Torpig?

Zpráva

TomPerys · #16 Příspěvek od **TomPerys** » 30 črc 2011 10:59

tak to konečně prošlo.... musel jsem odinstalovat tu Aviru a tady je log:

ComboFix 11-07-29.01 - Tomi 30.07.2011 10:28:03.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.2046.1483 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomi\Desktop\combofix.exe
Použité ovládací přepínače :: c:\documents and settings\Tomi\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ESIHDRV
-------\Legacy_IJOGH
-------\Service_esihdrv
-------\Service_IJOGH
-------\Service_qhcend
-------\Service_xcpip
-------\Service_xpsec
-------\Legacy_utm4ode5
-------\Service_utm4ode5
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-30 )))))))))))))))))))))))))))))))
.
.
2011-07-29 14:21 . 2011-07-29 14:58 -------- d-----w- C:\Beruska.com
2011-07-29 13:43 . 2011-07-29 13:44 -------- d-----w- C:\rsit
2011-07-29 13:11 . 2011-07-30 07:32 -------- d-----w- C:\___Viry
2011-07-29 09:50 . 2011-07-29 09:50 -------- d-----w- c:\program files\LSoft Technologies
2011-07-29 09:39 . 2011-07-29 09:40 11787264 ----a-w- C:\KillDiskSuiteFree-Setup.exe
2011-07-28 11:28 . 2011-07-28 11:30 -------- d-----w- C:\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
2011-07-27 12:26 . 2011-07-28 14:04 -------- d-----w- C:\_GF
2011-07-21 15:44 . 2011-07-28 11:05 -------- d-----w- C:\gggggggggggggggggggggg
2011-07-19 04:52 . 2011-07-20 08:23 -------- d-----w- C:\_Fotky a jine prijate souory
2011-07-01 10:37 . 2011-07-01 10:37 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-01 10:37 . 2011-07-01 10:37 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:52 . 2011-04-09 18:54 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-04-09 18:54 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-02 14:02 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-26 07:07 . 2011-05-26 05:07 1350656 ---h--w- C:\~WRL0005.tmp
2011-05-11 09:57 . 2011-04-09 09:20 249856 ------w- c:\windows\Setup1.exe
2011-05-11 09:57 . 2011-04-09 09:20 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-05-11 00:45 . 2010-04-15 14:46 110592 ----a-w- c:\windows\LGMobileDL.dll
2011-05-02 15:31 . 2004-08-11 17:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2001-10-25 06:29 . 2011-01-21 17:31 13824 ----a-w- c:\program files\ColGet.exe
2006-01-23 11:32 . 2011-04-09 09:20 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 15:40 . 2011-04-09 09:20 132848 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2011-07-01 10:37 . 2011-05-31 18:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2006-09-08 835584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-19 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2007-05-31 67584]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-31 81920]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-07-20 1228800]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-18 303104]
"Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" [2011-06-08 1314308]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-6-15 110592]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDIDL~1\DVDShell.dll" [2004-10-09 49152]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ ooddrmbs\0autocheck autochk *\0oodbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VideoCam Suite 2.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VideoCam Suite 2.0.lnk
backup=c:\windows\pss\VideoCam Suite 2.0.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tomi^Start Menu^Programs^Startup^setup_9.0.0.722_15.03.2011_11-34.lnk]
path=c:\documents and settings\Tomi\Start Menu\Programs\Startup\setup_9.0.0.722_15.03.2011_11-34.lnk
backup=c:\windows\pss\setup_9.0.0.722_15.03.2011_11-34.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2010-03-17 00:29 300992 ----a-w- c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boincmgr]
2010-07-01 12:27 4862720 ----a-w- c:\program files\BOINC\boincmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray]
2010-07-01 12:27 58112 ----a-w- c:\program files\BOINC\boinctray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-08-16 11:24 167368 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 12:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-09-13 15:49 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2009-11-18 10:47 1243088 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacrokeyManager]
