Zdravím,
moc prosím o pomoc s velkým problémem.
Včera se mi zaviroval PC a zřejmě to začalo aplikací Security Shield, která se mi nechtěným způsobem dostala do PC.
Pořád mi skákala okna se všema možnýma upozorněníma. Všechno jsem zavíral a ihned hledal možnost, jak se toho zbavit.
Antivir jsem neměl žádný.
Začal jsem tedy instalovat všechno možný na zbavení se viru.
Začal jsem Trojan Killer, pak a-squared guard a spyboot.
Už po instalaci Trojan Killer, Security Shield zmizel, ale největší problém stále zůstává.
Jde o to, že všechny soubory... videa, obrázky a pod. jsou zašifrované a nejdou otevřít.
Například u obrázků jpg na kartě vlastnosti je uveden jako typ souboruu: Soubor ENCIPHERED (.EnCiPhErEd).
Po celém PC je rozhozená tato zpráva v txt souboru:
The files on your machine to the disabled for viewing, copying and duplicating video elements of porn and gay porn. To unlock you need to pay a fine of 100 euros. For this purpose, any terminal pay or buy a Ukash voucher Paysafecard on that amount. More sites hxxp://ukash.com/uk/en/home.aspx http://www.paysafecard.com/choose-country/
Please send the voucher by e-mail giorgio4(zavinac)mail.com.
In the case of payment of an amount equal to the penalty in return you will receive an unlock code. It must be entered in the field. After unlocking you must remove all materials that contain elements of violence and porn. In the case of non-payment, all data on your personal computer will be permanently blocked.
Je nějaká možnost, jak soubory odšifrovat?
Díky moc za každou radu.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zašifrované soubory... Security Shield?
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zašifrované soubory... Security Shield?
Naposledy upravil(a) vyosek dne 23 dub 2012 12:10, celkem upraveno 2 x.
Důvod: Zaktivnen link a mail
Důvod: Zaktivnen link a mail
-
Danstahr
- Přítel fóra
- Příspěvky: 1069
- Registrován: 28 říj 2006 20:23
- Bydliště: Londýn
- Kontaktovat uživatele:
Re: Zašifrované soubory... Security Shield?
Dobrý den 
,
dejte log z RSIT podle návodu zde.
Nahrajte jeden ze 'zašifrovaných' obrázků na http://www.leteckaposta.cz a pošlete sem odkaz na stažení.
, dejte log z RSIT podle návodu zde. Nahrajte jeden ze 'zašifrovaných' obrázků na http://www.leteckaposta.cz a pošlete sem odkaz na stažení.Koupím trochu času, cenu respektuji.
Re: Zašifrované soubory... Security Shield?
Postupoval jsem dle rad, ale nastal problém.
Po spuštění RSIT.exe mi po chvíli vyskočí okno s touto zprávou:
Line 7153 (File"C:/Users/Admin/Desktop/RSIT.exe"):
Error: Subscript used with non-Array variable.
Když dám na tom oknu OK, program se ukončí.
Jinak zašifrovaný obrázek je zde: http://leteckaposta.cz/462206212
Po spuštění RSIT.exe mi po chvíli vyskočí okno s touto zprávou:
Line 7153 (File"C:/Users/Admin/Desktop/RSIT.exe"):
Error: Subscript used with non-Array variable.
Když dám na tom oknu OK, program se ukončí.
Jinak zašifrovaný obrázek je zde: http://leteckaposta.cz/462206212
-
Danstahr
- Přítel fóra
- Příspěvky: 1069
- Registrován: 28 říj 2006 20:23
- Bydliště: Londýn
- Kontaktovat uživatele:
Re: Zašifrované soubory... Security Shield?
Zkusíme OTL :
Stáhněte OTL.
Stáhněte OTL.- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
- Zaskrtnete okenko Pro vsechny uzivatele
- Zaskrtnete okenko Kontrola na havet "LOP"
- Zaskrtnete okenko Kontrola na havet "Purity"
- Kliknete na tlacitko Prohledat
- Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Koupím trochu času, cenu respektuji.
Re: Zašifrované soubory... Security Shield?
Tak OTL zatím běží bez problémů.
Až to vytvoří ten log, dám to sem.
Podařilo se mi najít něco víc o mém problému, ale moc tomu nerozumím.
http://www.im-infected.com/trojan/enciphered.html
Budu to ještě zkoušet, tak se pak ozvu.
Tady jsou ty logy: http://leteckaposta.cz/711790629
Až to vytvoří ten log, dám to sem.
Podařilo se mi najít něco víc o mém problému, ale moc tomu nerozumím.
http://www.im-infected.com/trojan/enciphered.html
Budu to ještě zkoušet, tak se pak ozvu.
Tady jsou ty logy: http://leteckaposta.cz/711790629
Naposledy upravil(a) vision dne 23 dub 2012 12:15, celkem upraveno 1 x.
