trojský kůň Win32/Sirefef.DA

Zpráva

#16 Příspěvek od **vyosek** » 07 bře 2012 16:16

Jeste je tam dost prace

Ale tu nejhoris mrchu uz mame pryc

Pokud nemate, tak presunte Combofix primo na disk c:\ at neni v zadne slozce

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\program files\common files\akamai
c:\program files\Ask.com
c:\program files\Common Files\Spigot
c:\documents and settings\Slejtr\Local Settings\Data aplikací\84fbcdf3
c:\documents and settings\Slejtr\Data aplikací\Search Settings
c:\program files\Application Updater
c:\program files\YouTube Downloader Toolbar

File::
c:\program files\ClixSense.com\prxtbCli1.dll
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

Collect::
c:\windows\system32\drivers\guqaqjlg.sys

Rootkit::
c:\windows\system32\drivers\guqaqjlg.sys

Driver::
Akamai
guht
gupdate
gupdatem
gupdate1ca093ba966b462
gusvc

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"=-
"3540:UDP"=-
"1056:TCP"=-
"5000:UDP"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"=-
"ISUSPM Startup"=-
"ISUSScheduler"=-
"NokiaMusic FastStart"=-
"QuickTime Task"=-
"ApnUpdater"=-
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"Malwarebytes' Anti-Malware"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"=-
"Akamai NetSession Interface"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{70df8d13-bdd3-448e-944c-efde21b77161}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{70df8d13-bdd3-448e-944c-efde21b77161}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{70df8d13-bdd3-448e-944c-efde21b77161}"=-
"{F3FEE66E-E034-436a-86E4-9690573BEE8A}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{70DF8D13-BDD3-448E-944C-EFDE21B77161}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{70df8d13-bdd3-448e-944c-efde21b77161}]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Ask.com\\Updater\\Updater.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,\
  76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,\
  65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,\
  00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\
  62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,\
  49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,\
  57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,\
  6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,\
  61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,\
  52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,\
  75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,\
  63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,\
  68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,\
  56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,\
  73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,42,49,54,53,00,77,75,61,75,73,65,\
  72,76,00,53,68,65,6c,6c,48,57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,\
  76,63,00,57,6d,64,6d,50,6d,53,4e,00,6e,61,70,61,67,65,6e,74,00,68,6b,6d,73,\
  76,63,00,4d,48,4e,00,00

DDS::
mStart Page = hxxp://www.bigseekpro.com/burn4free/{41650AF7-8452-4B65-B3DA-77E031D95C3A}
uInternet Settings,ProxyServer = 192.168.1.80:3128
uInternet Settings,ProxyOverride = 127.0.0.1:9421
Trusted Zone: neobux.com\www

Firefox::
FF - ProfilePath - c:\documents and settings\Slejtr\Data aplikací\Mozilla\Firefox\Profiles\mdej2wun.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =937811&p=

ClearJavaCache::

AtJob::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt taktez primo na disk c:\
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

jirkasl · #17 Příspěvek od **jirkasl** » 08 bře 2012 08:11

Spustil jsem script CF, Autoscan již běží 40 minut ve fázi "vyhledávám nakažené soubory", bliká kurzor, nenaběhla žádná fáze a zdá se, že se nic neděje. Během chodu scriptu jsem na PC nic nedělal, ani nikam neklikal. Může to být normální, nebo to nějak spustit znovu?

