Virus

[vyosek]

Nedavejte prosim logy do code - spatne se to lusti a boli z toho oci

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe ale nespoustejte

Pokud nemate, tak presunte Combofix na plochu

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  c:\program files\ask.com
  c:\program files\daemon tools toolbar
  c:\documents and settings\trip\data aplikací\s-2535-6853-2745
  c:\documents and settings\trip\data aplikací\microsoft-5858-2574
  c:\program files\da6006
  c:\documents and settings\trip\data aplikací\main
  
  DDS::
  uStart Page = file://localhost/C:/www.google.com.htm
  uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
  uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
  uURLSearchHooks: H - No File
  mURLSearchHooks: H - No File
  mURLSearchHooks: H - No File
  mURLSearchHooks: H - No File
  BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
  BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~1\search~1\SEARCH~1.DLL
  BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
  BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
  BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\toolbar\grabber.dll
  TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
  TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
  TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
  TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
  TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
  TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
  uRun: [Advanced SystemCare 3]
  uRun: [MSNUpdMgr] c:\documents and settings\all users\wincdsvn.exe
  uRun: [MicrosoftUpdateServices] \Documents and Settings\trip\winusbsmgr.exe
  uRun: [WinCtrlSrvc] c:\documents and settings\trip\data aplikací\s-2535-6853-2745\winrcsnc.exe
  uRun: [MicrosoftSrvMgr] c:\documents and settings\all users\winrcsns.exe
  uRun: [MicrosoftMSDNService] c:\documents and settings\trip\msnsrvcn.exe
  uRun: [MicrosoftDriverSetup] c:\documents and settings\trip\wincdsvn.exe
  uRun: [MicrosoftMSDUpdateService] c:\documents and settings\trip\data aplikací\microsoft-5858-2574\winsvcrn.exe
  uRun: [HKCU] c:\documents and settings\trip\data aplikací\main\explorer.exe
  mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
  mRun: [Adobe Reader Speed Launcher]
  mRun: [Adobe ARM]
  mRun: [Malwarebytes' Anti-Malware]
  mRun: [DivXUpdate]
  mRun: [SunJavaUpdateSched21] c:\program files\da6006\jusched.exe
  mRun: [SunJavaUpdateSched,]
  mRun: [HKLM] c:\documents and settings\trip\data aplikací\main\explorer.exe
  uExplorerRun: [Policies] c:\documents and settings\trip\data aplikací\main\explorer.exe
  mExplorerRun: [Policies] c:\documents and settings\trip\data aplikací\main\explorer.exe
  Notify: cryptnet32 - cryptnet32.dll
  SSODL: fXmnrFbljhXzg - {00DA6007-AA70-CAAD-AAFC-D3BE4A0332D5} - c:\windows\system32\emv.dll
  mASetup: {8AV55GF5-8W3Q-FA6U-QNU3-24G40SW0S41K} - c:\windows\main\explorer.exe\install\iexplorer.exe
  mASetup: {MA3H288F-2K56-6YIU-1U82-8861R7BS01B2} - c:\documents and settings\trip\data aplikací\main\explorer.exe
  
  Driver::
  gupdate1ca50e03795450a
  gupdatem
  XDva385
  
  AtJob::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Quiller]