2009-08-11 15:51 5586664 ----a-w- c:\windows\system32\WTMKM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2009-04-07 23:39 2553088 ----a-w- c:\windows\system32\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]
2005-08-18 08:55 99328 ----a-w- c:\program files\OpenVPN\bin\openvpn-gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
2007-03-15 08:06 2225208 ----a-w- c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
2004-11-12 16:57 245760 ----a-w- c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2007-09-10 11:55 92160 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D]
2007-06-26 17:26 2058752 ----a-w- c:\program files\yodm3DII\Yodm3D.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 83587732;83587732 Boot Guard Driver;c:\windows\system32\drivers\83587732.sys [9.4.2011 11:21 37392]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9.4.2011 11:21 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9.4.2011 11:21 207792]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.4.2011 11:21 691696]
R1 83587731;83587731;c:\windows\system32\drivers\83587731.sys [9.4.2011 11:21 128016]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [10.8.2009 12:30 20480]
R1 setup_9.0.0.722_15.03.2011_11-34drv;setup_9.0.0.722_15.03.2011_11-34drv;c:\windows\system32\drivers\8358773.sys [9.4.2011 11:21 315408]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.4.2011 20:54 366640]
R2 PDRJNDL;PDRJNDL;c:\program files\Dekart\Private Disk Light\pdrjndl.sys [8.11.2002 9:42 16512]
R2 PRVDISK;PRVDISK;c:\program files\Dekart\Private Disk Light\prvdisk.sys [8.11.2002 9:42 15616]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [4.8.2004 12:00 5120]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [9.4.2011 11:21 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [9.4.2011 11:21 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [9.4.2011 11:21 12928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9.4.2011 20:54 22712]
R3 NCHSSVAD;SoundTap Recorder;c:\windows\system32\drivers\nchssvad.sys [9.4.2011 11:21 27136]
R3 OOTextMode;OOTextMode;c:\windows\system32\drivers\oobctm.sys [7.4.2009 15:00 37896]
R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [9.4.2011 11:21 6144]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [9.4.2011 11:21 26624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [9.4.2011 11:20 130384]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 r_server;Remote Administrator Service;"c:\windows\system32\r_server.exe" /service --> c:\windows\system32\r_server.exe [?]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe [21.12.2007 4:01 60928]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [9.4.2011 11:21 97536]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUsb.sys [9.4.2011 11:21 16896]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [9.4.2011 11:21 6656]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [9.4.2011 11:21 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [9.4.2011 11:21 8320]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [9.4.2011 11:21 35088]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [28.4.2011 12:22 38976]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7.4.2011 16:39 359624]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
S4 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [21.12.2007 4:00 17920]
S4 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [9.4.2011 11:20 79432]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-19 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2011-06-09 03:49]
.
2011-07-30 c:\windows\Tasks\recordpadShakeIcon.job
- c:\program files\NCH Swift Sound\Recordpad\recordpad.exe [2011-06-08 13:56]
.
2011-06-11 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2008-11-11 13:56]
.
2011-07-07 c:\windows\Tasks\wavepadDowngrade.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2008-11-11 03:48]
.