-
Danstahr
- Přítel fóra
- Příspěvky: 1069
- Registrován: 28 říj 2006 20:23
- Bydliště: Londýn
- Kontaktovat uživatele:
Re: Zašifrované soubory... Security Shield?
Neprovadejte prosim zadne pokusy na vlastni pest, muzete tim napachat vic skody, nez uzitku.
Koupím trochu času, cenu respektuji.
Re: Zašifrované soubory... Security Shield?
Poslal jsem ty logy.
Dobře, nebudu nic dělat sám bez vašich rad.
Dobře, nebudu nic dělat sám bez vašich rad.
Re: Zašifrované soubory... Security Shield?
Tak jsem včera čekal na nějakou radu, ale zatím jsem se nedočkal.
Pokusil jsem se tedy o opravu sám.
Nainstaloval jsem program http://www.malwarecity.com/community/in ... howfile=57
ale ani tohle nepomohlo.
Soubory to sice dešifruje, ale tak, že vytvoří soubor nový a ten je poškozený, nebo nejde otevřít.
Program jsem tedy zastavil a hledám další řešení.
Takže zatím bezvýsledné
Pokusil jsem se tedy o opravu sám.
Nainstaloval jsem program http://www.malwarecity.com/community/in ... howfile=57
ale ani tohle nepomohlo.
Soubory to sice dešifruje, ale tak, že vytvoří soubor nový a ten je poškozený, nebo nejde otevřít.
Program jsem tedy zastavil a hledám další řešení.
Takže zatím bezvýsledné
Re: Zašifrované soubory... Security Shield?
Zdravim 
zaskocim za kolegu, nejak nam ochorel...
Jeste vam kolega pise at nedelate nejake hokusy-pokusy, Security Shield neni sranda lecit
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
zaskocim za kolegu, nejak nam ochorel... Jeste vam kolega pise at nedelate nejake hokusy-pokusy, Security Shield neni sranda lecit Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
- Ukoncete vsechny programy
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Pockejte na dokonceni PreScanu
- Zvolte moznost Prohledat (scan)
- Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Zašifrované soubory... Security Shield?
Děkuji, udělám to.
Teď ale musím pryč, tak hned jak se vrátím, pustím se do toho.
Ještě jsem našel zajímavé video, jak odstranit můj problém.
http://www.youtube.com/watch?v=rca0116LgSk
Jenže tohle je pro mne hodně složité
Teď ale musím pryč, tak hned jak se vrátím, pustím se do toho.
Ještě jsem našel zajímavé video, jak odstranit můj problém.
http://www.youtube.com/watch?v=rca0116LgSk
Jenže tohle je pro mne hodně složité
Re: Zašifrované soubory... Security Shield?
Ano je to slozite, uvidime jak se nam bude darit se nejdrive poprat se Shieldem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Zašifrované soubory... Security Shield?
Tak posílám log z RogueKiller:
¤¤¤ Záznamy Registrů: 7 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Badoo Desktop (C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-4037204527-4293416820-2358000098-1001[...]\Run : Badoo Desktop (C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe) -> FOUND
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x836F39D5 -> HOOKED (Unknown @ 0x87F5F7C8)
SSDT[14] : NtAlertThread @ 0x836A17A8 -> HOOKED (Unknown @ 0x87F5F8A8)
SSDT[19] : NtAllocateVirtualMemory @ 0x83662E9B -> HOOKED (Unknown @ 0x87F51D50)
SSDT[22] : NtAlpcConnectPort @ 0x8366A8AD -> HOOKED (Unknown @ 0x8781A3C0)
SSDT[43] : NtAssignProcessToJobObject @ 0x8360E764 -> HOOKED (Unknown @ 0x87F60B88)
SSDT[74] : NtCreateMutant @ 0x83695CA5 -> HOOKED (Unknown @ 0x87F5F518)
SSDT[86] : NtCreateSymbolicLinkObject @ 0x836260BF -> HOOKED (Unknown @ 0x87F608A8)
SSDT[87] : NtCreateThread @ 0x836F1C6A -> HOOKED (Unknown @ 0x87F50588)
SSDT[88] : NtCreateThreadEx @ 0x8364FDD1 -> HOOKED (Unknown @ 0x87F60998)
