Hidrag.A

[darf]

Zdravím,
zjistil jsem že mám v PC Hidrag.A jsou jim nakažená v podstatě všechny .exe Bohužel se mi ho nedaří odstranit při každém pokusu to končí bez úspěchu nebo znemožněním otevřít veškeré .exe soubory.

Budu vděčný za každou pomoc.

[vyosek]

Zdravim a pekny den preji

Na kolika forech tenhle problem hdlate resit Je potreba jedno vybrat a tam se tomu venovat od zacatku do konce, jinak se budem mezi sebou prat, kryt si stopy a nepodari se to polecit ani za nic

[darf]

V současné době rozhodně hodlám řešit problém pouze zde.

[vyosek]

Tak uz tu tedy zustante a na ostatni fora napiste, ze se to resi jinde - ne ze za 2 hodiny pujdete jinam

Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost Scan
• Po dokonceni skenu kliknete na Report - otevre se log, ten sem vlozte

[darf]

RogueKiller V7.0.2 [01/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User: Darf [Admin rights]
Mode: Scan -- Date : 01/30/2012 14:37:55

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Headup Games (C:\Users\Darf\AppData\Roaming\Headup Games\upd.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1985331280-3213936348-3091441614-1000[...]\Run : Headup Games (C:\Users\Darf\AppData\Roaming\Headup Games\upd.exe) -> FOUND
[SUSP PATH] _uninst_59604785.lnk : C:\Users\Darf\AppData\Local\Temp\_uninst_59604785.bat -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] f89632c1db89f0917670c4dede2e204c
[BSP] d04d10c6342a3f616203c9037462c100 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 14998 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30717952 | Size: 469509 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 992272384 | Size: 469360 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 3a36a1f0b8ae507808c3548ee1b736aa
[BSP] 50db55fd6f098cbb627ff3e4c4283024 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907058 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

[vyosek]

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• C:\Users\Darf\AppData\Roaming\Headup Games\upd.exe
• Kliknete na Choose file
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Kliknete na Scan It
• Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
  
• Vysledek analyzy sem vlozte (jako odkaz)

Udelejte sken avptoolem http://forum.viry.cz/viewtopic.php?f=29&t=58179

[darf]

Kód: Vybrat vše

https://www.virustotal.com/file/bd1d571b6e03d5bba0a83772f119650f6584fa752fe441b4a0605e30d49e7fa9/analysis/1327931309/

Pokud v AVPToolu v bodě 5 zatrhnu možnost delete if disinfection fails nemohu již otevřít žádné exe.

[vyosek]

vy jste jiz avp tool delal? avptool se pokusi soubory primarne lecit, ale pokud nejde je treba jej smazat, jinak roznasi nakazu dal...

[darf]

Ano dělal ještě ze začátku když jsem se snažil problém vyřešit sám vždy to ale končilo tak že exe soubory ztratily původní ikonku a následně je nebylo možné otevřít co jsem koukal jednalo se snad o všechny exe soubory naštěstí jsem vždy použil obnovení.

[vyosek]

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[darf]

Bohužel po celém procesu a vygenerování logu nebylo možno spustit zcela nic a to s chybou Pokus použít neplatnou operaci na klíč registru který je označen pro odstranění. chtěl jsem log uložit do textoveho editoru na externí uložiště bohužel nešel spustit žádný textový editor.

[vyosek]

Restart PC, to pomuze a registr se da dokupy

[darf]