zde je ten log


ComboFix 11-09-06.01 - Ivan 06.09.2011 13:47:43.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.448 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ivan\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ivan\Plocha\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\89712094bdad.exe
C:\897120dfa94bdad.exe
c:\documents and settings\all users\wincdsvn.exe
c:\documents and settings\all users\winrcsns.exe
c:\documents and settings\All Users\winusbsmgr.exe
c:\documents and settings\Ivan\Data aplikací\Rock.exe
c:\documents and settings\Ivan\Data aplikací\Sharecash_Survey_Helper.exe
c:\documents and settings\Ivan\Data aplikací\Win32utils.exe
c:\documents and settings\Ivan\WINDOWS
c:\documents and settings\trip\AGDJGDJGMJ.exe
c:\documents and settings\trip\AVSPMJGDAV.exe
c:\documents and settings\trip\DAGDAGDAVD.exe
c:\documents and settings\trip\DAGDJGDJGM.exe
c:\documents and settings\trip\DJGDJGMJPM.exe
c:\documents and settings\trip\DJGMJPMJPM.exe
c:\documents and settings\trip\GDAGDJGMJG.exe
c:\documents and settings\trip\GDJGMJGMJP.exe
c:\documents and settings\trip\GMJGMJPMJP.exe
c:\documents and settings\trip\JGMJPMJGMJ.exe
c:\documents and settings\trip\JGMJPMSPMS.exe
c:\documents and settings\trip\JGMJPMSPVS.exe
c:\documents and settings\trip\JPMJPMSPMS.exe
c:\documents and settings\trip\JPMSPVSPVS.exe
c:\documents and settings\trip\MJGMJPMJGD.exe
c:\documents and settings\trip\MJPMJGMJGD.exe
c:\documents and settings\trip\MJPMSPMSPV.exe
c:\documents and settings\trip\msnsrvcn.exe
c:\documents and settings\trip\MSPMSPVSAV.exe
c:\documents and settings\trip\MSPVSPVSAV.exe
c:\documents and settings\trip\PMJGDAVSPM.exe
c:\documents and settings\trip\SAVDAVDAGD.exe
c:\documents and settings\trip\SPMSPMJGDA.exe
c:\documents and settings\trip\SPVSAVDAVD.exe
c:\documents and settings\trip\VDAGDJGDJG.exe
c:\documents and settings\trip\VDAVDAGDAV.exe
c:\documents and settings\trip\wincdsvn.exe
c:\documents and settings\trip\WINDOWS
c:\documents and settings\trip\winrcsns.exe
c:\documents and settings\trip\winusbsmgr.exe
C:\Images
c:\images\3da.jpg
c:\images\ts_back2.gif
C:\install.exe
C:\n.exe
C:\New Folder .exe
c:\progra~1\search~1\SEARCH~1.DLL
c:\progra~1\speedb~1\toolbar\grabber.dll
c:\program files\analog devices\core\smax4pnp.exe
c:\program files\ask.com
c:\program files\ask.com\cobrand.ico
c:\program files\ask.com\config.xml
c:\program files\ask.com\favicon.ico
c:\program files\ask.com\fv_b1.ico
c:\program files\ask.com\GenericAskToolbar.dll
c:\program files\ask.com\mupcfg.xml
c:\program files\ask.com\SaUpdate.exe
c:\program files\ask.com\UpdateTask.exe
c:\program files\conduitengine\ConduitEngine.dll
c:\program files\da6006
c:\program files\da6006\Help.hlp
c:\program files\da6006\jusched.exe
c:\program files\daemon tools toolbar
c:\program files\daemon tools toolbar\_DTLite.xml
c:\program files\daemon tools toolbar\DTToolbar.dll
c:\program files\daemon tools toolbar\Resources\about.ico
c:\program files\daemon tools toolbar\Resources\AboutWindow.ico
c:\program files\daemon tools toolbar\Resources\accept.ico
c:\program files\daemon tools toolbar\Resources\AddRadioStation.ico
c:\program files\daemon tools toolbar\Resources\ARA.xml
c:\program files\daemon tools toolbar\Resources\as.ico
c:\program files\daemon tools toolbar\Resources\as.png
c:\program files\daemon tools toolbar\Resources\astro.ico
c:\program files\daemon tools toolbar\Resources\astro_audio.ico
c:\program files\daemon tools toolbar\Resources\astro_buy.ico
c:\program files\daemon tools toolbar\Resources\astro_download.ico
c:\program files\daemon tools toolbar\Resources\astro_feedback.ico
c:\program files\daemon tools toolbar\Resources\astro_forum.ico
c:\program files\daemon tools toolbar\Resources\astro_home.ico
c:\program files\daemon tools toolbar\Resources\astro_lite.ico
c:\program files\daemon tools toolbar\Resources\astroburn_site.ico
c:\program files\daemon tools toolbar\Resources\astroLite_16.ico
c:\program files\daemon tools toolbar\Resources\az.ico
c:\program files\daemon tools toolbar\Resources\AZE.xml
c:\program files\daemon tools toolbar\Resources\b1.png
c:\program files\daemon tools toolbar\Resources\burn_files.ico
c:\program files\daemon tools toolbar\Resources\burn_image.ico
c:\program files\daemon tools toolbar\Resources\burn_imgs.ico
c:\program files\daemon tools toolbar\Resources\BurnImage.ico
c:\program files\daemon tools toolbar\Resources\buy.ico
c:\program files\daemon tools toolbar\Resources\cal.ico
c:\program files\daemon tools toolbar\Resources\Config.ico
c:\program files\daemon tools toolbar\Resources\d.ico
c:\program files\daemon tools toolbar\Resources\d2.ico
c:\program files\daemon tools toolbar\Resources\daemon.ico
c:\program files\daemon tools toolbar\Resources\daemon_search.ico
c:\program files\daemon tools toolbar\Resources\daemon_search_site.ico
c:\program files\daemon tools toolbar\Resources\DEU.xml
c:\program files\daemon tools toolbar\Resources\dot_disabled.bmp
c:\program files\daemon tools toolbar\Resources\dot_enabled.bmp
c:\program files\daemon tools toolbar\Resources\dot_on_over.bmp
c:\program files\daemon tools toolbar\Resources\download.ico
c:\program files\daemon tools toolbar\Resources\ds.ico
c:\program files\daemon tools toolbar\Resources\dsearch.ico
c:\program files\daemon tools toolbar\Resources\dt-home.ico
c:\program files\daemon tools toolbar\Resources\dt.ico
c:\program files\daemon tools toolbar\Resources\dt_about.ico
c:\program files\daemon tools toolbar\Resources\dt_buy.ico
c:\program files\daemon tools toolbar\Resources\dt_download.ico
c:\program files\daemon tools toolbar\Resources\dt_faq.ico
c:\program files\daemon tools toolbar\Resources\dt_feedback.ico