#18 Příspěvek od **cernohous13** » 08 bře 2012 08:45

můžeš to zkusit opakovat po restartu do Nouzového režimu

jirkasl · #19 Příspěvek od **jirkasl** » 08 bře 2012 09:38

Zde po proběhnutí v nouzovém režimu:

ComboFix 12-03-06.01 - Slejtr 08.03.2012 9:01.2.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3071.2581 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: AVG Anti-Virus Business Edition *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\program files\ClixSense.com\prxtbCli1.dll"
"c:\windows\tasks\Google Software Updater.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Application Updater
c:\program files\Application Updater\config.ini
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Thumbs.db
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\ClixSense.com\prxtbCli1.dll
c:\program files\common files\akamai
c:\program files\common files\akamai\appregistry.dat
c:\program files\common files\akamai\client.ini
c:\program files\common files\akamai\client.ini.json
c:\program files\common files\akamai\CplTasks.xml
c:\program files\common files\akamai\euc_state.json
c:\program files\common files\akamai\guid.ini
c:\program files\common files\akamai\installer.txt
c:\program files\common files\akamai\installer_no_upload_silent.exe
c:\program files\common files\akamai\Languages\csy.dll
c:\program files\common files\akamai\Languages\dan.dll
c:\program files\common files\akamai\Languages\deu.dll
c:\program files\common files\akamai\Languages\esp.dll
c:\program files\common files\akamai\Languages\fin.dll
c:\program files\common files\akamai\Languages\fra.dll
c:\program files\common files\akamai\Languages\chs.dll
c:\program files\common files\akamai\Languages\cht.dll
c:\program files\common files\akamai\Languages\ita.dll
c:\program files\common files\akamai\Languages\jpn.dll
c:\program files\common files\akamai\Languages\kor.dll
c:\program files\common files\akamai\Languages\nld.dll
c:\program files\common files\akamai\Languages\nor.dll
c:\program files\common files\akamai\Languages\plk.dll
c:\program files\common files\akamai\Languages\ptb.dll
c:\program files\common files\akamai\Languages\ptg.dll
c:\program files\common files\akamai\Languages\rus.dll
c:\program files\common files\akamai\Languages\sve.dll
c:\program files\common files\akamai\Languages\trk.dll
c:\program files\common files\akamai\Logs\debug.log
c:\program files\common files\akamai\Logs\debug.log.120301_074725.sent
c:\program files\common files\akamai\Logs\debug.log.120301_084725.sent
c:\program files\common files\akamai\Logs\debug.log.120301_094726.sent
c:\program files\common files\akamai\Logs\debug.log.120301_104727.sent
c:\program files\common files\akamai\Logs\debug.log.120301_114728.sent
c:\program files\common files\akamai\Logs\debug.log.120301_124729.sent
c:\program files\common files\akamai\Logs\debug.log.120301_134729.sent
c:\program files\common files\akamai\Logs\debug.log.120301_144729.sent
c:\program files\common files\akamai\Logs\debug.log.120301_154730.sent
c:\program files\common files\akamai\Logs\debug.log.120301_164730.sent
c:\program files\common files\akamai\Logs\debug.log.120301_174730.sent
c:\program files\common files\akamai\Logs\debug.log.120301_184730.sent
c:\program files\common files\akamai\Logs\debug.log.120301_194730.sent
c:\program files\common files\akamai\Logs\debug.log.120301_204731.sent
c:\program files\common files\akamai\Logs\debug.log.120301_214731.sent
c:\program files\common files\akamai\Logs\debug.log.120301_224732.sent
c:\program files\common files\akamai\Logs\debug.log.120301_234732.sent
c:\program files\common files\akamai\Logs\debug.log.120302_004732.sent
c:\program files\common files\akamai\Logs\debug.log.120302_014732.sent
c:\program files\common files\akamai\Logs\debug.log.120302_024733.sent
c:\program files\common files\akamai\Logs\debug.log.120302_034733.sent
c:\program files\common files\akamai\Logs\debug.log.120302_044733.sent
c:\program files\common files\akamai\Logs\debug.log.120302_054733.sent
c:\program files\common files\akamai\Logs\debug.log.120302_064734.sent
c:\program files\common files\akamai\Logs\debug.log.120302_074735.sent
c:\program files\common files\akamai\Logs\debug.log.120302_084735.sent
c:\program files\common files\akamai\Logs\debug.log.120302_094736.sent
c:\program files\common files\akamai\Logs\debug.log.120302_104737.sent
c:\program files\common files\akamai\Logs\debug.log.120302_114737.sent
c:\program files\common files\akamai\Logs\debug.log.120302_124737.sent
c:\program files\common files\akamai\Logs\debug.log.120302_134738.sent