SSDT[96] : NtDebugActiveProcess @ 0x836C723C -> HOOKED (Unknown @ 0x87F60C68)
SSDT[111] : NtDuplicateObject @ 0x83693152 -> HOOKED (Unknown @ 0x87F5E5E0)
SSDT[131] : NtFreeVirtualMemory @ 0x834CA831 -> HOOKED (Unknown @ 0x87F51B90)
SSDT[145] : NtImpersonateAnonymousToken @ 0x83609F96 -> HOOKED (Unknown @ 0x87F5F608)
SSDT[147] : NtImpersonateThread @ 0x8366F6C9 -> HOOKED (Unknown @ 0x87F5F6E8)
SSDT[155] : NtLoadDriver @ 0x835B8291 -> HOOKED (Unknown @ 0x86DF2700)
SSDT[168] : NtMapViewOfSection @ 0x83695F67 -> HOOKED (Unknown @ 0x87F51A90)
SSDT[177] : NtOpenEvent @ 0x836985F7 -> HOOKED (Unknown @ 0x87F5F438)
SSDT[190] : unknown @ 0x836985C1 -> HOOKED (Unknown @ 0x87F5E780)
SSDT[191] : NtOpenProcessToken @ 0x83653971 -> HOOKED (Unknown @ 0x87F5E500)
SSDT[194] : NtOpenSection @ 0x8369624A -> HOOKED (Unknown @ 0x87F60E90)
SSDT[198] : NtOpenThread @ 0x83696F18 -> HOOKED (Unknown @ 0x87F5E6B0)
SSDT[215] : NtProtectVirtualMemory @ 0x83696CD1 -> HOOKED (Unknown @ 0x87F60A98)
SSDT[304] : NtResumeThread @ 0x8368905F -> HOOKED (Unknown @ 0x87F5F988)
SSDT[316] : NtSetContextThread @ 0x836F2D6F -> HOOKED (Unknown @ 0x87F517E0)
SSDT[333] : NtSetInformationProcess @ 0x83664495 -> HOOKED (Unknown @ 0x87F518C0)
SSDT[350] : NtSetSystemInformation @ 0x836A1E85 -> HOOKED (Unknown @ 0x87F60D48)
SSDT[366] : NtSuspendProcess @ 0x836F390F -> HOOKED (Unknown @ 0x87F60F70)
SSDT[367] : NtSuspendThread @ 0x836B06E6 -> HOOKED (Unknown @ 0x87F5FA68)
SSDT[370] : NtTerminateProcess @ 0x83678BCD -> HOOKED (Unknown @ 0x87F50668)
SSDT[371] : NtTerminateThread @ 0x8368B974 -> HOOKED (Unknown @ 0x87F5FB28)
SSDT[385] : NtUnmapViewOfSection @ 0x83692D6C -> HOOKED (Unknown @ 0x87F519B0)
SSDT[399] : NtWriteVirtualMemory @ 0x8369E645 -> HOOKED (Unknown @ 0x87F51C80)
S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x86A2B810)
S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x86A291A8)
S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x8810FEA8)
S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x87579690)
S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x8898E6F8)
S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x889B17B0)
S_SSDT[508] : Unknown -> HOOKED (Unknown @ 0x889ACEB8)
S_SSDT[509] : Unknown -> HOOKED (Unknown @ 0x889B3DC8)
S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x88986BB8)
S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x8898EDB8)
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] 7c6448db00aad048554506d54c3beae0
[BSP] 468274b22c910c15fa88edc1f06a615f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 59475 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 121806720 | Size: 245766 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Jinak k tomu Security Shield... já nevím, jestli ještě v PC je. Žádný okna ani jiné zprávy nevyskakují a v liště ikona taky není. V podstatě všechno funguje jako dřív, jen ty soubory jsou zašifrovaný.
¤¤¤ Záznamy Registrů: 7 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Badoo Desktop (C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-4037204527-4293416820-2358000098-1001[...]\Run : Badoo Desktop (C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe) -> FOUND
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x836F39D5 -> HOOKED (Unknown @ 0x87F5F7C8)
SSDT[14] : NtAlertThread @ 0x836A17A8 -> HOOKED (Unknown @ 0x87F5F8A8)
SSDT[19] : NtAllocateVirtualMemory @ 0x83662E9B -> HOOKED (Unknown @ 0x87F51D50)
SSDT[22] : NtAlpcConnectPort @ 0x8366A8AD -> HOOKED (Unknown @ 0x8781A3C0)