c:\program files\daemon tools toolbar\Resources\dt_forum.ico
c:\program files\daemon tools toolbar\Resources\dt_line.ico
c:\program files\daemon tools toolbar\Resources\dt_lite.ico
c:\program files\daemon tools toolbar\Resources\dt_manual.ico
c:\program files\daemon tools toolbar\Resources\dt_pro.ico
c:\program files\daemon tools toolbar\Resources\DTPro.ico
c:\program files\daemon tools toolbar\Resources\dtt16.ico
c:\program files\daemon tools toolbar\Resources\dtt32.ico
c:\program files\daemon tools toolbar\Resources\Dwnl.ico
c:\program files\daemon tools toolbar\Resources\emulation.ico
c:\program files\daemon tools toolbar\Resources\ENG.xml
c:\program files\daemon tools toolbar\Resources\faq.ico
c:\program files\daemon tools toolbar\Resources\favicon.ico
c:\program files\daemon tools toolbar\Resources\fb.ico
c:\program files\daemon tools toolbar\Resources\features.ico
c:\program files\daemon tools toolbar\Resources\feedback.ico
c:\program files\daemon tools toolbar\Resources\forum.ico
c:\program files\daemon tools toolbar\Resources\FRA.xml
c:\program files\daemon tools toolbar\Resources\GameCentrix.ico
c:\program files\daemon tools toolbar\Resources\GameCentrixCristals.ico
c:\program files\daemon tools toolbar\Resources\GameCentrixDownload.ico
c:\program files\daemon tools toolbar\Resources\GameCentrixPlayOnline.ico
c:\program files\daemon tools toolbar\Resources\GameCentrixTop.ico
c:\program files\daemon tools toolbar\Resources\GameS.ico
c:\program files\daemon tools toolbar\Resources\games_search.ico
c:\program files\daemon tools toolbar\Resources\games_search_SA.ico
c:\program files\daemon tools toolbar\Resources\GameSA.ico
c:\program files\daemon tools toolbar\Resources\gct16.ico
c:\program files\daemon tools toolbar\Resources\gd.ico
c:\program files\daemon tools toolbar\Resources\genre.xml
c:\program files\daemon tools toolbar\Resources\globe.ico
c:\program files\daemon tools toolbar\Resources\GrabImage.ico
c:\program files\daemon tools toolbar\Resources\hb.bmp
c:\program files\daemon tools toolbar\Resources\hb.ico
c:\program files\daemon tools toolbar\Resources\help.ico
c:\program files\daemon tools toolbar\Resources\hide.ico
c:\program files\daemon tools toolbar\Resources\home.ico
c:\program files\daemon tools toolbar\Resources\CHS.xml
c:\program files\daemon tools toolbar\Resources\CHT.xml
c:\program files\daemon tools toolbar\Resources\image_search.ico
c:\program files\daemon tools toolbar\Resources\image_search_SA.ico
c:\program files\daemon tools toolbar\Resources\ImageS.ico
c:\program files\daemon tools toolbar\Resources\ImageSA.ico
c:\program files\daemon tools toolbar\Resources\ip.ico
c:\program files\daemon tools toolbar\Resources\ITA.xml
c:\program files\daemon tools toolbar\Resources\JPN.xml
c:\program files\daemon tools toolbar\Resources\KOR.xml
c:\program files\daemon tools toolbar\Resources\lang.xml
c:\program files\daemon tools toolbar\Resources\lingvo.ico
c:\program files\daemon tools toolbar\Resources\m.ico
c:\program files\daemon tools toolbar\Resources\mail.bmp
c:\program files\daemon tools toolbar\Resources\mail_disable.bmp
c:\program files\daemon tools toolbar\Resources\mail_down.bmp
c:\program files\daemon tools toolbar\Resources\mail_m.bmp
c:\program files\daemon tools toolbar\Resources\mail_under.bmp
c:\program files\daemon tools toolbar\Resources\mailc.bmp
c:\program files\daemon tools toolbar\Resources\mailc_disable.bmp
c:\program files\daemon tools toolbar\Resources\mailc_down.bmp
c:\program files\daemon tools toolbar\Resources\mailc_m.bmp
c:\program files\daemon tools toolbar\Resources\mailc_under.bmp
c:\program files\daemon tools toolbar\Resources\manual.ico
c:\program files\daemon tools toolbar\Resources\map.ico
c:\program files\daemon tools toolbar\Resources\MenuRadioConfig.ico
c:\program files\daemon tools toolbar\Resources\MenuRadioStation.ico
c:\program files\daemon tools toolbar\Resources\MenuRSCur.ico
c:\program files\daemon tools toolbar\Resources\MenuTr.ico
c:\program files\daemon tools toolbar\Resources\mount.ico
c:\program files\daemon tools toolbar\Resources\mount_n_drive.ico
c:\program files\daemon tools toolbar\Resources\next.bmp
c:\program files\daemon tools toolbar\Resources\next_down.bmp
c:\program files\daemon tools toolbar\Resources\next_m.bmp
c:\program files\daemon tools toolbar\Resources\next_under.bmp
c:\program files\daemon tools toolbar\Resources\none.bmp
c:\program files\daemon tools toolbar\Resources\none_m.bmp
c:\program files\daemon tools toolbar\Resources\op.ico
c:\program files\daemon tools toolbar\Resources\play.bmp
c:\program files\daemon tools toolbar\Resources\play.ico
c:\program files\daemon tools toolbar\Resources\play_down.bmp
c:\program files\daemon tools toolbar\Resources\play_m.bmp
c:\program files\daemon tools toolbar\Resources\play_under.bmp
c:\program files\daemon tools toolbar\Resources\pragma.ico
c:\program files\daemon tools toolbar\Resources\prev.bmp
c:\program files\daemon tools toolbar\Resources\prev_down.bmp
c:\program files\daemon tools toolbar\Resources\prev_m.bmp
c:\program files\daemon tools toolbar\Resources\prev_under.bmp
c:\program files\daemon tools toolbar\Resources\prod.ico
c:\program files\daemon tools toolbar\Resources\Radio.ico
c:\program files\daemon tools toolbar\Resources\RadioBg.bmp
c:\program files\daemon tools toolbar\Resources\RadioBg.ico
c:\program files\daemon tools toolbar\Resources\RadioBgMask.bmp
c:\program files\daemon tools toolbar\Resources\RadioDisp.bmp
c:\program files\daemon tools toolbar\Resources\RadioDisp_m.bmp
c:\program files\daemon tools toolbar\Resources\RadioDown.bmp
c:\program files\daemon tools toolbar\Resources\RadioDown.ico
c:\program files\daemon tools toolbar\Resources\RadioDown_down.bmp