c:\program files\common files\akamai\Logs\debug.log.120302_141116.sent
c:\program files\common files\akamai\Logs\debug.log.120305_054740.sent
c:\program files\common files\akamai\Logs\debug.log.120305_064741.sent
c:\program files\common files\akamai\Logs\debug.log.120305_064744.sent
c:\program files\common files\akamai\Logs\debug.log.120305_074745.sent
c:\program files\common files\akamai\Logs\debug.log.120305_084745.sent
c:\program files\common files\akamai\Logs\debug.log.120305_094746.sent
c:\program files\common files\akamai\Logs\debug.log.120305_094748.sent
c:\program files\common files\akamai\Logs\debug.log.120305_095225.sent
c:\program files\common files\akamai\Logs\debug.log.120305_095341.sent
c:\program files\common files\akamai\Logs\debug.log.120305_105341.sent
c:\program files\common files\akamai\Logs\debug.log.120305_111950.sent
c:\program files\common files\akamai\Logs\debug.log.120305_112059.sent
c:\program files\common files\akamai\Logs\debug.log.120305_122100.sent
c:\program files\common files\akamai\Logs\debug.log.120305_132100.sent
c:\program files\common files\akamai\Logs\debug.log.120305_142101.sent
c:\program files\common files\akamai\Logs\debug.log.120305_152101.sent
c:\program files\common files\akamai\Logs\debug.log.120305_162101.sent
c:\program files\common files\akamai\Logs\debug.log.120305_172101.sent
c:\program files\common files\akamai\Logs\debug.log.120305_182101.sent
c:\program files\common files\akamai\Logs\debug.log.120305_192101.sent
c:\program files\common files\akamai\Logs\debug.log.120305_202102.sent
c:\program files\common files\akamai\Logs\debug.log.120305_212102.sent
c:\program files\common files\akamai\Logs\debug.log.120305_222103.sent
c:\program files\common files\akamai\Logs\debug.log.120305_232103.sent
c:\program files\common files\akamai\Logs\debug.log.120306_002103.sent
c:\program files\common files\akamai\Logs\debug.log.120306_012104.sent
c:\program files\common files\akamai\Logs\debug.log.120306_022104.sent
c:\program files\common files\akamai\Logs\debug.log.120306_032104.sent
c:\program files\common files\akamai\Logs\debug.log.120306_042104.sent
c:\program files\common files\akamai\Logs\debug.log.120306_052105.sent
c:\program files\common files\akamai\Logs\debug.log.120306_054354.sent
c:\program files\common files\akamai\Logs\debug.log.120306_054531.sent
c:\program files\common files\akamai\Logs\debug.log.120306_064531.sent
c:\program files\common files\akamai\Logs\debug.log.120306_074531.sent
c:\program files\common files\akamai\Logs\debug.log.120306_084531.sent
c:\program files\common files\akamai\Logs\debug.log.120306_094532.sent
c:\program files\common files\akamai\Logs\debug.log.120306_104532.sent
c:\program files\common files\akamai\Logs\debug.log.120306_114532.sent
c:\program files\common files\akamai\Logs\debug.log.120306_124533.sent
c:\program files\common files\akamai\Logs\debug.log.120306_134534.sent
c:\program files\common files\akamai\Logs\debug.log.120306_144534.sent
c:\program files\common files\akamai\Logs\debug.log.120306_154534.sent
c:\program files\common files\akamai\Logs\debug.log.120306_164534.sent
c:\program files\common files\akamai\Logs\debug.log.120306_174535.sent
c:\program files\common files\akamai\Logs\debug.log.120306_184535.sent
c:\program files\common files\akamai\Logs\debug.log.120306_194536.sent
c:\program files\common files\akamai\Logs\debug.log.120306_204536.sent
c:\program files\common files\akamai\Logs\debug.log.120306_214536.sent
c:\program files\common files\akamai\Logs\debug.log.120306_224537.sent
c:\program files\common files\akamai\Logs\debug.log.120306_234537.sent
c:\program files\common files\akamai\Logs\debug.log.120307_004538.sent
c:\program files\common files\akamai\Logs\debug.log.120307_014538.sent
c:\program files\common files\akamai\Logs\debug.log.120307_024538.sent
c:\program files\common files\akamai\Logs\debug.log.120307_034538.sent
c:\program files\common files\akamai\Logs\debug.log.120307_044539.sent
c:\program files\common files\akamai\Logs\debug.log.120307_054539.sent
c:\program files\common files\akamai\Logs\debug.log.120307_064539.sent
c:\program files\common files\akamai\Logs\debug.log.120307_074539.sent
c:\program files\common files\akamai\Logs\debug.log.120307_080653.sent
c:\program files\common files\akamai\Logs\debug.log.120307_080840.sent
c:\program files\common files\akamai\Logs\debug.log.120307_090840.sent
c:\program files\common files\akamai\Logs\debug.log.120307_100340.sent
c:\program files\common files\akamai\Logs\debug.log.120307_110340.sent