SSDT[43] : NtAssignProcessToJobObject @ 0x8360E764 -> HOOKED (Unknown @ 0x87F60B88)
SSDT[74] : NtCreateMutant @ 0x83695CA5 -> HOOKED (Unknown @ 0x87F5F518)
SSDT[86] : NtCreateSymbolicLinkObject @ 0x836260BF -> HOOKED (Unknown @ 0x87F608A8)
SSDT[87] : NtCreateThread @ 0x836F1C6A -> HOOKED (Unknown @ 0x87F50588)
SSDT[88] : NtCreateThreadEx @ 0x8364FDD1 -> HOOKED (Unknown @ 0x87F60998)
SSDT[96] : NtDebugActiveProcess @ 0x836C723C -> HOOKED (Unknown @ 0x87F60C68)
SSDT[111] : NtDuplicateObject @ 0x83693152 -> HOOKED (Unknown @ 0x87F5E5E0)
SSDT[131] : NtFreeVirtualMemory @ 0x834CA831 -> HOOKED (Unknown @ 0x87F51B90)
SSDT[145] : NtImpersonateAnonymousToken @ 0x83609F96 -> HOOKED (Unknown @ 0x87F5F608)
SSDT[147] : NtImpersonateThread @ 0x8366F6C9 -> HOOKED (Unknown @ 0x87F5F6E8)
SSDT[155] : NtLoadDriver @ 0x835B8291 -> HOOKED (Unknown @ 0x86DF2700)
SSDT[168] : NtMapViewOfSection @ 0x83695F67 -> HOOKED (Unknown @ 0x87F51A90)
SSDT[177] : NtOpenEvent @ 0x836985F7 -> HOOKED (Unknown @ 0x87F5F438)
SSDT[190] : unknown @ 0x836985C1 -> HOOKED (Unknown @ 0x87F5E780)
SSDT[191] : NtOpenProcessToken @ 0x83653971 -> HOOKED (Unknown @ 0x87F5E500)
SSDT[194] : NtOpenSection @ 0x8369624A -> HOOKED (Unknown @ 0x87F60E90)
SSDT[198] : NtOpenThread @ 0x83696F18 -> HOOKED (Unknown @ 0x87F5E6B0)
SSDT[215] : NtProtectVirtualMemory @ 0x83696CD1 -> HOOKED (Unknown @ 0x87F60A98)
SSDT[304] : NtResumeThread @ 0x8368905F -> HOOKED (Unknown @ 0x87F5F988)
SSDT[316] : NtSetContextThread @ 0x836F2D6F -> HOOKED (Unknown @ 0x87F517E0)
SSDT[333] : NtSetInformationProcess @ 0x83664495 -> HOOKED (Unknown @ 0x87F518C0)
SSDT[350] : NtSetSystemInformation @ 0x836A1E85 -> HOOKED (Unknown @ 0x87F60D48)
SSDT[366] : NtSuspendProcess @ 0x836F390F -> HOOKED (Unknown @ 0x87F60F70)
SSDT[367] : NtSuspendThread @ 0x836B06E6 -> HOOKED (Unknown @ 0x87F5FA68)
SSDT[370] : NtTerminateProcess @ 0x83678BCD -> HOOKED (Unknown @ 0x87F50668)
SSDT[371] : NtTerminateThread @ 0x8368B974 -> HOOKED (Unknown @ 0x87F5FB28)
SSDT[385] : NtUnmapViewOfSection @ 0x83692D6C -> HOOKED (Unknown @ 0x87F519B0)
SSDT[399] : NtWriteVirtualMemory @ 0x8369E645 -> HOOKED (Unknown @ 0x87F51C80)
S_SSDT[318] : Unknown -> HOOKED (Unknown @ 0x86A2B810)
S_SSDT[402] : Unknown -> HOOKED (Unknown @ 0x86A291A8)
S_SSDT[434] : Unknown -> HOOKED (Unknown @ 0x8810FEA8)
S_SSDT[436] : Unknown -> HOOKED (Unknown @ 0x87579690)
S_SSDT[448] : Unknown -> HOOKED (Unknown @ 0x8898E6F8)
S_SSDT[490] : Unknown -> HOOKED (Unknown @ 0x889B17B0)
S_SSDT[508] : Unknown -> HOOKED (Unknown @ 0x889ACEB8)
S_SSDT[509] : Unknown -> HOOKED (Unknown @ 0x889B3DC8)
S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x88986BB8)
S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x8898EDB8)
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] 7c6448db00aad048554506d54c3beae0
[BSP] 468274b22c910c15fa88edc1f06a615f : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 59475 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 121806720 | Size: 245766 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Jinak k tomu Security Shield... já nevím, jestli ještě v PC je. Žádný okna ani jiné zprávy nevyskakují a v liště ikona taky není. V podstatě všechno funguje jako dřív, jen ty soubory jsou zašifrovaný.
Re: Zašifrované soubory... Security Shield?
On rozkryptovat je asi bude docela problem, zkusim pohledat jeste na zahranicnich forech
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Zašifrované soubory... Security Shield?