c:\program files\daemon tools toolbar\Resources\RadioDown_m.bmp
c:\program files\daemon tools toolbar\Resources\RadioDown_under.bmp
c:\program files\daemon tools toolbar\Resources\RadioE.bmp
c:\program files\daemon tools toolbar\Resources\RadioG.bmp
c:\program files\daemon tools toolbar\Resources\RadioL.bmp
c:\program files\daemon tools toolbar\Resources\RadioLDotMask.bmp
c:\program files\daemon tools toolbar\Resources\RadioLeft.bmp
c:\program files\daemon tools toolbar\Resources\RadioLeftMask.bmp
c:\program files\daemon tools toolbar\Resources\RadioLM.bmp
c:\program files\daemon tools toolbar\Resources\RadioM.bmp
c:\program files\daemon tools toolbar\Resources\RadioN.bmp
c:\program files\daemon tools toolbar\Resources\RadioR.bmp
c:\program files\daemon tools toolbar\Resources\RadioR.ico
c:\program files\daemon tools toolbar\Resources\RadioRM.bmp
c:\program files\daemon tools toolbar\Resources\RadioRU.bmp
c:\program files\daemon tools toolbar\Resources\RadioVolume.bmp
c:\program files\daemon tools toolbar\Resources\RadioVolume_down.bmp
c:\program files\daemon tools toolbar\Resources\RadioVolume_m.bmp
c:\program files\daemon tools toolbar\Resources\RadioVolume_under.bmp
c:\program files\daemon tools toolbar\Resources\RadioW.bmp
c:\program files\daemon tools toolbar\Resources\rbcheck.ico
c:\program files\daemon tools toolbar\Resources\rbtxt.ico
c:\program files\daemon tools toolbar\Resources\refresh.bmp
c:\program files\daemon tools toolbar\Resources\refresh_down.bmp
c:\program files\daemon tools toolbar\Resources\refresh_m.bmp
c:\program files\daemon tools toolbar\Resources\refresh_under.bmp
c:\program files\daemon tools toolbar\Resources\Rss.ico
c:\program files\daemon tools toolbar\Resources\Rss1.ico
c:\program files\daemon tools toolbar\Resources\RssA.ico
c:\program files\daemon tools toolbar\Resources\RssA1.ico
c:\program files\daemon tools toolbar\Resources\rssClose.ico
c:\program files\daemon tools toolbar\Resources\rssL.bmp
c:\program files\daemon tools toolbar\Resources\rssOpen.ico
c:\program files\daemon tools toolbar\Resources\RssRefresh.ico
c:\program files\daemon tools toolbar\Resources\RUS.xml
c:\program files\daemon tools toolbar\Resources\s2.ico
c:\program files\daemon tools toolbar\Resources\show.ico
c:\program files\daemon tools toolbar\Resources\size.bmp
c:\program files\daemon tools toolbar\Resources\size_lr.ico
c:\program files\daemon tools toolbar\Resources\size_m.bmp
c:\program files\daemon tools toolbar\Resources\size_rl.ico
c:\program files\daemon tools toolbar\Resources\skins.ico
c:\program files\daemon tools toolbar\Resources\soft24.ico
c:\program files\daemon tools toolbar\Resources\soft24_SA.ico
c:\program files\daemon tools toolbar\Resources\spt.ico
c:\program files\daemon tools toolbar\Resources\stop.bmp
c:\program files\daemon tools toolbar\Resources\stop.ico
c:\program files\daemon tools toolbar\Resources\stop_down.bmp
c:\program files\daemon tools toolbar\Resources\stop_m.bmp
c:\program files\daemon tools toolbar\Resources\stop_under.bmp
c:\program files\daemon tools toolbar\Resources\style.ico
c:\program files\daemon tools toolbar\Resources\SupportRequest.ico
c:\program files\daemon tools toolbar\Resources\timer.ico
c:\program files\daemon tools toolbar\Resources\TitleIcon.ico
c:\program files\daemon tools toolbar\Resources\toolbar.xml
c:\program files\daemon tools toolbar\Resources\trans.ico
c:\program files\daemon tools toolbar\Resources\Trash.bmp
c:\program files\daemon tools toolbar\Resources\Trash_disable.bmp
c:\program files\daemon tools toolbar\Resources\Trash_down.bmp
c:\program files\daemon tools toolbar\Resources\Trash_m.bmp
c:\program files\daemon tools toolbar\Resources\Trash_under.bmp
c:\program files\daemon tools toolbar\Resources\u.ico
c:\program files\daemon tools toolbar\Resources\UKR.xml
c:\program files\daemon tools toolbar\Resources\unmount-all.ico
c:\program files\daemon tools toolbar\Resources\vol.bmp
c:\program files\daemon tools toolbar\Resources\vol.ico
c:\program files\daemon tools toolbar\Resources\vol_back.bmp
c:\program files\daemon tools toolbar\Resources\vol_dott.bmp
c:\program files\daemon tools toolbar\Resources\vol_dott_m.bmp
c:\program files\daemon tools toolbar\Resources\vol_down.bmp
c:\program files\daemon tools toolbar\Resources\vol_m.bmp
c:\program files\daemon tools toolbar\Resources\vol_mute.bmp
c:\program files\daemon tools toolbar\Resources\vol_mute_check.bmp
c:\program files\daemon tools toolbar\Resources\vol_under.bmp
c:\program files\daemon tools toolbar\Resources\wBtClose.bmp
c:\program files\daemon tools toolbar\Resources\wBtClose_down.bmp
c:\program files\daemon tools toolbar\Resources\wBtClose_m.bmp
c:\program files\daemon tools toolbar\Resources\wBtClose_under.bmp
c:\program files\daemon tools toolbar\Resources\wBtText.bmp
c:\program files\daemon tools toolbar\Resources\wBtText_down.bmp
c:\program files\daemon tools toolbar\Resources\wBtText_m.bmp
c:\program files\daemon tools toolbar\Resources\wBtText_under.bmp
c:\program files\daemon tools toolbar\Resources\web_resources.ico
c:\program files\daemon tools toolbar\Resources\web_search.ico
c:\program files\daemon tools toolbar\Resources\web_search_SA.ico
c:\program files\daemon tools toolbar\Resources\WebS.ico
c:\program files\daemon tools toolbar\Resources\WebSa.ico
c:\program files\daemon tools toolbar\Resources\wi.ico
c:\program files\daemon tools toolbar\Resources\wi0.ico
c:\program files\daemon tools toolbar\Resources\wi1.ico
c:\program files\daemon tools toolbar\Resources\wi10.ico
c:\program files\daemon tools toolbar\Resources\wi11.ico
c:\program files\daemon tools toolbar\Resources\wi12.ico
c:\program files\daemon tools toolbar\Resources\wi13.ico
c:\program files\daemon tools toolbar\Resources\wi14.ico