c:\program files\common files\akamai\Logs\debug.log.120307_112738.sent
c:\program files\common files\akamai\Logs\debug.log.120307_112841.sent
c:\program files\common files\akamai\Logs\debug.log.120307_120248.sent
c:\program files\common files\akamai\Logs\debug.log.120307_120346.sent
c:\program files\common files\akamai\Logs\debug.log.120307_122255.sent
c:\program files\common files\akamai\Logs\debug.log.120307_122407.sent
c:\program files\common files\akamai\Logs\debug.log.120307_132408.sent
c:\program files\common files\akamai\Logs\debug.log.120307_141315.sent
c:\program files\common files\akamai\Logs\debug.log.120308_060804.sent
c:\program files\common files\akamai\Logs\debug.log.120308_070805.upload
c:\program files\common files\akamai\Logs\dump\120305_064746_0.dmp.sent
c:\program files\common files\akamai\Logs\dump\120305_094750_0.dmp.sent
c:\program files\common files\akamai\Logs\dump\120307_100342_0.dmp.sent
c:\program files\common files\akamai\netsession_win_7de0ed9.dll
c:\program files\common files\akamai\readme.txt
c:\program files\common files\akamai\root.pem
c:\program files\common files\akamai\rswinui.exe
c:\program files\common files\akamai\stubgraded
c:\program files\common files\akamai\uninstall.exe
c:\program files\common files\akamai\user.dat
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files\Common Files\Spigot\Search Settings\wth.dll
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files\Common Files\Spigot\wtxpcom\components\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\install.rdf
c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\install.rdf
c:\program files\YouTube Downloader Toolbar
c:\program files\YouTube Downloader Toolbar\FF\chrome.manifest
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\brwobj.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\chevron.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\chevron.xul
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\JSWidget.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\login.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\login.xul
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\parser.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\RadioWidget.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\RadioWidget.xul
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\searchbox.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\searchbox.xul
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\utils.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgicomm.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgihandling.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgichevron.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\YouTube Downloader Toolbar\FF\chrome\content\widgiui.js
c:\program files\YouTube Downloader Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\YouTube Downloader Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\YouTube Downloader Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\amazon.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\dailymotion.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\dropinsavings.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\dropinsavingsabt.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\ebay.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\facebook.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\googleplus.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\hulu.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\chevron.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\metacafe.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\radio-close.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\radio-minimize.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\radiobeta.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search-button.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search-wmrk-baidu.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search-wmrk-yahoo.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search-wmrk-yandex.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search_baidu.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search_yandex.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\search_youtube.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\searchbox.css
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\splitter.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\twitter.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\veoh.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\youtube.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\ytd.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\ytd_logo.gif
