Facebook vir

[terra1987]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Anička at 2011-07-26 13:30:15
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (47%) free of 34 GB
Total RAM: 1791 MB (65% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-57989841-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-57989841-682003330-1003UA.job
C:\WINDOWS\tasks\SDMsgUpdate (TE).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-04-27 7561216]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-04-27 86016]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]
"WinampAgent"=C:\Program Files\Winamp\Winampa.exe [2011-03-17 24576]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"MagicKey"=C:\PROGRA~1\MEDIAK~1\MagicKey.exe [2004-03-15 45056]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"59842797-loader2.exe"=C:\DOCUME~1\ANIKA~1\LOCALS~1\Temp\59842797-loader2.exe [2011-07-26 256000]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-26 256000]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-26 256000]
"218648.exe"=C:\WINDOWS\TEMP\218648.exe [2011-07-26 256000]
"7082263.exe"=C:\WINDOWS\TEMP\7082263.exe [2011-07-26 495616]
"86674248-loader2.exe"=C:\WINDOWS\TEMP\86674248-loader2.exe [2011-07-26 256000]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-26 232960]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-26 114176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Anička\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-03-17 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\WINDOWS\sm56hlpr.exe [2006-03-21 544768]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe"="C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor"
"C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com"="C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com:*:Disabled:Statistics18:com"
"C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe"="C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe:*:Disabled:Statistics18:exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\StrongDC++\StrongDC.exe"="C:\Program Files\StrongDC++\StrongDC.exe:*:Enabled:StrongDC++"
"F:\_Hry\Age of Empires 2\empires2.exe"="F:\_Hry\Age of Empires 2\empires2.exe:*:Enabled:Age of Empires II"
"F:\_Hry\Age of Empires II\age2_x1\age2_x1.exe"="F:\_Hry\Age of Empires II\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\Documents and Settings\Anička\Local Settings\Temp\7zS164.tmp\avgmfapx.exe"="C:\Documents and Settings\Anička\Local Settings\Temp\7zS164.tmp\avgmfapx.exe:*:Enabled:AVG Installer Application"
"C:\Program Files\AVAST Software\Avast\Setup\avast.setup"="C:\Program Files\AVAST Software\Avast\Setup\avast.setup:*:Enabled:avast! antivirus Update"
"D:\_Hry\The Sims 2 Život v bytě\TSBin\Sims2Launcher.exe"="D:\_Hry\The Sims 2 Život v bytě\TSBin\Sims2Launcher.exe:*:Enabled:The Sims 2 Launcher"
"C:\Documents and Settings\Anička\Dokumenty\Downloads\RSIT.exe"="C:\Documents and Settings\Anička\Dokumenty\Downloads\RSIT.exe:*:Enabled:RSIT"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=serwvdrv.dll
"MSVideo8"=VfWWDM32.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll

======List of files/folders created in the last 1 month======

2011-07-26 13:26:23 ----D---- C:\Program Files\trend micro
2011-07-26 13:26:22 ----D---- C:\rsit
2011-07-26 13:11:11 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2011-07-26 12:31:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-07-26 12:26:27 ----D---- C:\WINDOWS\ufa
2011-07-26 12:26:27 ----D---- C:\WINDOWS\rpcminer
2011-07-26 12:26:27 ----D---- C:\WINDOWS\phoenix
2011-07-26 12:25:45 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-26 12:25:12 ----HD---- C:\WINDOWS\update.5.0
2011-07-26 12:11:04 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-26 12:11:02 ----A---- C:\WINDOWS\systemup.exe
2011-07-26 12:05:48 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-26 12:05:46 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-26 12:04:54 ----A---- C:\WINDOWS\unrar.exe
2011-07-26 12:04:32 ----SHD---- C:\WINDOWS\assembly
2011-07-26 12:03:52 ----HD---- C:\WINDOWS\update.2
2011-07-26 12:02:05 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-26 12:01:56 ----A---- C:\WINDOWS\iplist.txt
2011-07-26 12:01:51 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-16 17:31:42 ----A---- C:\AILog.txt
2011-06-30 17:16:00 ----D---- C:\Program Files\Common Files\Adobe
2011-06-30 17:16:00 ----D---- C:\Program Files\Adobe