Tak tady je ten log:
ComboFix 12-04-24.02 - Admin 24.04.2012 16:42:02.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3002.2324 [GMT 2:00]
Spuštěný z: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DS.exe
c:\users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\HOW TO DECRYPT FILES.txt
c:\users\Admin\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
c:\users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\HOW TO DECRYPT FILES.txt
c:\users\Admin\AppData\Roaming\HOW TO DECRYPT FILES.txt
c:\users\Admin\AppData\Roaming\chrtmp
c:\users\Admin\AppData\Roaming\inst.exe
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\(1993) VA - Born to Choose.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\(MS WORD 93-2003) Storno podminky 2010 - 2011 - portály.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\[rutracker.org].t2035399.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\[rutracker.org].t3524510.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\001.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\002.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\003.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\11-0212.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\1105 Removing content with the Clone Stamp tool.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\12.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\120___04.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\1201 Applying filters.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\1244.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\142.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\1824.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\36.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\40.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\6000 ëĺň ňŕňóčđîâęĺ.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\635d_2.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\663.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\8.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\adip_logo.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Anim.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\anim1.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\ASSiGN.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AT7F2832_3_4_5_6_tonemapped.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Bastia.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Black.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Blue's.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Botan (Peonies).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Buď-v-klidu-CZ-2005-(DANiELS).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\buena-vista-tattoo-club-wuerzburg-bad-mergentheim (1).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\buena-vista-tattoo-club-wuerzburg-bad-mergentheim (2).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\buena-vista-tattoo-club-wuerzburg-bad-mergentheim.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\cbII.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CC.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Centrum síťových připojení a sdílení.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\dobirky-slovensko.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Documents (D).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Dole~ité informace MOBY.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Ethno.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\faktura.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Feliz_by_kissy_face.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\flexo.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Folder.auCDtect.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Hardware a zvuk.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Hide It Pro v2.7 (HideItPro) Android Apk App.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\HOW TO DECRYPT FILES.txt
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Chinese_Phoenix.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\inked-2012-02-feb.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\inked.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Inked_2011-11.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Inked_2011-12.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Inked_2012-02.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Inked_2012-03.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Inked_2012-04.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Jerry.Lee.Lewis-Great.Balls.of.Fire.1989.DVDRip.XviD.CZ-SAGiTTARiO.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Kalkulace pruvodni informace.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Kiku (Chrysanthemums).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Koi.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\La-vie-de-boheme-Bohemsky-zivot-(Kaurismaki)-titulky-pribalen.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Led-Zeppelin---The-Song-Remains-the-Same-(1976).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\logo.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Londýnsky gangster.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Lotus.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Lux.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Magazines.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\mail.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\material-kabely.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\md55 room1.nepesufumu.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Michael Jackson's - This Is It.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Michael Jackson - This Is It.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Mlčení-Lorny-2008-titulky-Drama.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\multivan.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\My-Phoenix-tattoo-69488.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\N-50+OPERATING+INSTRUCTIONS.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Native.Instruments.Komplete.8.DVD9.D01-ASSiGN.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Native.Instruments.Traktor.Pro.2.v2.1.1-UNION.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Neuveritelny-zivot-rockera-Coxe-2007-cz.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\odstoupeni-od-smlouvy-nakup-pres-internet.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\odstoupeni-spotrebitele-od-kupni-smlouvy.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\ONEDAY.2011-ETRG (2).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\ONEDAY.2011-ETRG.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\phoenix layout1-11a.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\phoenix sleeve1-11a.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Phoenix.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\pi_944.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Restless 2011 BRRip XviD AC3-FTW (2).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Restless 2011 BRRip XviD AC3-FTW.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\sacd_log.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Sakura (Cherry Blossoms).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Sakura.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Sasha Cane.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Sexy trany fuck very perfect.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Skin_Shots.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Skulls.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Síť a Internet.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\The Last Picture Show (TVrip) [CZsubs].lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Torrent downloaded from Demonoid.me.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\tumblr_lokwrk67vl1qh01oyo1_500.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\tumblr_lwjhnoSYaS1r3w34vo1_1280.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Uživatelské účty a zabezpečení rodiny.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\VW_-_Multivan_Back.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Woodstock-1969.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\www.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\www1.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\yellowblaze.net.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\ZDCRT.part3.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\qtwm.exe
c:\users\Admin\AppData\Roaming\UnInstall RMV Data.exe
c:\users\Admin\AppData\Roaming\vso_ts_preview.xml
c:\users\Admin\x.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\muzapp.exe
c:\windows\system32\tmpFB9D.tmp
c:\windows\system32\tmpFBBE.tmp
D:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-24 do 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 15:09 . 2012-04-24 18:51 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-04-24 15:09 . 2012-04-24 15:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 10:08 . 2012-04-24 10:08 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-04-23 17:37 . 2012-04-23 17:37 -------- d-----w- c:\program files\JPEG Recovery Pro
2012-04-23 10:48 . 2012-04-23 10:48 -------- d-----w- c:\programdata\PCSettings
2012-04-23 10:16 . 2012-04-24 13:16 -------- d-----w- c:\programdata\Norton
2012-04-23 10:03 . 2012-04-23 10:10 -------- d-----w- c:\program files\trend micro
2012-04-23 10:03 . 2012-04-23 10:03 -------- d-----w- C:\rsit
2012-04-23 00:01 . 2012-04-23 00:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-23 00:01 . 2012-04-23 00:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-22 23:51 . 2012-04-24 15:11 -------- d-----w- c:\program files\a-squared Anti-Malware
2012-04-22 19:07 . 2012-04-22 19:07 -------- d-----w- c:\programdata\Alwil Software
2012-04-22 18:55 . 2012-04-23 14:39 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-04-21 19:18 . 2012-04-21 19:23 -------- d-----w- c:\users\Admin\AppData\Local\Canon Easy-PhotoPrint EX
2012-04-14 18:15 . 2012-04-14 18:53 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 18:53 . 2011-06-05 12:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-11-30 12:26 . 2009-11-30 12:26 292560 ----a-w- c:\program files\Iso-burner.exe
2003-05-01 12:59 . 2002-09-19 12:20 1413120 ----a-w- c:\program files\DS_PlugIn.8bf
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-06-24 941968]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-06-24 3373968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 20880]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"a-squared"="c:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" [2012-04-22 3322256]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HOW TO DECRYPT FILES.txt [2009-10-31 705]
Yahoo! Widgets.lnk.EnCiPhErEd [2010-9-1 1067]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-8-26 2684256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI10"=diomidi.dll
"wave10"=Digi32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" silent loginmode=4
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"PLFSetI"=c:\windows\PLFSetI.exe
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"FontExpertType1Loader"=c:\program files\FontExpert\Type1Loader.exe
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"B2C_AGENT"=c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"Creative SB Monitoring Utility"=RunDll32 sbavmon.dll,SBAVMonitor
"SynTPEnh"=%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
"Module Loader"=c:\program files\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun
"RtHDVCpl"=c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"POPUPTV"=c:\program files\ASUS\PopupTV\ExpressTV.exe
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
.
