Worm32:Win32/Dorkbot'lnk

Zpráva

Davond · #1 Příspěvek od **Davond** » 08 bře 2012 20:54

Zdravím, mám problém s tímto virem, nejspíše ho mám na flashce nebo na menším z exteráků. Nevím jak se ho zbavit, MS Essential ho sice odebere, ale za chvilku mi zas hlásí, že ho tady mám. Změní mi kompletně všechny složky na flashce/ext disku na systémový složky a vytvoří se zástupce odkazující na tyto složky. Jak se tohoto viru zbavit? Zde přikládám log. Předem díky za radu

Logfile of random's system information tool 1.09 (written by random/random)
Run by HP at 2012-03-08 20:49:59
Microsoft Windows 7 Home Premium
System drive C: has 265 GB (90%) free of 293 GB
Total RAM: 3003 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:50:24, on 8.3.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\taskhost.exe
C:\Users\HP\Desktop\RSIT.exe
C:\Program Files\trend micro\HP.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Fatcth] C:\Users\HP\AppData\Roaming\Fatcth.exe
O4 - HKCU\..\RunOnce: [Microsoft Security Client] C:\Program Files\Microsoft Security Client\msseces.exe /UpdateAndQuickScan /OpenWebPageOnClose
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Hledání panelu &AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\cs-CZ\local\search.html
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe

--
End of file - 8198 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ceburbb0.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "extensions.enabledItems" - "{e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://search.centrum.cz/index.php?tool ... m-1.0.0&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ceburbb0.default\extensions\
maps@ovi.com
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-02 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-08-25 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-08-25 174104]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-08-25 151064]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2009-07-30 225280]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-08-13 467036]
"UpdatePRCShortCut"=C:\Program Files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-02 148888]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"WirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-07-23 498744]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Fatcth"=C:\Users\HP\AppData\Roaming\Fatcth.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Microsoft Security Client"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-08-13 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"WallpaperStyle"=2