2011-06-09 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2008-11-11 03:48]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Poevést cíl vazby do Adobe PDF
IE: Poevést do Adobe PDF
IE: Poipojit cíl vazby k existujícímu PDF
IE: Poipojit k existujícímu PDF
IE: Poevést cíl vazby do Adobe PDF
IE: Poevést do Adobe PDF
IE: Poipojit cíl vazby k existujícímu PDF
IE: Poipojit k existujícímu PDF
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: microsoft.com\windowsupdate
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Tomi\Application Data\Mozilla\Firefox\Profiles\be9sv9dw.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: network.proxy.type - 4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-30 11:50
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1284850223-1950775006-3319849090-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F26B2F8-C94F-1F20-B8E0-1A3A2366167E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"haipfdeinamohbnm"=hex:61,62,63,6d,6e,61,6d,6b,61,6b,61,61,68,67,6d,6a,6e,61,
68,6f,64,66,62,66,66,66,63,6d,62,62,67,6a,69,68,00,dc
"jajpcdckchplflfgmjog"=hex:6f,61,65,6d,67,62,6d,62,6e,63,6a,6a,62,70,69,64,6b,
6a,61,6b,67,70,61,67,6a,61,6b,67,6a,6c,00,77
.
[HKEY_USERS\S-1-5-21-1284850223-1950775006-3319849090-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:82,ac,4c,bc,32,f1,5d,55,c3,ee,b6,26,c5,3a,5a,2b,b2,99,7f,60,61,72,3e,
a4,93,20,84,3f,e6,68,e1,95,98,6c,e5,e9,f5,34,55,6e,4f,62,8d,99,aa,c0,5b,77,\
"??"=hex:2f,27,d3,c6,f3,8c,d6,6b,40,32,7e,e4,c4,1f,8a,85
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="9631130CE4F2A2D33D0292EC10C4553C170EB6E23AFEFD4B3530414696BA265E8C698B6413B9EDE073E976DA37B914366A2B8C87DCD5CCAE3D9F8B07357AEA0CEBE6B2401665D71EE81BE10827BCDE61A3290B4C53A943BBE741F2528815A5BE0AC9C28755614601DFEE65FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407BA7FD869164D6794A2D97226D213B55538BE693FCC783C076C99A7735530636CE1B6A6252CF501E2D58BE59F1C67C71DC6E3469883735037C168CCE3ACD31A1CC10E768235DBAE2E1BC41AF68212C7507F005BED4C200AB087052C362C0ED16C52965F0E4C4C8BFA38E54D3417139CF7015482D5828EE329BC1007C6E1DA3CE6966DAB0752D0A0C84E27F19BA99FCA26B05978BC06BFF8E8A55B82C45DA831ABD1E2898225619EA9C4775EC90CDD7B0533395BDFBBA50C4D4B7028B4B3D6A7EA0FFB0DE82E70D646C4F8D0A994EAF84FF5503252892C01C8F90B666D7D3E406C9A6FA979D4DDC1D83DFE667E1ED634D5A6B364FA5C2FDFDEC0180D1C5728BA88052B3BC186037931E015A3DD88A5BF7C38A83E15A201572AF43E51BEE1517E30A4D0812836293DB224776FB0B34ED43DE2AA70AE51E4B7D6AD52CE2A41EC94E311B11CE559116FD3421915360ABECF22A1E68E2BDF9475A748E081869E222A3BA8599407E8EC1721B89DC30073552ECCB2C012C0C83DA97064AA4A4E278713DE0C83536C63E25FB8CAE010F25EE616F099CDD6FA0C00919B65226FD20BAEC48E219FA54A490F964EFCEDEFC93FBACED71F5A1EB72E718E2674ED1AB67E17D79A1153C02AA18030A91B08C0908C0E44DB4B638AA9B69BA321FC6BD6F1BA398B6BC776B9E875B944A5B124BF2B3F1086EF701C25593079FAB1302898D0FBFBC07A77960B3752B20BB0946B114ED665C89520EA5C1F2C7EE11180E934F20441FD5514739299C854E44FD9BC3D8357A563E6B06A7DAB3C8E488CA727E24B16D7ED9F58019368717FD5985A282DA9C45C538F3FE83F0179034306A08AC1A2FA07DC0F40E8B3D0620802B73573B3F12D0A364F2A69B8F47F270DF2ACF3D21500093D6D0E077D543C3237EB4B1981611CA351FB932267B4EC3F81DBCFF7FB90F58AA51AC56CDF471F3B6309C4C52E52258F0D7C647DAA3DE6FC205DD15D05DAB030CE0631DD2D52B05197740B5AB6F3DFAAF34DC51AC661130C90A9BEA09B0B898D9738DD521C721B180D2B4B6D79C56645B77FA8CA65C81E889A06E6EE538CDCAD02C99B77C5770B261EBB77493A1ED6A2A9B63F15926DB8822A4C5EAD9E1F8B8EB36B01AE2A07B406494A47E99F28D47BC4AA0134BD1E95005169FC7558D67AA2755D660AA91A4AB7B10EB402B5DF067B2329A9973CFE6B"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\xampp\mysql\bin\mysqld-nt.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nisvcloc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\StacSV.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\atwtusb.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\stsystra.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Celkový čas: 2011-07-30 11:57:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-30 09:57
ComboFix2.txt 2011-07-29 14:58
.
Před spuštěním: 13 528 944 640 bytes free
Po spuštění: 13 418 426 368 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,5
- - End Of File - - BAF56786E1236ACF4E02F8A301A8AB9D