c:\program files\daemon tools toolbar\Resources\wi2.ico
c:\program files\daemon tools toolbar\Resources\wi3.ico
c:\program files\daemon tools toolbar\Resources\wi4.ico
c:\program files\daemon tools toolbar\Resources\wi5.ico
c:\program files\daemon tools toolbar\Resources\wi6.ico
c:\program files\daemon tools toolbar\Resources\wi7.ico
c:\program files\daemon tools toolbar\Resources\wi8.ico
c:\program files\daemon tools toolbar\Resources\wi9.ico
c:\program files\daemon tools toolbar\uninst.exe
c:\program files\DoubleD
c:\program files\Java\jre-07
c:\program files\Java\jre-07\bin\jusched.exe
c:\program files\Java\jre-07\bin\UF
c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
c:\program files\softonic-eng7\tbSoft.dll
c:\program files\speedbit video downloader\toolbar\tbcore3.dll
C:\s.exe
C:\sample.exe
C:\tn.exe
C:\Win.exe
c:\windows\89712094bdad.exe
c:\windows\iun6002.exe
c:\windows\system\WING32.DLL
c:\windows\system32\28463
c:\windows\system32\28463\AKV.exe
c:\windows\system32\28463\ETXW.001
c:\windows\system32\28463\ETXW.006
c:\windows\system32\28463\ETXW.007
c:\windows\system32\28463\ETXW.exe
c:\windows\system32\comct332.ocx
c:\windows\system32\crt.dat
c:\windows\system32\cryptnet32.dll
c:\windows\system32\emv.dll
c:\windows\system32\shimg.dll
c:\windows\system32\sys
c:\windows\system32\Sys\gen.001
c:\windows\system32\sys\gen.002
c:\windows\system32\Sys\gen.006
c:\windows\system32\sys\gen.007
c:\windows\system32\sys\gen.exe
c:\windows\system32\winrtsnr.txt
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\wpe pro.INI
C:\www.google.com.htm
.
Nakažená kopie c:\windows\system32\spoolsv.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE1CA50E03795450A
-------\Legacy_POWERMANAGER
-------\Legacy_SSHNAS
-------\Legacy_XDVA385
-------\Service_gupdate1ca50e03795450a
-------\Service_gupdatem
-------\Service_XDva385
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-06 do 2011-09-06 )))))))))))))))))))))))))))))))
.
.
2072-04-03 12:13 . 2008-03-21 13:46 607296 ------w- c:\program files\Microsoft Games\Age of Empires III\deformerdllyD.dll
2011-09-05 16:58 . 2011-09-05 16:58 -------- d-----w- c:\program files\Common Files\Apple
2011-09-05 16:57 . 2011-09-05 16:57 -------- d-----w- c:\program files\Apple Software Update
2011-09-05 16:57 . 2011-09-05 16:57 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
2011-09-05 15:23 . 2011-09-05 15:23 -------- d-----w- c:\program files\wooowka
2011-09-05 14:48 . 2011-09-05 16:34 -------- d-----w- c:\program files\trend micro
2011-09-05 14:48 . 2011-09-05 14:48 -------- d-----w- C:\rsit
2011-09-04 13:36 . 2011-09-04 13:36 -------- d-----w- c:\windows\main
2011-09-04 13:26 . 2011-09-04 13:26 6144 ----a-w- c:\documents and settings\All Users\Data aplikací\syshost.exe
2011-09-04 12:58 . 2011-09-04 12:58 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Data aplikací\Deployment
2011-09-04 11:56 . 2011-09-04 11:56 -------- d-----w- C:\ProgramData
2011-09-04 11:34 . 2011-09-04 11:34 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Data aplikací\Help
2011-09-04 11:34 . 2011-09-04 11:34 160649 ----a-w- c:\windows\Gibo - Stepmother's Sin Uninstaller.exe
2011-09-04 09:22 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2011-09-04 09:22 . 1998-08-20 11:02 140800 ----a-w- c:\windows\system32\tm20dec.ax
2011-09-04 09:22 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2011-09-04 09:22 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2011-09-04 09:22 . 1998-08-17 09:21 5672 ----a-w- c:\windows\system32\quartz.vxd
2011-09-04 09:22 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll
2011-09-04 09:22 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2011-09-04 09:22 . 2011-09-04 09:22 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-09-04 09:22 . 2011-09-04 09:22 2272 ----a-w- c:\windows\system32\w95inf16.dll
2011-09-04 09:22 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2011-09-03 16:35 . 2011-09-03 16:35 -------- d-----w- c:\program files\UnH Solutions
2011-09-03 10:38 . 2011-09-03 10:59 -------- d-----w- c:\program files\BBLACK
2011-09-02 15:00 . 2011-09-02 20:05 -------- d-----w- c:\program files\Turok Evolution
2011-09-02 14:36 . 2011-09-02 14:36 -------- d-----w- c:\program files\Mortal Kombat
2011-09-01 09:05 . 2011-09-01 09:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AutoUpdate
2011-08-31 18:07 . 2011-08-31 18:30 -------- d-----w- c:\program files\Duke Nukem Forever
2011-08-31 15:19 . 2011-08-31 15:22 -------- d-----w- c:\program files\ƒZƒCƒo[ƒtƒBƒbƒVƒ…
2011-08-30 15:52 . 2011-07-19 03:05 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-08-30 15:52 . 2011-07-19 03:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-30 14:23 . 2011-08-30 14:23 -------- d-----w- c:\program files\ASIO4ALL v2
2011-08-30 14:23 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2011-08-30 14:22 . 2002-07-07 22:14 1294336 ----a-w- c:\windows\system32\vorbis.acm
2011-08-30 14:22 . 2011-08-30 14:22 -------- d-----w- c:\program files\Outsim
2011-08-30 14:20 . 2011-08-30 14:23 -------- d-----w- c:\program files\Image-Line
2011-08-26 11:31 . 2011-08-26 11:32 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Data aplikací\Risen
2011-08-26 11:14 . 2011-08-26 11:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Tages
2011-08-24 17:44 . 2011-08-24 17:44 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2011-08-24 17:35 . 2011-08-24 17:35 -------- d-----w- c:\program files\Deep Silver