======List of files/folders modified in the last 1 month======

2011-07-26 13:29:26 ----D---- C:\WINDOWS\Prefetch
2011-07-26 13:26:23 ----RD---- C:\Program Files
2011-07-26 12:54:28 ----D---- C:\WINDOWS\Temp
2011-07-26 12:47:47 ----A---- C:\WINDOWS\wincmd.ini
2011-07-26 12:34:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-07-26 12:34:48 ----D---- C:\WINDOWS
2011-07-26 12:34:47 ----D---- C:\WINDOWS\system32
2011-07-26 12:34:46 ----D---- C:\WINDOWS\system32\drivers
2011-07-26 12:12:09 ----SHD---- C:\System Volume Information
2011-07-26 12:12:09 ----D---- C:\WINDOWS\system32\Restore
2011-07-26 12:04:15 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-26 08:31:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-26 08:01:27 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-25 11:19:31 ----D---- C:\Documents and Settings\Anička\Data aplikací\uTorrent
2011-07-22 14:05:32 ----A---- C:\WINDOWS\winamp.ini
2011-07-22 09:55:03 ----D---- C:\Documents and Settings\Anička\Data aplikací\HPAppData
2011-07-18 22:13:51 ----D---- C:\Documents and Settings\Anička\Data aplikací\vlc
2011-07-18 17:25:45 ----RSD---- C:\WINDOWS\Fonts
2011-07-01 11:29:49 ----HD---- C:\Config.Msi
2011-06-30 17:16:41 ----SHD---- C:\WINDOWS\Installer
2011-06-30 17:16:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-06-30 17:16:00 ----D---- C:\Program Files\Common Files

[JaRon]

najprv vycisti PC s MBAM - restart a vloz dalsi log RSIT

[terra1987]

Ahoj,
postupovala jsem podle návodu, ale na konci mi nevyjela ta tabulka, kde mají být infikované objekty ani žádné "sken byl úspěšně dokončen".
Posílám nový log, ale asi to nebude k ničemu.