TomPerys · #17 Příspěvek od **TomPerys** » 30 črc 2011 17:54

Btw ta avira pořád nefunguje, když dám kompletní test tak viz ten screenshot co jsem přikládal minule, vždycky vyhodí chybu a ukončí se.... takže asi nemá smysl to mít vůbec nainstalované

EDIT: nachazi mi ale nejale infekce, napr.:

Virus or unwanted program 'EXP/Agent.bb.8 [exploit]'
detected in file 'C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP122\A0028821.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Expl.IMG-WMF.caq [trojan]'
detected in file 'C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP122\A0028822.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Expl.IMG-WMF.chu [trojan]'
detected in file 'C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP122\A0028823.exe.
Action performed: Deny access

Virus or unwanted program 'TR/Drop.Delf.iqm [trojan]'
detected in file 'C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP119\A0024730.exe.
Action performed: Deny access

The file 'C:\OpenSSL\bin\ideatest.exe'
contained a virus or unwanted program 'TR/Expl.IMG-WMF.caq' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '540db33e.qua'.

Virus or unwanted program 'TR/Drop.Delf.iqm [trojan]'
detected in file 'C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP119\A0024730.exe.
Action performed: Deny access

The file 'C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP119\A0024730.exe'
contained a virus or unwanted program 'TR/Drop.Delf.iqm' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4c67ea37.qua'.

atd.........................

#18 Příspěvek od **vyosek** » 30 črc 2011 19:37

Havet se usadila v bodech obnoveni - smazte je dle navodu kolegy riffa http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

Udelejte kompletni sken AVP Toolem http://viry.cz/forum/viewtopic.php?f=29&t=58179

TomPerys · #19 Příspěvek od **TomPerys** » 31 črc 2011 08:01

Log z AVP:

Status: Disinfected (events: 4)
30.7.2011 23:47:25 Disinfected Trojan program Trojan.BAT.ExitWindows.b C:\_GF\_CR\Install_Tomb\_SW\Sound\Voice.zip High
30.7.2011 23:47:25 Disinfected Trojan program Trojan.BAT.ExitWindows.b C:\_GF\_CR\Install_Tomb\_SW\Sound\Voice.zip/Voice/Scripts/vypnout.vfs High
30.7.2011 23:47:25 Disinfected Trojan program Trojan.BAT.ExitWindows.b C:\_GF\_CR\Install_Tomb\_SW\Sound\Voice.zip/Voice/Scripts.zip High
30.7.2011 23:47:24 Disinfected Trojan program Trojan.BAT.ExitWindows.b C:\_GF\_CR\Install_Tomb\_SW\Sound\Voice.zip/Voice/Scripts.zip/Scripts/vypnout.vfs High

#20 Příspěvek od **vyosek** » 31 črc 2011 11:03

Jak se chova PC

TomPerys · #21 Příspěvek od **TomPerys** » 31 črc 2011 14:03

zda se zatim ze normalne snad..... nainstaloval jsem si mito Aviry NOD

#22 Příspěvek od **vyosek** » 31 črc 2011 17:01

NOD je placeny, uvazujete o koupi jeho licence

Jinak spise mohu doporucit Avast

TomPerys · #23 Příspěvek od **TomPerys** » 31 črc 2011 18:28

no teď mám 30 denní zkušební verzi, pokud je ale lepší než avast (což asi bude že?) tak si klidně licenci koupím

#24 Příspěvek od **vyosek** » 31 črc 2011 19:50

Uprimne, neni - Avast ve sve sestkove verzi dosahuje vetsich kvalit i presto ze je zadarmo...

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Torpig?

Re: Torpig?

Re: Torpig?

Re: Torpig?

Re: Torpig?

Re: Torpig?

Re: Torpig?

Re: Torpig?

Re: Torpig?

Re: Torpig?