2011-08-24 14:17 . 2011-08-24 14:27 -------- d-----w- C:\RISEN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-26 10:10 . 2007-08-07 19:42 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-08-24 17:44 . 2008-01-01 15:24 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-08-24 17:44 . 2008-01-01 15:24 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-08-16 07:03 . 2011-06-30 07:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-19 00:40 . 2010-01-12 20:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-05 16:37 . 2011-07-05 16:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 16:37 . 2011-07-05 16:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-11 16:24 . 2009-01-30 08:25 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-11 16:23 . 2010-05-15 11:42 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-11 16:23 . 2009-01-30 08:25 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-11 15:57 . 2009-01-30 08:25 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-06-09 16:46 . 2009-01-30 08:25 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-05-01 10:54 . 2010-05-01 10:54 994042880 ----a-w- c:\program files\Combatarms_eu.exe
2010-02-04 08:21 . 2010-02-04 08:21 525656 ----a-w- c:\program files\DXSETUP.exe
2010-02-04 08:21 . 2010-02-04 08:21 94040 ----a-w- c:\program files\DSETUP.dll
2010-02-04 08:21 . 2010-02-04 08:21 1691480 ----a-w- c:\program files\dsetup32.dll
2009-02-10 17:50 . 2009-02-10 17:50 1336832 ----a-w- c:\program files\ventrilo-2.1.4-Windows-i386.exe
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-07-08 07:29 . 2011-07-30 07:41 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2005-05-29 01:37 1205760 --sh--r- c:\windows\main\explorer.exe\install\iexplorer.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . ED0A176354487CEED65B80A7148AB739 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\lsass.exe
[-] 2004-08-17 . 818A8152C257E73AE3BD6A4D76B9EC02 . 14848 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
.
[7] 2009-02-09 . 9EF697AF07BB8DD82C3B02CA953A95B7 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-09 . 3D107D45CCFDB266E91D84B52CD7F430 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-09 . 31EC9C9CBDC5CA3281E3ECF38F2E42FB . 113152 . . [5.1.2600.3520] . . c:\windows\system32\services.exe
[-] 2008-04-14 . F0D2AE69035092BF22DAD6B50FAB85C2 . 108544 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\services.exe
.
[-] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\winlogon.exe
[-] 2004-08-17 . 0D544CB3D7F7E9518E3C1F3164C7F449 . 506368 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
[-] 2008-04-14 . BE4A520E29B6391F49E79CCC52044D93 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\svchost.exe
[-] 2004-08-17 . E7E9CE805BBB366ED66C7C4E2B85AC40 . 17408 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
.
[-] 2008-04-14 . FCD1567DFE044D039B4253836F5437F1 . 1034240 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\explorer.exe
[-] 2007-06-13 . 7E7387F53E0424D374389BFAE16A821C . 1036288 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 8E6B263249E45BA0106FA16E208C73EF . 1033728 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
.
[-] 2008-04-14 . FDEB1D02CAE38665CBF114F44E6B997E . 147968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\regedit.exe
[-] 2004-08-17 . 2F7CC339374C4F645C36D78CC49BBA3E . 204800 . . [5.1.2600.2180] . . c:\windows\regedit.exe
[7] 2004-08-17 . CB5A91928D94224E7E30EE277B45E8A3 . 147968 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regedit.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3947F4E-8894-4C04-98E0-DF182C706DDF}]
2010-06-18 21:21 86696 ----a-w- c:\program files\wbtooltb\wbtoolDx.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 135168]
"Network Error Advisor"="c:\program files\wbtooltb\ExeRunner.exe" [2010-03-31 109568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Codemasters\\Worms 4 Mayhem Demo\\Worms 4 Mayhem Demo.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Warcraft III Edition\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III Edition\\War3.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Counter-Strike Source\\srcds.exe"=
"c:\\Program Files\\Steam\\SteamApps\\User\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\User\\Half-Life 2\\-console.exe"=
"c:\\Program Files\\Steam\\SteamApps\\deserthfojtka\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\deserthfojtka\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\deserthfojtka\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\deserthfojtka\\day of defeat\\hl.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Eidos Interactive\\Object Software (Beijing) Co., Ltd\\Fate of the Dragon\\sanguo.exe"=
"c:\\Program Files\\Ubisoft\\Heroes of Might and Magic V - Tribes of the East\\bin\\H5_Game.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Tortun\\gui.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\dasnet\\Warcraft III Edition\\War3.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Return to Castle Wolfenstein\\WolfMP.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\trip\\Data aplikací\\S-2535-6853-2745\\winrsvn.exe"=
"c:\\Documents and Settings\\trip\\Data aplikací\\S-2535-6853-2745\\winrcsnc.exe"=
"c:\\Program Files\\Codemasters\\Overlord II\\Overlord2.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\KillingFloor\\System\\KillingFloor.exe"=
"c:\\Documents and Settings\\trip\\Data aplikací\\Microsoft-5858-2574\\winsvcrn.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\da603d\\jusched.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Outspark\\Divine Souls\\client.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonUS\\NGM\\NGM.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\Stunlock Studios\\Bloodline Champions\\Binary\\BloodlineChampions.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Warcraft III Edition\\gproxy.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\trip\\Local Settings\\Apps\\2.0\\2Y3WTADD.C60\\X77R1DTO.8XX\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7897:TCP"= 7897:TCP:BitComet 7897 TCP