Logfile of random's system information tool 1.09 (written by random/random)
Run by Anička at 2011-07-26 13:48:31
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (52%) free of 34 GB
Total RAM: 1791 MB (72% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-57989841-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-57989841-682003330-1003UA.job
C:\WINDOWS\tasks\SDMsgUpdate (TE).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-04-27 7561216]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-04-27 86016]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]
"WinampAgent"=C:\Program Files\Winamp\Winampa.exe [2011-03-17 24576]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"MagicKey"=C:\PROGRA~1\MEDIAK~1\MagicKey.exe [2004-03-15 45056]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"59842797-loader2.exe"=C:\DOCUME~1\ANIKA~1\LOCALS~1\Temp\59842797-loader2.exe [2011-07-26 256000]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-26 261632]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-26 256000]
"218648.exe"=C:\WINDOWS\TEMP\218648.exe [2011-07-26 256000]
"7082263.exe"=C:\WINDOWS\TEMP\7082263.exe [2011-07-26 495616]
"86674248-loader2.exe"=C:\WINDOWS\TEMP\86674248-loader2.exe [2011-07-26 256000]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-26 235520]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-26 118784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Anička\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-03-17 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\WINDOWS\sm56hlpr.exe [2006-03-21 544768]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe"="C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor"
"C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com"="C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com:*:Disabled:Statistics18:com"
"C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe"="C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe:*:Disabled:Statistics18:exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\StrongDC++\StrongDC.exe"="C:\Program Files\StrongDC++\StrongDC.exe:*:Enabled:StrongDC++"
"F:\_Hry\Age of Empires 2\empires2.exe"="F:\_Hry\Age of Empires 2\empires2.exe:*:Enabled:Age of Empires II"
"F:\_Hry\Age of Empires II\age2_x1\age2_x1.exe"="F:\_Hry\Age of Empires II\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\Documents and Settings\Anička\Local Settings\Temp\7zS164.tmp\avgmfapx.exe"="C:\Documents and Settings\Anička\Local Settings\Temp\7zS164.tmp\avgmfapx.exe:*:Enabled:AVG Installer Application"
"C:\Program Files\AVAST Software\Avast\Setup\avast.setup"="C:\Program Files\AVAST Software\Avast\Setup\avast.setup:*:Enabled:avast! antivirus Update"
"D:\_Hry\The Sims 2 Život v bytě\TSBin\Sims2Launcher.exe"="D:\_Hry\The Sims 2 Život v bytě\TSBin\Sims2Launcher.exe:*:Enabled:The Sims 2 Launcher"
"C:\Documents and Settings\Anička\Dokumenty\Downloads\RSIT.exe"="C:\Documents and Settings\Anička\Dokumenty\Downloads\RSIT.exe:*:Enabled:RSIT"
"C:\Documents and Settings\Anička\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe"="C:\Documents and Settings\Anička\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe:*:Enabled:Instalační program Google"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"D:\Malwarebytes' Anti-Malware\mbam.exe"="D:\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Documents and Settings\Anička\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Anička\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Documents and Settings\Anička\Dokumenty\Downloads\RSIT (1).exe"="C:\Documents and Settings\Anička\Dokumenty\Downloads\RSIT (1).exe:*:Enabled:RSIT (1)"
"C:\WINDOWS\l1rezerv.exe"="C:\WINDOWS\l1rezerv.exe:*:Enabled:l1rezerv"
"C:\Documents and Settings\Anička\Dokumenty\Downloads\RSIT (2).exe"="C:\Documents and Settings\Anička\Dokumenty\Downloads\RSIT (2).exe:*:Enabled:RSIT (2)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=serwvdrv.dll
"MSVideo8"=VfWWDM32.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll

======List of files/folders created in the last 1 month======

2011-07-26 13:38:02 ----D---- C:\Documents and Settings\Anička\Data aplikací\Malwarebytes
2011-07-26 13:37:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-07-26 13:37:45 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-07-26 13:37:42 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-07-26 13:37:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-26 13:26:23 ----D---- C:\Program Files\trend micro
2011-07-26 13:26:22 ----D---- C:\rsit
2011-07-26 13:11:11 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2011-07-26 12:31:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-07-26 12:26:27 ----D---- C:\WINDOWS\ufa
2011-07-26 12:26:27 ----D---- C:\WINDOWS\rpcminer
2011-07-26 12:26:27 ----D---- C:\WINDOWS\phoenix
2011-07-26 12:25:45 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-26 12:25:12 ----HD---- C:\WINDOWS\update.5.0
2011-07-26 12:11:04 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-26 12:11:02 ----A---- C:\WINDOWS\systemup.exe
2011-07-26 12:05:48 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-26 12:05:46 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-26 12:04:54 ----A---- C:\WINDOWS\unrar.exe
2011-07-26 12:04:32 ----SHD---- C:\WINDOWS\assembly
2011-07-26 12:03:52 ----HD---- C:\WINDOWS\update.2
2011-07-26 12:02:05 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-26 12:01:56 ----A---- C:\WINDOWS\iplist.txt
2011-07-26 12:01:51 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-16 17:31:42 ----A---- C:\AILog.txt
2011-06-30 17:16:00 ----D---- C:\Program Files\Common Files\Adobe
2011-06-30 17:16:00 ----D---- C:\Program Files\Adobe

