\M1000KNT.sys [25.12.2006 22:11 276930]
S4 BackWeb Plug-in - 7681197;F-Secure Automatic Update;c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE --> c:\progra~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [31.7.2009 17:04 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [31.7.2009 17:04 25184]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]

2009-08-02 c:\windows\Tasks\User_Feed_Synchronization-{CB8F93AA-F0A1-41BE-9268-229B640A54CD}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\j2ggv3xx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.atlas.cz/?from=icqhp
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\documents and settings\Marek\Data aplikací\Mozilla\Firefox\Profiles\j2ggv3xx.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 11:55
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\program files\F-Secure\FWES\Program\fsdc32.dll

- - - - - - - > 'lsass.exe'(840)
c:\program files\F-Secure\FSPS\program\FSLSP.DLL
c:\program files\F-Secure\FWES\Program\fsdc32.dll

- - - - - - - > 'explorer.exe'(3776)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(760)
c:\program files\F-Secure\FWES\Program\fsdc32.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\F-Secure\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure\Anti-Virus\fsgk32.exe
c:\program files\F-Secure\Common\FSMA32.EXE
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\F-Secure\Common\FSMB32.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\F-Secure\Common\FCH32.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\ScsiAccess.EXE
c:\program files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
c:\program files\F-Secure\Common\FAMEH32.EXE
c:\program files\F-Secure\Anti-Virus\fsqh.exe
c:\program files\F-Secure\FSGUI\fsguidll.exe
c:\program files\F-Secure\Anti-Virus\fssm32.exe
c:\program files\F-Secure\FSAUA\program\fsaua.exe
c:\program files\F-Secure\FWES\program\fsdfwd.exe
c:\program files\F-Secure\FSAUA\program\fsus.exe
c:\program files\F-Secure\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Celkový čas: 2009-08-02 12:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-02 10:00
ComboFix2.txt 2009-07-31 09:39
ComboFix3.txt 2009-07-30 14:57
ComboFix4.txt 2009-07-30 13:49

Před spuštěním: Volných bajtů: 144 183 808 000
Po spuštění: Volných bajtů: 145 248 690 176

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
267 --- E O F --- 2009-07-29 12:00

[fredik]

Vytvoř si na disku C novou složku a pojmenuj ji jako pch a do ní si ulož tento skript a hosts soubor.

1) Spusť Poznámkový blok (Notepad): Start -> Spustit.. otevře se ti okno a do něj napiš notepad a dej Ok.
Otevře se ti poznámkový blok a do něj zkopíruj tento zeleně označený text:

@echo Hledam soubory, pockej na zobrazeni logu...
@echo off
If Exist SFC.txt del /q SFC.txt
Dir /S/A-D "%systemdrive%\sfcfiles.dll" >>SFC.txt
Notepad SFC.txt
Del /q SFC.txt

Zvol v menu záložku Soubor -> Uložit jako... a natav/vyplň tyto údaje
Název souboru: SFC.bat
Uložit jako typ: Všechny soubory
Ulož soubor na disky u a spusť ho. Po chvíli hledání se zobrazí nové okno s výsledky, zkopíruj sem prosím celý jeho obsah.

2) Vytvoř si originální hosts soubor:
Spusť Poznámkový blok (Notepad): Start -> Spustit.. otevře se ti okno a do něj napiš notepad a dej Ok.
Otevře se ti poznámkový blok a do něj zkopíruj celý text
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

# Copyright © 1993-1999 Microsoft Corp.
# 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# 
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
# 
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
# 
# For example:
# 
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# 
127.0.0.1 localhost

Zvol v menu záložku Soubor -> Uložit jako... a natav/vyplň tyto údaje
Název souboru: hosts
Uložit jako typ: Všechny soubory
Ulož tento soubor do již předem vytvořeného adresáře (pch).

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

3) Vytvoř si nový CFScript a použij ho již známým postupem.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\drivers\etc\hosts
C:\WINDOWS\system32\drivers\etc\hosts.new

SRPeek::
c:\windows\system32\sfcfiles.dll

Reboot::

Vlož sem pak log z CF po restartu PC, který se ti zobrazí.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pak jdi přes Start => Spustit a proveď tento příkaz.
cmd /c copy c:\pch\hosts %WINDIR%\system32\drivers\etc\hosts
proveď restart PC a po najetí zpět proveď tento příkaz.
cmd /c dir /a %WINDIR%\system32\drivers\etc>>dirl.txt&dirl.txt&del dirl.txt
a vlož sem ten log co se ti zobrazí.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Použil jsi ten Dial-a-Fix jak psal Jaro3?