"7897:UDP"= 7897:UDP:BitComet 7897 UDP
"20703:TCP"= 20703:TCP:BitComet 20703 TCP
"20703:UDP"= 20703:UDP:BitComet 20703 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"56902:TCP"= 56902:TCP:Pando Media Booster
"56902:UDP"= 56902:UDP:Pando Media Booster
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6974:TCP"= 6974:TCP:League of Legends Launcher
"6974:UDP"= 6974:UDP:League of Legends Launcher
"6893:TCP"= 6893:TCP:League of Legends Launcher
"6893:UDP"= 6893:UDP:League of Legends Launcher
"6886:TCP"= 6886:TCP:League of Legends Launcher
"6886:UDP"= 6886:UDP:League of Legends Launcher
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"58128:TCP"= 58128:TCP:Pando Media Booster
"58128:UDP"= 58128:UDP:Pando Media Booster
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"6943:TCP"= 6943:TCP:League of Legends Launcher
"6943:UDP"= 6943:UDP:League of Legends Launcher
"6898:TCP"= 6898:TCP:League of Legends Launcher
"6898:UDP"= 6898:UDP:League of Legends Launcher
"6967:TCP"= 6967:TCP:League of Legends Launcher
"6967:UDP"= 6967:UDP:League of Legends Launcher
"6951:TCP"= 6951:TCP:League of Legends Launcher
"6951:UDP"= 6951:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6986:TCP"= 6986:TCP:League of Legends Launcher
"6986:UDP"= 6986:UDP:League of Legends Launcher
"6883:TCP"= 6883:TCP:League of Legends Launcher
"6883:UDP"= 6883:UDP:League of Legends Launcher
"6910:TCP"= 6910:TCP:League of Legends Launcher
"6910:UDP"= 6910:UDP:League of Legends Launcher
"6985:TCP"= 6985:TCP:League of Legends Launcher
"6985:UDP"= 6985:UDP:League of Legends Launcher
"6899:TCP"= 6899:TCP:League of Legends Launcher
"6899:UDP"= 6899:UDP:League of Legends Launcher
"6928:TCP"= 6928:TCP:League of Legends Launcher
"6928:UDP"= 6928:UDP:League of Legends Launcher
"6882:TCP"= 6882:TCP:League of Legends Launcher
"6882:UDP"= 6882:UDP:League of Legends Launcher
"6934:TCP"= 6934:TCP:League of Legends Launcher
"6934:UDP"= 6934:UDP:League of Legends Launcher
"6894:TCP"= 6894:TCP:League of Legends Launcher
"6894:UDP"= 6894:UDP:League of Legends Launcher
"6912:TCP"= 6912:TCP:League of Legends Launcher
"6912:UDP"= 6912:UDP:League of Legends Launcher
"6994:TCP"= 6994:TCP:League of Legends Launcher
"6994:UDP"= 6994:UDP:League of Legends Launcher
"6949:TCP"= 6949:TCP:League of Legends Launcher
"6949:UDP"= 6949:UDP:League of Legends Launcher
"6968:TCP"= 6968:TCP:League of Legends Launcher
"6968:UDP"= 6968:UDP:League of Legends Launcher
"6925:TCP"= 6925:TCP:League of Legends Launcher
"6925:UDP"= 6925:UDP:League of Legends Launcher
"6920:TCP"= 6920:TCP:League of Legends Launcher
"6920:UDP"= 6920:UDP:League of Legends Launcher
"6942:TCP"= 6942:TCP:League of Legends Launcher
"6942:UDP"= 6942:UDP:League of Legends Launcher
"6915:TCP"= 6915:TCP:League of Legends Launcher
"6915:UDP"= 6915:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6918:TCP"= 6918:TCP:League of Legends Launcher
"6918:UDP"= 6918:UDP:League of Legends Launcher
"6888:TCP"= 6888:TCP:League of Legends Launcher
"6888:UDP"= 6888:UDP:League of Legends Launcher
"6935:TCP"= 6935:TCP:League of Legends Launcher
"6935:UDP"= 6935:UDP:League of Legends Launcher
"56925:TCP"= 56925:TCP:Pando Media Booster
"56925:UDP"= 56925:UDP:Pando Media Booster
"6936:TCP"= 6936:TCP:League of Legends Launcher
"6936:UDP"= 6936:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [1.5.2010 13:07 33824]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3.1.2009 11:54 170640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3.1.2009 11:54 15504]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [25.11.2010 18:42 17792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 ADASPROT;SYSTWEAKASO;\??\c:\program files\Advanced System Optimizer 3\adasprot32.sys --> c:\program files\Advanced System Optimizer 3\adasprot32.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\trip\LOCALS~1\Temp\QJG112.tmp --> c:\docume~1\trip\LOCALS~1\Temp\QJG112.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3.1.2009 11:54 38496]
S3 RenameMe;RenameMe;c:\windows\system32\RenameMe.sys [4.11.2007 21:13 8320]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-09-06 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-07-02 13:11]
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 17:18]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-19 17:18]
.
2011-09-06 c:\windows\Tasks\Update23.job
- c:\program files\da603d\jusched.exe [2011-04-16 18:00]
.
.
------- Doplňkový sken -------
.
uStart Page = file://localhost/C:/www.google.com.htm
IE: &Clean Traces
IE: &Download with &DAP
IE: Download &all with DAP
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Ivan\Data aplikací\Mozilla\Firefox\Profiles\7osibf4o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{3017FB3E-9A77-4396-88C5-0EC9548FB42F} - c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-EO_Video_1.3 - c:\windows\iun6002.exe
AddRemove-NSS - c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.0.52\InstStub.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-06 14:03
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\trip\LOCALS~1\Temp\QJG112.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(5644)
c:\documents and settings\Ivan\Data aplikací\wbtooltb\wbbtool1_0dn.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\Ivan\Data aplikací\wbtooltb\wbbtool1_0dn.exe
.
**************************************************************************
.
Celkový čas: 2011-09-06 14:07:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-06 12:07
.
Před spuštěním: 2 848 141 312
Po spuštění: 2 754 179 072
.
- - End Of File - - EB775B31C37DC7DF3A8D10BCDECB0180