======List of files/folders modified in the last 1 month======

2011-07-26 13:47:40 ----D---- C:\WINDOWS\Prefetch
2011-07-26 13:46:35 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-26 13:46:34 ----D---- C:\WINDOWS\Temp
2011-07-26 13:45:30 ----A---- C:\WINDOWS\wincmd.ini
2011-07-26 13:44:25 ----D---- C:\WINDOWS\system32\drivers
2011-07-26 13:43:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-26 13:37:41 ----RD---- C:\Program Files
2011-07-26 12:34:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-07-26 12:34:48 ----D---- C:\WINDOWS
2011-07-26 12:34:47 ----D---- C:\WINDOWS\system32
2011-07-26 12:12:09 ----SHD---- C:\System Volume Information
2011-07-26 12:12:09 ----D---- C:\WINDOWS\system32\Restore
2011-07-26 12:04:15 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-25 11:19:31 ----D---- C:\Documents and Settings\Anička\Data aplikací\uTorrent
2011-07-22 14:05:32 ----A---- C:\WINDOWS\winamp.ini
2011-07-22 09:55:26 ----D---- C:\Documents and Settings\Anička\Data aplikací\HPAppData
2011-07-18 22:13:51 ----D---- C:\Documents and Settings\Anička\Data aplikací\vlc
2011-07-18 17:25:45 ----RSD---- C:\WINDOWS\Fonts
2011-07-01 11:29:49 ----HD---- C:\Config.Msi
2011-06-30 17:16:41 ----SHD---- C:\WINDOWS\Installer
2011-06-30 17:16:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-06-30 17:16:00 ----D---- C:\Program Files\Common Files

[JaRon]

Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

File::
C:\DOCUME~1\ANIKA~1\LOCALS~1\Temp\59842797-loader2.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\sysdriver32_.exe
C:\WINDOWS\TEMP\218648.exe
C:\WINDOWS\TEMP\7082263.exe 
C:\WINDOWS\TEMP\86674248-loader2.exe 
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\systemup.exe 

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:



po aplikacii by mal vzniknut dalsi log, ten vloz sem

[terra1987]

Nový log:

ComboFix 11-07-26.02 - Anička 26.07.2011 14:23:37.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1791.1468 [GMT 2:00]
Spuštěný z: c:\documents and settings\AniŔka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\AniŔka\Plocha\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\ANIKA~1\LOCALS~1\Temp\59842797-loader2.exe
c:\windows\$NtUninstallKB47645$
c:\windows\$NtUninstallKB47645$\3428092342\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB47645$\3428092342\L\zaehxasq
c:\windows\$NtUninstallKB47645$\3428092342\loader.tlb
c:\windows\$NtUninstallKB47645$\3428092342\U\@00000001
c:\windows\$NtUninstallKB47645$\3428092342\U\@000000c0
c:\windows\$NtUninstallKB47645$\3428092342\U\@000000cb
c:\windows\$NtUninstallKB47645$\3428092342\U\@000000cf
c:\windows\$NtUninstallKB47645$\3428092342\U\@80000000
c:\windows\$NtUninstallKB47645$\3428092342\U\@800000c0
c:\windows\$NtUninstallKB47645$\3428092342\U\@800000cb
c:\windows\$NtUninstallKB47645$\3428092342\U\@800000cf
c:\windows\$NtUninstallKB47645$\4181075911
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\phoenix.rar
c:\windows\rpcminer.rar
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\c_73341.nls
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\TEMP\218648.exe
c:\windows\TEMP\86674248-loader2.exe
c:\windows\ufa.rar
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
.
Nakažená kopie c:\windows\system32\drivers\ipsec.sys byla nalezena a vyléčena.
Obnovena kopie z - The cat found it
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_SRVSYSDRIVER32
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Legacy_srvbtcclient
-------\Legacy_srvbtcclient
-------\Service_srvbtcclient
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 12:18 . 2008-04-13 22:49 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2011-07-26 12:18 . 2008-04-13 22:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-07-26 11:38 . 2011-07-26 11:38 -------- d-----w- c:\documents and settings\Anička\Data aplikací\Malwarebytes
2011-07-26 11:37 . 2011-07-26 11:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-26 11:37 . 2011-07-26 11:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-26 11:26 . 2011-07-26 11:48 -------- d-----w- c:\program files\trend micro
2011-07-26 11:26 . 2011-07-26 11:52 -------- d-----w- C:\rsit
2011-07-26 11:11 . 2011-07-26 11:11 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-07-26 10:31 . 2011-07-26 10:31 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-07-26 10:26 . 2011-07-26 10:26 -------- d-----w- c:\windows\rpcminer
2011-07-26 10:26 . 2011-07-26 10:26 -------- d-----w- c:\windows\phoenix
2011-07-26 10:26 . 2011-07-26 10:26 -------- d-----w- c:\windows\ufa
2011-07-26 10:04 . 2011-07-26 10:26 246272 ----a-w- c:\windows\unrar.exe
2011-06-30 15:16 . 2011-06-30 15:16 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 16:12 . 2011-03-27 08:54 2828 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-12 . 977034D14621DE018E779C672DDF8472 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-06-12 . C71BB4782833750BF4C02AC30ED670B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
"nwiz"="nwiz.exe" [2006-04-27 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"WinampAgent"="c:\program files\Winamp\Winampa.exe" [2011-03-17 24576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"MagicKey"="c:\progra~1\MEDIAK~1\MagicKey.exe" [2004-03-15 45056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-03-21 14:54 544768 ----a-r- c:\windows\sm56hlpr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\WinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.com"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\StrongDC++\\StrongDC.exe"=
"c:\\Documents and Settings\\Anička\\Dokumenty\\Downloads\\RSIT.exe"=
"c:\\Documents and Settings\\Anička\\Local Settings\\Data aplikací\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Documents and Settings\\Anička\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Anička\\Dokumenty\\Downloads\\RSIT (1).exe"=
"c:\\Documents and Settings\\Anička\\Dokumenty\\Downloads\\RSIT (2).exe"=
.
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [17.3.2011 22:42 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [17.3.2011 22:42 7808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-26 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2011-05-18 17:29]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 1.1.1.17 1.1.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
HKLM-Run-systemup - c:\windows\systemup.exe
AddRemove-Age of Empires 2.0 - f:\_hry\Age of Empires II\UNINSTAL.EXE
AddRemove-Age of Empires II: The Conquerors Expansion 1.0 - f:\_hry\Age of Empires II\UNINSTALX.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 14:30
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 14:30:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 12:30
.
Před spuštěním: Volných bajtů: 21 814 255 616
Po spuštění: Volných bajtů: 21 926 129 664
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - EF13A4130918855EC890EC15800FFAD3

[JaRon]

vypada to fajn - teraz zopakuj ten MBAM

[terra1987]

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7281

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

26.7.2011 14:47:30
mbam-log-2011-07-26 (14-47-26).txt

Typ kontroly: Rychlý test
Testované objekty: 150906
Uplynulý čas: 1 minut, 45 sekund

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 1
Infikované soubory: 15

Infikované procesy v paměti:
c:\WINDOWS\system32\nvsvc32.exe (Trojan.PatchLoad) -> 1324 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NVSvc (Trojan.PatchLoad) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\WINDOWS\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované soubory:
c:\WINDOWS\system32\nvsvc32.exe (Trojan.PatchLoad) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.

[JaRon]

najdene nechaj odstranit v MBAM - restart - uplna kontrola s MBAM

[terra1987]

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7281

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

26.7.2011 15:09:59
mbam-log-2011-07-26 (15-09-55).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 193806
Uplynulý čas: 15 minut, 50 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\system volume information\_restore{f159dd35-cc6b-4975-b9fb-d219be7dd84d}\RP100\A0022388.exe (Trojan.Agent) -> No action taken.

[JaRon]

vypni obnovu systemu - restart - zapni obnovu systemu = hotovo/cisto

[terra1987]

Děkuji moc. Už jsem myslela, že to budu muset zase celé formátovat.

[JaRon]

format je krajne riesenie
rado sa stalo