ComboFix 12-01-30.02 - Darf 30.01.2012 16:17:20.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.8109.6798 [GMT 1:00]
Spuštěný z: c:\users\Darf\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
c:\program files (x86)\facemoods.com\sqlite3.dll
c:\windows\svchost.exe
c:\windows\SysWow64\tmp202A.tmp
c:\windows\SysWow64\tmp202B.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PowerManager
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-28 do 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-30 15:20 . 2012-01-30 15:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-30 13:05 . 2012-01-30 14:32 -------- d-----w- c:\program files\trend micro
2012-01-30 13:05 . 2012-01-30 13:05 -------- d-----w- C:\rsit
2012-01-30 10:52 . 2012-01-30 10:52 -------- d-----w- c:\programdata\Kaspersky Lab
2012-01-30 04:23 . 2012-01-30 04:23 -------- d-----w- c:\users\Darf\AppData\Roaming\AVG2012
2012-01-30 04:22 . 2012-01-30 10:32 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-01-30 04:22 . 2012-01-30 10:32 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-29 21:24 . 2012-01-30 10:32 -------- d-----w- c:\program files (x86)\PCSafeDoctor
2012-01-29 21:03 . 2012-01-29 21:03 -------- d-----w- C:\sh4ldr
2012-01-29 21:03 . 2012-01-29 21:03 -------- d-----w- c:\program files\Enigma Software Group
2012-01-29 21:03 . 2012-01-29 21:03 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-01-29 21:03 . 2012-01-30 10:32 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-01-29 20:50 . 2012-01-30 10:32 -------- d-----w- c:\programdata\Spyware Terminator
2012-01-29 20:50 . 2012-01-29 20:50 -------- d-----w- c:\users\Darf\AppData\Roaming\Spyware Terminator
2012-01-29 20:49 . 2012-01-30 10:32 -------- d-----w- c:\program files (x86)\Spyware Terminator
2012-01-29 18:27 . 2012-01-29 18:27 -------- d-----w- C:\$AVG
2012-01-29 18:24 . 2012-01-29 18:24 -------- d-----w- c:\programdata\AVG Secure Search
2012-01-29 18:24 . 2012-01-29 20:36 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-01-29 18:24 . 2012-01-29 20:36 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-01-29 18:24 . 2012-01-29 18:24 -------- d--h--w- c:\programdata\Common Files
2012-01-29 18:23 . 2012-01-30 04:22 -------- d-----w- c:\programdata\AVG2012
2012-01-29 18:22 . 2012-01-29 18:22 -------- d-----w- c:\program files (x86)\AVG
2012-01-29 18:19 . 2012-01-30 10:32 -------- d-----w- c:\programdata\MFAData
2012-01-29 01:46 . 2012-01-29 01:46 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8BD9360-54A8-4523-A590-9432FA0A9A78}\offreg.dll
2012-01-29 00:27 . 2012-01-30 14:32 -------- d-----w- c:\program files (x86)\Pontifex II
2012-01-28 02:29 . 2012-01-30 14:32 -------- d-----w- c:\program files (x86)\Enlight
2012-01-28 02:23 . 2012-01-28 02:23 -------- d-----w- c:\users\Darf\AppData\Local\Bridge!
2012-01-28 02:22 . 2012-01-30 14:28 -------- d-----w- c:\program files (x86)\Aerosoft
2012-01-28 02:22 . 2012-01-30 10:32 -------- d-----w- C:\ToxSickLabs
2012-01-28 01:39 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8BD9360-54A8-4523-A590-9432FA0A9A78}\mpengine.dll
2012-01-28 00:57 . 2012-01-28 00:57 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-28 00:57 . 2012-01-30 14:32 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-01-28 00:10 . 2012-01-30 14:32 -------- d-----w- c:\program files (x86)\Bridge Constructor
2012-01-28 00:10 . 2012-01-30 14:32 -------- d-----w- c:\users\Darf\AppData\Roaming\Headup Games
2012-01-21 00:04 . 2012-01-21 00:04 -------- d-----w- c:\users\Darf\AppData\Local\BCR
2012-01-21 00:04 . 2012-01-21 00:04 -------- d-----w- c:\programdata\BCR
2012-01-19 20:40 . 2012-01-30 14:29 -------- d-----w- c:\program files (x86)\Microsoft Application Compatibility Toolkit
2012-01-19 16:29 . 2012-01-30 14:32 -------- d-----w- c:\users\Darf\AppData\Roaming\TS3Client
2012-01-19 16:29 . 2012-01-30 14:32 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-01-17 18:54 . 2009-11-11 14:37 3248128 ----a-w- c:\windows\SysWow64\DVAPfg.exe
2012-01-17 18:53 . 2012-01-30 14:32 -------- d-----w- c:\program files (x86)\ffdshow
2012-01-17 18:53 . 2009-07-05 20:33 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-01-17 18:53 . 2009-07-05 20:33 60273 ----a-w- c:\windows\SysWow64\pthreadGC2.dll
2012-01-15 15:20 . 2012-01-15 15:20 -------- d-----w- c:\users\Darf\AppData\Local\kaneandlynch
2012-01-15 15:12 . 2012-01-15 15:12 -------- d--h--r- c:\users\Darf\AppData\Roaming\SecuROM
2012-01-15 15:04 . 2012-01-30 14:29 -------- d-----w- c:\program files (x86)\Eidos
2012-01-15 02:54 . 2012-01-30 14:32 -------- d-----w- c:\program files (x86)\Driver San Francisco
2012-01-15 00:45 . 2012-01-15 00:45 -------- d--h--w- c:\users\Darf\InstallAnywhere
2012-01-15 00:21 . 2012-01-30 14:32 -------- d-----w- c:\windows\USB Vibration
2012-01-15 00:21 . 2012-01-30 14:29 -------- d-----w- c:\program files (x86)\USB Vibration
2012-01-15 00:21 . 2012-01-15 00:21 270468 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Setup.dll
2012-01-15 00:21 . 2012-01-15 00:21 159876 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll
2012-01-15 00:21 . 2002-08-05 09:46 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll
2012-01-15 00:21 . 2002-08-02 02:10 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe
2012-01-15 00:21 . 2002-08-02 01:20 634880 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll
2012-01-15 00:21 . 2002-08-02 01:20 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll
2012-01-15 00:21 . 2002-08-02 01:20 151552 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll
2012-01-11 14:41 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 14:41 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 14:41 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 14:41 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 14:41 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 14:41 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 14:41 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 14:41 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-08 13:54 . 2012-01-08 13:54 -------- d-----w- c:\users\Darf\AppData\Local\Logitech
2012-01-08 13:48 . 2012-01-08 13:48 -------- d-----w- c:\programdata\Codemasters
2012-01-08 13:38 . 2012-01-30 14:32 -------- d-----w- c:\program files (x86)\OpenAL