c:\program files\YouTube Downloader Toolbar\FF\chrome\skin\ytd_logo_hover.gif
c:\program files\YouTube Downloader Toolbar\FF\install.rdf
c:\program files\YouTube Downloader Toolbar\IE\5.0\config.ini
c:\program files\YouTube Downloader Toolbar\Res\amazon.gif
c:\program files\YouTube Downloader Toolbar\Res\dailymotion.gif
c:\program files\YouTube Downloader Toolbar\Res\dropinsavings.gif
c:\program files\YouTube Downloader Toolbar\Res\dropinsavingsabt.gif
c:\program files\YouTube Downloader Toolbar\Res\ebay.gif
c:\program files\YouTube Downloader Toolbar\Res\facebook.gif
c:\program files\YouTube Downloader Toolbar\Res\googleplus.gif
c:\program files\YouTube Downloader Toolbar\Res\hulu.gif
c:\program files\YouTube Downloader Toolbar\Res\icon_settings.gif
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1031.ini
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1033.ini
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1034.ini
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1036.ini
c:\program files\YouTube Downloader Toolbar\Res\Lang\res1040.ini
c:\program files\YouTube Downloader Toolbar\Res\metacafe.gif
c:\program files\YouTube Downloader Toolbar\Res\radio-close.gif
c:\program files\YouTube Downloader Toolbar\Res\radio-minimize.gif
c:\program files\YouTube Downloader Toolbar\Res\radiobeta.gif
c:\program files\YouTube Downloader Toolbar\Res\search-button-hover.gif
c:\program files\YouTube Downloader Toolbar\Res\search-button.gif
c:\program files\YouTube Downloader Toolbar\Res\search-chevron-hover.gif
c:\program files\YouTube Downloader Toolbar\Res\search-chevron.gif
c:\program files\YouTube Downloader Toolbar\Res\search_amazon.gif
c:\program files\YouTube Downloader Toolbar\Res\search_baidu.gif
c:\program files\YouTube Downloader Toolbar\Res\search_ebay.gif
c:\program files\YouTube Downloader Toolbar\Res\search_yahoo.gif
c:\program files\YouTube Downloader Toolbar\Res\search_yandex.gif
c:\program files\YouTube Downloader Toolbar\Res\search_youtube.gif
c:\program files\YouTube Downloader Toolbar\Res\twitter.gif
c:\program files\YouTube Downloader Toolbar\Res\veoh.gif
c:\program files\YouTube Downloader Toolbar\Res\widgets.xml
c:\program files\YouTube Downloader Toolbar\Res\youtube.gif
c:\program files\YouTube Downloader Toolbar\Res\ytd.gif
c:\program files\YouTube Downloader Toolbar\Res\ytd_logo.gif
c:\program files\YouTube Downloader Toolbar\Res\ytd_logo_hover.gif
c:\program files\YouTube Downloader Toolbar\WidgiHelper.exe
c:\windows\tasks\Google Software Updater.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\Scheduled Update for Ask Toolbar.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AKAMAI
-------\Legacy_GUPDATE1CA093BA966B462
-------\Legacy_GUPDATEM
-------\Legacy_GUSVC
-------\Service_Akamai
-------\Service_guht
-------\Service_gupdate1ca093ba966b462
-------\Service_gupdatem
-------\Service_gusvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-08 do 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-07 11:27 . 2012-03-07 11:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-07 06:57 . 2012-03-07 06:57 -------- d-----w- c:\program files\trend micro
2012-03-07 06:57 . 2012-03-07 06:58 -------- d-----w- C:\rsit
2012-03-05 07:08 . 2012-03-05 07:08 -------- d-----w- C:\spoolerlogs
2012-02-29 10:06 . 2012-02-29 10:06 -------- d-----w- c:\program files\ESET
2012-02-29 08:55 . 2012-02-29 08:55 -------- d-----w- c:\documents and settings\Slejtr\Data aplikací\Malwarebytes
2012-02-29 08:55 . 2012-02-29 08:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-29 08:55 . 2012-02-29 08:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-02-29 08:55 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-29 08:16 . 2012-02-29 08:16 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2012-02-29 08:03 . 2012-02-29 08:03 -------- d-----r- c:\documents and settings\NetworkService\Oblíbené položky
2012-02-29 07:57 . 2012-02-29 07:57 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-29 06:18 . 2012-03-05 08:44 -------- d-sh--w- c:\documents and settings\Slejtr\Local Settings\Data aplikací\84fbcdf3
2012-02-16 07:16 . 2012-02-16 07:16 -------- d-----w- c:\documents and settings\Slejtr\Data aplikací\Search Settings