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/02/21 01:18];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 EraserSvc11122;Symantec Eraser Service;c:\program files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 AF9035BDA;ASUS U3100 Mini Plus BDA Devices;c:\windows\system32\Drivers\AF9035BDA.sys [2009-07-16 462952]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-05-31 79360]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-06-16 76088]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 136176]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-12-15 899712]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-06-16 181432]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [2012-01-04 16128]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1343400]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\Winamp\WinRing0.sys [2008-07-26 14416]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-01 691696]
S1 a2injectiondriver;a2injectiondriver;c:\program files\a-squared Anti-Malware\a2dix86.sys [2012-04-22 34768]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\a-squared Anti-Malware\a2util32.sys [2012-04-22 11776]
S1 sdpiosys;sdpiosys;c:\windows\system32\drivers\sdpiosys.sys [2004-11-30 161792]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [2012-04-22 3045688]
S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2008-05-19 57344]
S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-05-03 73392]
S2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-09-29 2139400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 a2acc;a2acc;c:\program files\A-SQUARED ANTI-MALWARE\a2accx86.sys [2012-04-22 51632]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 18:53]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 16:53]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 16:53]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4037204527-4293416820-2358000098-1001Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-13 02:02]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4037204527-4293416820-2358000098-1001UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-13 02:02]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = 127.0.0.1
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Enterprise\Add_AllO.htm
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: postsignum.cz\www
TCP: Interfaces\{9D62CBA2-BBB5-4C8E-952B-74E7461921F7}: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{9D62CBA2-BBB5-4C8E-952B-74E7461921F7}\777777E286F64756C656C6567616E647E236A7: DhcpNameServer = 10.3.0.1
TCP: Interfaces\{9D62CBA2-BBB5-4C8E-952B-74E7461921F7}\96E6564786F6D656234316: DhcpNameServer = 178.77.254.254 77.48.100.254
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Badoo Desktop - c:\programdata\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
HKLM-Run-<NO NAME> - (no file)
HKLM-Run-Pocket Navigator Installer 6.0 - c:\program files\Navigator11\Setup Utility\clickertray.exe
HKLM-Run-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2012-04-24 20:55:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-24 18:55
.
Před spuštěním: 1 819 934 720
Po spuštění: 3 568 492 544
.