[vyosek]

Jeste jeden skript pro ComboFix - postup aplikovani je stejny

Kód: Vybrat vše

KillAll::

Collect::
c:\documents and settings\All Users\Data aplikací\syshost.exe

File::
c:\windows\1C4551A64743409391E41477CD655043.TMP

Folder::
c:\windows\Tasks\
c:\\Program Files\\da603d
c:\\Documents and Settings\\trip\\Data aplikací\\S-2535-6853-2745
c:\\Documents and Settings\\trip\\Data aplikací\\Microsoft-5858-2574

FCopy::
c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe | c:\windows\system32\services.exe
c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe | c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\services.exe
c:\windows\system32\dllcache\regedit.exe | c:\windows\regedit.exe
c:\windows\system32\dllcache\regedit.exe | c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\regedit.exe

Restore::
c:\windows\explorer.exe
c:\windows\system32\svchost.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\lsass.exe

Mia::
c:\windows\explorer.exe
c:\windows\system32\svchost.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\lsass.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3947F4E-8894-4C04-98E0-DF182C706DDF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\trip\\Data aplikací\\S-2535-6853-2745\\winrsvn.exe"=-
"c:\\Documents and Settings\\trip\\Data aplikací\\Microsoft-5858-2574"=-
"c:\\Program Files\\da603d\\jusched.exe"=-
"c:\\Documents and Settings\\trip\\Local Settings\\Apps\\2.0\\2Y3WTADD.C60\\X77R1DTO.8XX\\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\\CurseClient.exe"=-

DDS::
uStart Page = file://localhost/C:/www.google.com.htm

Firefox::
FF - ProfilePath - c:\documents and settings\Ivan\Data aplikací\Mozilla\Firefox\Profiles\7osibf4o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT24052 ... hSource=13

AtJob::

Reboot::

[Quiller]

No skvělý ComboFix se nechtěl načítat tak jsem ho vypnul a pak znovu zapnul ale vzpoměl jsem si že nemám vyplou bránu firewall tak jsem ho znovu vypnul a najednou kritický error ze systemu že se PC za 1 minutu restartuje a já jako správný netrpělivý člověk jsem počítač restartoval ručně a od tý doby se mi načte místo plochy nějaká černá smrt kde můžu hýbat jen myší toť vše.
Co s tim mám jako dělat?

(Píšu z notebooku.)

[vyosek]

Do nouzoveho rezimu se dostanete (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

Je tam infikovanou hodne systemovych souboru

[Quiller]

to jsem zkoušel asi 10x

[vyosek]

Restart PC, mackat F8, Posledni znama funkcni konfigurace tez nezabira

najednou kritický error ze systemu že se PC za 1 minutu restartuje a já jako správný netrpělivý člověk jsem počítač restartoval ručně

tohle asi taky nebyl moc moudry krok...

[Quiller]

No abych nelhal tak asi 3x-4x prozkoušel jsem tam skoro vše co se dalo ale vždy to skončilo stejně no...

[vyosek]

Aha

No vypada to na opravnou instalaci - ta prepise systemove soubory, ale data nesmaze - vizte postup kolegy

vlozte instalacni cd do CD rom, nechte nabootovat (predtim ovsem v biosu nastavte first booting device CD rom), chvili vyckejte; pote se zobrazi prvni obrazovka, kde klavesou Enter potvrdte spusteni instalace Windows, v dalsi obrazovce klavesou F8 potvrdte licencni ujednani, v dalsi obrazovce pak klavesou R zvolte Opravit stavajici instalaci Windows

podrobny postup zde

[Quiller]

Jiný řešení není? jestli ne tak to budu muset koupit novou CD-ROM protože mi stará odešla no nejsem zrovna šťastný člověk...

[vyosek]

No nyni zrejme nikoliv kdyz nam nic nefunguje a je tam napadeno spousty systemovych souboru...

Jeste muzete zkusit ci PC bootuje z flash disku a spustit instalaci z nej http://technet.idnes.cz/navod-jak-na-in ... ftware_dvr

A nebo staci od nekoho CD-ROMku vypujcit

[vyosek]

No nyni zrejme nikoliv kdyz nam nic nefunguje a je tam napadeno spousty systemovych souboru...

Jeste muzete zkusit ci PC bootuje z flash disku a spustit instalaci z nej http://technet.idnes.cz/navod-jak-na-in ... ftware_dvr

A nebo staci od nekoho CD-ROMku vypujcit

[Quiller]

Hm tak pak asi zkusim flash disk nebo rovnou reinstalluju Windows uvidim...

[vyosek]

Pak dejte vedet, ale urcite bych nejdriv zkusil tu opravnou - muze lecos zahranit...

[Quiller]

Hmm zdá se že černá smrt má na starost zpomalit nehorázně PC jsem teď po 1 hodině ve výběru uživatele zkusím za jak dlouho se zaregistruje 1x klik myší.