2012-02-15 06:27 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 06:27 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 11:28 . 2003-04-16 12:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-01-12 17:20 . 2003-04-16 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2003-04-16 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2003-04-16 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2003-04-16 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2008-06-23 15:29 385024 ----a-w- c:\windows\system32\html.iec
2007-12-14 10:24 . 2009-10-06 08:44 4839936 ----a-w- c:\program files\HTM_Procs.exe
2011-07-13 05:37 . 2011-05-19 07:54 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-07_12.25.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-08 08:15 . 2012-03-08 08:15 16384 c:\windows\temp\Perflib_Perfdata_fc.dat
- 2003-04-16 12:00 . 2012-02-15 06:47 88926 c:\windows\system32\perfc009.dat
+ 2003-04-16 12:00 . 2012-03-08 08:23 88926 c:\windows\system32\perfc009.dat
+ 2003-04-16 12:00 . 2012-03-08 08:23 505378 c:\windows\system32\perfh009.dat
- 2003-04-16 12:00 . 2012-02-15 06:47 505378 c:\windows\system32\perfh009.dat
- 2003-04-16 12:00 . 2012-02-15 06:47 500622 c:\windows\system32\perfh005.dat
+ 2003-04-16 12:00 . 2012-03-08 08:23 500622 c:\windows\system32\perfh005.dat
+ 2003-04-16 12:00 . 2012-03-08 08:23 103116 c:\windows\system32\perfc005.dat
- 2003-04-16 12:00 . 2012-02-15 06:47 103116 c:\windows\system32\perfc005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\System32\xRaidSetup.exe" [2007-11-19 1970176]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-24 122368]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-27 2077536]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Slejtr\Nabídka Start\Programy\Po spuštění\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-8-31 333088]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [N/A]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Akcelerátor spuštění AutoCADu LT.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Zástupce - OUTLOOK.EXE.lnk - c:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE [2007-5-31 200032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-22 07:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\ZWCAD 2010 Csy\\ZWCAD.EXE"=
"c:\\Program Files\\ZWCAD 2010 Csy\\zwlm_ts.exe"=
"c:\\Program Files\\ZWCAD 2010 Csy\\ZWErrorDialog.exe"=
"c:\\Program Files\\ZWCAD 2010 Csy\\CrashReportManagement.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Documents and Settings\\Slejtr\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Google\\Quick Search Box\\GoogleQuickSearchBox.exe"=
"c:\\Documents and Settings\\Slejtr\\Local Settings\\Data aplikací\\Seznam.cz\\bin\\postak.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\Common Files\\Autodesk Shared\\WSCommCntr1.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\ESET\\ESET Online Scanner\\OnlineCmdLineScanner.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Nokia\\Ovi Player\\NokiaOviPlayer.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Documents and Settings\\Slejtr\\Local Settings\\Data aplikací\\Seznam.cz\\bin\\MiniBrowser.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Slejtr\\Dokumenty\\vlastní\\viry\\RSIT.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\1029\\MSOHELP.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1061:TCP"= 1061:TCP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [23.6.2008 16:38 52872]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.10.2009 8:29 716272]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23.6.2008 16:38 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23.6.2008 16:38 243152]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [22.6.2010 8:04 308136]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29.2.2012 9:55 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29.2.2012 9:55 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 21:37 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
TCP: Interfaces\{B4BE6A82-10D3-4388-8737-5DA9F60F8F1F}: NameServer = 194.228.41.65,194.228.41.113
FF - ProfilePath - c:\documents and settings\Slejtr\Data aplikací\Mozilla\Firefox\Profiles\mdej2wun.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Akamai - c:\program files\Common Files\Akamai\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-08 09:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3808)
c:\windows\system32\AcSignIcon.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2012-03-08 09:32:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-03-08 08:32
ComboFix2.txt 2012-03-07 12:38
.
Před spuštěním: Volných bajtů: 82 812 055 552
Po spuštění: Volných bajtů: 82 793 222 144
.
- - End Of File - - 297C28EFB1E2CB7E072525C6354CFA4F