- - End Of File - - 32236C61085222549AB38215DCC78DFA
ComboFix 12-04-24.02 - Admin 24.04.2012 16:42:02.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3002.2324 [GMT 2:00]
Spuštěný z: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DS.exe
c:\users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\HOW TO DECRYPT FILES.txt
c:\users\Admin\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
c:\users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\HOW TO DECRYPT FILES.txt
c:\users\Admin\AppData\Roaming\HOW TO DECRYPT FILES.txt
c:\users\Admin\AppData\Roaming\chrtmp
c:\users\Admin\AppData\Roaming\inst.exe
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\(1993) VA - Born to Choose.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\(MS WORD 93-2003) Storno podminky 2010 - 2011 - portály.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\[rutracker.org].t2035399.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\[rutracker.org].t3524510.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\001.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\002.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\003.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\11-0212.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\1105 Removing content with the Clone Stamp tool.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\12.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\120___04.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\1201 Applying filters.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\1244.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\142.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\1824.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\36.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\40.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\6000 ëĺň ňŕňóčđîâęĺ.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\635d_2.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\663.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\8.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\adip_logo.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Anim.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\anim1.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\ASSiGN.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AT7F2832_3_4_5_6_tonemapped.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Bastia.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Black.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Blue's.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Botan (Peonies).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Buď-v-klidu-CZ-2005-(DANiELS).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\buena-vista-tattoo-club-wuerzburg-bad-mergentheim (1).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\buena-vista-tattoo-club-wuerzburg-bad-mergentheim (2).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\buena-vista-tattoo-club-wuerzburg-bad-mergentheim.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\cbII.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CC.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Centrum síťových připojení a sdílení.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\dobirky-slovensko.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Documents (D).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Dole~ité informace MOBY.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Ethno.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\faktura.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Feliz_by_kissy_face.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\flexo.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Folder.auCDtect.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Hardware a zvuk.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Hide It Pro v2.7 (HideItPro) Android Apk App.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\HOW TO DECRYPT FILES.txt
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Chinese_Phoenix.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\inked-2012-02-feb.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\inked.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Inked_2011-11.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Inked_2011-12.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Inked_2012-02.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Inked_2012-03.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Inked_2012-04.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Jerry.Lee.Lewis-Great.Balls.of.Fire.1989.DVDRip.XviD.CZ-SAGiTTARiO.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Kalkulace pruvodni informace.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Kiku (Chrysanthemums).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Koi.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\La-vie-de-boheme-Bohemsky-zivot-(Kaurismaki)-titulky-pribalen.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Led-Zeppelin---The-Song-Remains-the-Same-(1976).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\logo.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Londýnsky gangster.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Lotus.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Lux.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Magazines.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\mail.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\material-kabely.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\md55 room1.nepesufumu.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Michael Jackson's - This Is It.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Michael Jackson - This Is It.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Mlčení-Lorny-2008-titulky-Drama.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\multivan.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\My-Phoenix-tattoo-69488.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\N-50+OPERATING+INSTRUCTIONS.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Native.Instruments.Komplete.8.DVD9.D01-ASSiGN.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Native.Instruments.Traktor.Pro.2.v2.1.1-UNION.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Neuveritelny-zivot-rockera-Coxe-2007-cz.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\odstoupeni-od-smlouvy-nakup-pres-internet.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\odstoupeni-spotrebitele-od-kupni-smlouvy.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\ONEDAY.2011-ETRG (2).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\ONEDAY.2011-ETRG.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\phoenix layout1-11a.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\phoenix sleeve1-11a.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Phoenix.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\pi_944.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Restless 2011 BRRip XviD AC3-FTW (2).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Restless 2011 BRRip XviD AC3-FTW.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\sacd_log.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Sakura (Cherry Blossoms).lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Sakura.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Sasha Cane.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Sexy trany fuck very perfect.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Skin_Shots.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Skulls.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Síť a Internet.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\The Last Picture Show (TVrip) [CZsubs].lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Torrent downloaded from Demonoid.me.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\tumblr_lokwrk67vl1qh01oyo1_500.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\tumblr_lwjhnoSYaS1r3w34vo1_1280.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Uživatelské účty a zabezpečení rodiny.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\VW_-_Multivan_Back.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Woodstock-1969.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\www.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\www1.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\yellowblaze.net.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Recent\ZDCRT.part3.lnk.EnCiPhErEd
c:\users\Admin\AppData\Roaming\qtwm.exe
c:\users\Admin\AppData\Roaming\UnInstall RMV Data.exe
c:\users\Admin\AppData\Roaming\vso_ts_preview.xml
c:\users\Admin\x.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\muzapp.exe
c:\windows\system32\tmpFB9D.tmp
c:\windows\system32\tmpFBBE.tmp
D:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-24 do 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 15:09 . 2012-04-24 18:51 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-04-24 15:09 . 2012-04-24 15:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 10:08 . 2012-04-24 10:08 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-04-23 17:37 . 2012-04-23 17:37 -------- d-----w- c:\program files\JPEG Recovery Pro
2012-04-23 10:48 . 2012-04-23 10:48 -------- d-----w- c:\programdata\PCSettings
2012-04-23 10:16 . 2012-04-24 13:16 -------- d-----w- c:\programdata\Norton
2012-04-23 10:03 . 2012-04-23 10:10 -------- d-----w- c:\program files\trend micro
2012-04-23 10:03 . 2012-04-23 10:03 -------- d-----w- C:\rsit
2012-04-23 00:01 . 2012-04-23 00:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-23 00:01 . 2012-04-23 00:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-22 23:51 . 2012-04-24 15:11 -------- d-----w- c:\program files\a-squared Anti-Malware
2012-04-22 19:07 . 2012-04-22 19:07 -------- d-----w- c:\programdata\Alwil Software
2012-04-22 18:55 . 2012-04-23 14:39 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-04-21 19:18 . 2012-04-21 19:23 -------- d-----w- c:\users\Admin\AppData\Local\Canon Easy-PhotoPrint EX
2012-04-14 18:15 . 2012-04-14 18:53 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 18:53 . 2011-06-05 12:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-11-30 12:26 . 2009-11-30 12:26 292560 ----a-w- c:\program files\Iso-burner.exe
2003-05-01 12:59 . 2002-09-19 12:20 1413120 ----a-w- c:\program files\DS_PlugIn.8bf
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-06-24 941968]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-06-24 3373968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 20880]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"a-squared"="c:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" [2012-04-22 3322256]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HOW TO DECRYPT FILES.txt [2009-10-31 705]
Yahoo! Widgets.lnk.EnCiPhErEd [2010-9-1 1067]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-8-26 2684256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI10"=diomidi.dll
"wave10"=Digi32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"AdobeBridge"="c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" silent loginmode=4
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"PLFSetI"=c:\windows\PLFSetI.exe
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"FontExpertType1Loader"=c:\program files\FontExpert\Type1Loader.exe
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"B2C_AGENT"=c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"Creative SB Monitoring Utility"=RunDll32 sbavmon.dll,SBAVMonitor
"SynTPEnh"=%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
"Module Loader"=c:\program files\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun
"RtHDVCpl"=c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"POPUPTV"=c:\program files\ASUS\PopupTV\ExpressTV.exe
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
.