2012-01-08 13:38 . 2012-01-28 01:00 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-01-08 13:38 . 2012-01-28 01:00 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-01-08 13:38 . 2012-01-28 01:00 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-01-08 13:38 . 2012-01-28 01:00 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-01-08 13:38 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-01-08 13:38 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-01-08 13:38 . 2008-07-12 07:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2012-01-08 13:38 . 2008-07-12 07:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2012-01-08 13:38 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-01-08 13:38 . 2008-07-12 07:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-01-08 13:28 . 2012-01-30 14:28 -------- d-----w- c:\program files (x86)\Codemasters
2012-01-07 20:20 . 2012-01-30 14:30 -------- d-----w- c:\users\Darf\AppData\Roaming\Mikrotik
2012-01-07 16:59 . 2012-01-30 14:29 -------- d-----w- c:\program files (x86)\Google
2012-01-07 11:01 . 2012-01-30 14:29 -------- d-----w- c:\program files (x86)\Disney Interactive Studios
2012-01-04 16:55 . 2012-01-30 14:32 -------- d-----w- c:\program files (x86)\18 WoS Extreme Trucker 2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 11:23 . 2011-11-28 16:01 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-01-29 11:23 . 2011-11-27 09:40 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-01-29 11:22 . 2011-11-27 09:40 282880 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-01-28 11:45 . 2011-11-29 20:04 78848 ----a-w- c:\windows\KMSEmulator.exe
2012-01-13 16:15 . 2012-01-13 16:15 340992 ----a-w- c:\windows\system32\schannel.dll
2012-01-13 16:15 . 2012-01-13 16:15 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-08 16:33 . 2011-11-26 20:23 25640 ----a-w- c:\windows\gdrv.sys
2012-01-03 18:18 . 2011-11-27 09:40 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-12-28 00:54 . 2011-12-28 00:54 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-12-28 00:54 . 2011-12-28 00:54 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-12-28 00:54 . 2011-12-28 00:54 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-12-28 00:54 . 2011-12-28 00:54 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-12-28 00:54 . 2011-12-28 00:54 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-12-07 09:39 . 2011-11-26 20:16 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-11-28 20:16 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-11-28 20:16 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-11-27 13:04 . 2011-11-26 20:23 30528 ----a-w- c:\windows\GVTDrv64.sys
2011-11-26 22:44 . 2011-11-26 22:44 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-24 04:52 . 2011-12-14 19:58 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:41 . 2011-12-14 20:08 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-14 20:08 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 20:08 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-14 20:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-14 20:08 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-14 20:08 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-11-17 1515688]
"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-03-04 165776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]
[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-11-17 18:29 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-11-17 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-28 619352]
"Headup Games"="c:\users\Darf\AppData\Roaming\Headup Games\upd.exe" [2011-12-26 979563]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-03-04 812416]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 877896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 291888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-07 136176]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-07 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-11-27 30528]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]
R3 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-28 494424]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-07 16:59]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-07 16:59]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1985331280-3213936348-3091441614-1000Core.job
- c:\users\Darf\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 20:16]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1985331280-3213936348-3091441614-1000UA.job
- c:\users\Darf\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 20:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-05 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-12 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-12 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-12 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"combofix"="c:\combofix\CF30648.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com/?l=dis&o=15187
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 192.168.3.254 172.20.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1985331280-3213936348-3091441614-1000\Software\SecuROM\License information*]
"datasecu"=hex:15,40,b7,77,a7,b8,e7,d9,b3,da,c0,a0,e5,02,a9,b0,b6,7f,4d,5d,97,
d9,45,64,89,ed,2d,05,20,0b,24,05,ac,98,7c,bf,ce,af,1d,f2,1a,ed,4a,09,8f,c2,\
"rkeysecu"=hex:9f,ca,16,75,83,0a,d6,fd,d2,a5,ab,cb,c1,0d,12,f7
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\svchost.exe
.
**************************************************************************
.
Celkový čas: 2012-01-30 16:24:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-30 15:24
ComboFix2.txt 2012-01-30 14:23
.
Před spuštěním: Volných bajtů: 309 963 124 736
Po spuštění: Volných bajtů: 309 619 331 072
.
- - End Of File - - 5766745DBD975BF81420510EF2E0B74A

[vyosek]

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• c:\windows\svchost.exe
• Kliknete na Choose file
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Kliknete na Scan It
• Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
  
• Vysledek analyzy sem vlozte (jako odkaz)

[darf]

Kód: Vybrat vše

https://www.virustotal.com/file/20af03add533a6870d524a7c4753b42bfceb56cddd46016c051e23581ba743f8/analysis/1327944870/