#20 Příspěvek od **vyosek** » 08 bře 2012 09:48

Jak se chova PC

jirkasl · #21 Příspěvek od **jirkasl** » 08 bře 2012 10:01

Zdá se, že zatím normálně. Běžné programy se otvírají, pošta i internet funguje.

#22 Příspěvek od **vyosek** » 08 bře 2012 10:06

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Udelejte jeste pro jistotu sken AVPToolem http://forum.viry.cz/viewtopic.php?f=29&t=58179

jirkasl · #23 Příspěvek od **jirkasl** » 08 bře 2012 11:06

Po přejmenování CF na Uninstall a spuštění, to běhá stále dokola a nedá se to zastavit. Nicméně složka CF z PC zmizela. Ostatní utility jsem zatím nespouštěl.

#24 Příspěvek od **vyosek** » 08 bře 2012 11:17

Tak pripadne restart a pokracujte dalsimi

jirkasl · #25 Příspěvek od **jirkasl** » 09 bře 2012 06:56

Tak vše provedeno a zde je log z AVPTool

Status: Deleted (events: 1)
8.3.2012 17:01:11 Deleted virus Virus.Win32.ZAccess.g C:\TDSSKiller_Quarantine\07.03.2012_12.26.22\rtkt0000\svc0000\tsk0000.dta High

#26 Příspěvek od **JaRon** » 09 bře 2012 08:36

myslim, ze hotovo

mas pocitac ako novy

jirkasl · #27 Příspěvek od **jirkasl** » 09 bře 2012 09:18

V tom případě pánové (a jeden z Vás zejména) - veliké díky!

Toto je super fórum a doporučím rozhodně dál.
Tedy vlastně nevím, jestli jste raději, když máte práci, nebo ne...

#28 Příspěvek od **vyosek** » 09 bře 2012 10:39

Tak tak, jak psal kolega...slozku C:\TDSSKiller_Quarantine muzete smazat

Jinak i za kolegu, nemate zac, rado se stalo

VIRY.CZ

trojský kůň Win32/Sirefef.DA

Re: trojský kůň Win32/Sirefef.DA

Re: trojský kůň Win32/Sirefef.DA

Re: trojský kůň Win32/Sirefef.DA

Re: trojský kůň Win32/Sirefef.DA

Re: trojský kůň Win32/Sirefef.DA

Re: trojský kůň Win32/Sirefef.DA

Re: trojský kůň Win32/Sirefef.DA

Re: trojský kůň Win32/Sirefef.DA

Re: trojský kůň Win32/Sirefef.DA

Re: trojský kůň Win32/Sirefef.DA

Re: trojský kůň Win32/Sirefef.DA

Re: trojský kůň Win32/Sirefef.DA

Re: trojský kůň Win32/Sirefef.DA