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/02/21 01:18];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 EraserSvc11122;Symantec Eraser Service;c:\program files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 AF9035BDA;ASUS U3100 Mini Plus BDA Devices;c:\windows\system32\Drivers\AF9035BDA.sys [2009-07-16 462952]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-05-31 79360]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-06-16 76088]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 136176]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-12-15 899712]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-06-16 181432]
R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [2012-01-04 16128]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1343400]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\Winamp\WinRing0.sys [2008-07-26 14416]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-01 691696]
S1 a2injectiondriver;a2injectiondriver;c:\program files\a-squared Anti-Malware\a2dix86.sys [2012-04-22 34768]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\a-squared Anti-Malware\a2util32.sys [2012-04-22 11776]
S1 sdpiosys;sdpiosys;c:\windows\system32\drivers\sdpiosys.sys [2004-11-30 161792]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [2012-04-22 3045688]
S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2008-05-19 57344]
S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-05-03 73392]
S2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-09-29 2139400]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 a2acc;a2acc;c:\program files\A-SQUARED ANTI-MALWARE\a2accx86.sys [2012-04-22 51632]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 18:53]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 16:53]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-22 16:53]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4037204527-4293416820-2358000098-1001Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-13 02:02]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4037204527-4293416820-2358000098-1001UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-13 02:02]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = 127.0.0.1
IE: + Offline &Explorer: Download the link - file://c:\program files\Offline Explorer Enterprise\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\program files\Offline Explorer Enterprise\Add_AllO.htm
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: postsignum.cz\www
TCP: Interfaces\{9D62CBA2-BBB5-4C8E-952B-74E7461921F7}: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{9D62CBA2-BBB5-4C8E-952B-74E7461921F7}\777777E286F64756C656C6567616E647E236A7: DhcpNameServer = 10.3.0.1
TCP: Interfaces\{9D62CBA2-BBB5-4C8E-952B-74E7461921F7}\96E6564786F6D656234316: DhcpNameServer = 178.77.254.254 77.48.100.254
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Badoo Desktop - c:\programdata\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe
HKLM-Run-<NO NAME> - (no file)
HKLM-Run-Pocket Navigator Installer 6.0 - c:\program files\Navigator11\Setup Utility\clickertray.exe
HKLM-Run-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2012-04-24 20:55:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-24 18:55
.
Před spuštěním: 1 819 934 720
Po spuštění: 3 568 492 544
.
- - End Of File - - 32236C61085222549AB38215DCC78DFA
Re: Zašifrované soubory... Security Shield?
Odinstalujte a-squared Anti-Malware, Spybot - Search & Destroy, GridinSoft Trojan Killer a JPEG Recovery Pro Dale uz prosim nedeljte sam dalsi kroky ve snaze polecit si to sam - bud s nami nebo sam a tema uzavrem Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: DirLook:: c:\programdata\PCSettings Folder:: c:\programdata\Spybot - Search & Destroy c:\program files\Spybot - Search & Destroy c:\program files\a-squared Anti-Malware c:\programdata\Alwil Software c:\program files\GridinSoft Trojan Killer Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=- "a-squared"=- [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] [-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] Collect:: c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt Driver:: gupdate gupdatem TrojanKillerDriver a2injectiondriver a2util a2AntiMalware DDS:: Trusted Zone: postsignum.cz\www File:: c:\windows\Tasks\Adobe Flash Player Updater.job c:\windows\Tasks\GoogleUpdateTaskMachineCore.job c:\windows\Tasks\GoogleUpdateTaskMachineUA.job c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4037204527-4293416820-2358000098-1001Core.job c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-13 02:02] c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4037204527-4293416820-2358000098-1001UA.job RegLock:: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] ClearJavaCache:: AtJob:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?