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.l3codecp"=l3codecp.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-03-08 20:50:00 ----D---- C:\Program Files\trend micro
2012-03-08 20:49:59 ----D---- C:\rsit
2012-03-08 19:22:43 ----D---- C:\Program Files\Microsoft Security Client
2012-03-08 18:37:59 ----A---- C:\Windows\AutoKMS.ini
2012-03-08 18:33:11 ----D---- C:\Program Files\Common Files\DESIGNER
2012-03-08 18:31:22 ----D---- C:\Program Files\Microsoft Visual Studio 8
2012-03-08 18:30:41 ----D---- C:\Program Files\Microsoft Analysis Services
2012-03-08 18:22:41 ----D---- C:\Users\HP\AppData\Roaming\WinRAR
2012-03-08 18:22:25 ----D---- C:\Program Files\WinRAR
2012-03-08 17:55:36 ----A---- C:\Windows\system32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2012-03-08 17:55:21 ----A---- C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.51.2500.0.dll
2012-03-08 17:53:27 ----D---- C:\Windows\system32\RsFx
2012-03-08 17:46:48 ----D---- C:\Program Files\Microsoft SDKs
2012-03-08 17:46:46 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2012-03-08 17:46:28 ----D---- C:\Program Files\Microsoft Synchronization Services
2012-03-08 17:46:04 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2012-03-08 17:46:00 ----D---- C:\Windows\system32\1033
2012-03-08 17:38:42 ----D---- C:\Program Files\Microsoft SQL Server
2012-03-08 17:37:52 ----D---- C:\a634e0670685a941161ccbdfb077fe
2012-03-08 17:35:29 ----N---- C:\Windows\system32\MpSigStub.exe
2012-03-08 17:11:34 ----D---- C:\Users\HP\AppData\Roaming\Hewlett-Packard
2012-03-08 17:10:58 ----D---- C:\Users\HP\AppData\Roaming\Mozilla
2012-03-08 17:09:29 ----D---- C:\Program Files\Mozilla Firefox
2012-03-07 13:15:25 ----D---- C:\Windows\system32\sda
2012-03-07 07:29:17 ----D---- C:\Users\HP\AppData\Roaming\Adobe
2012-03-03 18:56:52 ----D---- C:\Windows\ehome
2012-03-03 18:54:56 ----SHD---- C:\System Volume Information
2012-03-03 11:42:26 ----D---- C:\Users\HP\AppData\Roaming\HpUpdate
2012-03-03 11:37:28 ----A---- C:\ProgramData\HPWALog.txt
2012-03-03 11:36:59 ----D---- C:\Users\HP\AppData\Roaming\Identities
2012-03-03 11:36:44 ----D---- C:\Users\HP\AppData\Roaming\hpqlog
2012-03-03 11:33:35 ----D---- C:\Users\HP\AppData\Roaming\HP TCS
2012-03-03 11:21:26 ----D---- C:\Program Files\Microsoft
2012-03-03 11:21:11 ----D---- C:\Program Files\Windows Live SkyDrive
2012-03-03 11:21:07 ----D---- C:\Program Files\Windows Live
2012-03-03 11:20:23 ----D---- C:\Program Files\Common Files\Windows Live
2012-03-03 11:18:06 ----D---- C:\Program Files\Microsoft Office Suite Activation Assistant
2012-03-03 11:17:47 ----A---- C:\Windows\system32\msonpmon.dll
2012-03-03 11:17:05 ----D---- C:\Program Files\Microsoft Works
2012-03-03 11:16:45 ----D---- C:\Windows\PCHEALTH
2012-03-03 11:16:45 ----D---- C:\Program Files\Microsoft.NET
2012-03-03 11:15:42 ----D---- C:\Windows\SHELLNEW
2012-03-03 11:15:35 ----D---- C:\ProgramData\Microsoft Help
2012-03-03 11:15:35 ----D---- C:\Program Files\Microsoft Office
2012-03-03 11:15:17 ----RHD---- C:\MSOCache
2012-03-03 11:14:53 ----D---- C:\ProgramData\Adobe
2012-03-03 11:14:51 ----D---- C:\Program Files\Common Files\Adobe
2012-03-03 11:14:51 ----D---- C:\Program Files\Adobe
2012-03-03 11:13:01 ----SD---- C:\Users\HP\AppData\Roaming\Microsoft
2012-03-03 11:13:01 ----D---- C:\Users\HP\AppData\Roaming\Media Center Programs
2012-03-03 11:12:34 ----SHD---- C:\ProgramData\Šablony
2012-03-03 11:12:34 ----SHD---- C:\ProgramData\Plocha
2012-03-03 11:12:34 ----SHD---- C:\ProgramData\Oblíbené položky
2012-03-03 11:12:34 ----SHD---- C:\ProgramData\Nabídka Start
2012-03-03 11:12:34 ----SHD---- C:\ProgramData\Dokumenty
2012-03-03 11:12:34 ----SHD---- C:\ProgramData\Data aplikací
2012-03-03 10:41:26 ----A---- C:\Windows\system32\drivers\btwl2cap.sys
2012-03-03 10:41:26 ----A---- C:\Windows\system32\drivers\btwavdt.sys
2012-03-03 10:41:25 ----A---- C:\Windows\system32\drivers\btwrchid.sys
2012-03-03 10:41:25 ----A---- C:\Windows\system32\drivers\btwaudio.sys
2012-03-03 10:41:11 ----D---- C:\Program Files\WIDCOMM
2012-03-03 10:35:28 ----D---- C:\ProgramData\Recovery
2012-03-03 10:15:29 ----D---- C:\Windows\Hewlett-Packard
2012-03-03 10:14:09 ----A---- C:\Windows\system32\bcmwlrc.dll
2012-03-03 10:14:08 ----D---- C:\Program Files\Broadcom
2012-03-03 10:13:49 ----N---- C:\Windows\system32\stapi32.dll
2012-03-03 10:13:28 ----A---- C:\Windows\system32\aestecap.dll
2012-03-03 10:13:27 ----A---- C:\Windows\system32\idtmini1.exe
2012-03-03 10:13:27 ----A---- C:\Windows\system32\AESTCom.dll
2012-03-03 10:13:27 ----A---- C:\Windows\system32\aestaren.dll
2012-03-03 10:13:27 ----A---- C:\Windows\system32\aestacap.dll
2012-03-03 10:13:26 ----A---- C:\Windows\system32\stlang.dll
2012-03-03 10:13:26 ----A---- C:\Windows\sttray.exe
2012-03-03 10:13:24 ----D---- C:\Windows\system32\SRSLabs
2012-03-03 10:13:15 ----A---- C:\Windows\system32\staco.dll
2012-03-03 10:12:00 ----A---- C:\Windows\system32\drivers\stwrt.sys
2012-03-03 10:11:59 ----A---- C:\Windows\system32\stcplx.dll
2012-03-03 10:11:59 ----A---- C:\Windows\system32\stapo.dll
2012-03-03 10:11:48 ----D---- C:\Program Files\IDT
2012-03-03 10:11:38 ----A---- C:\Windows\system32\CSVer.dll
2012-03-03 10:10:57 ----D---- C:\Windows\SoftwareDistribution
2012-03-03 10:10:48 ----A---- C:\Windows\system32\drivers\iaStor.sys
2012-03-03 10:10:39 ----D---- C:\Program Files\Intel
2012-03-03 10:09:55 ----A---- C:\Windows\system32\RTNUninst32.dll
2012-03-03 10:09:55 ----A---- C:\Windows\system32\RtNicProp32.dll
2012-03-03 10:09:55 ----A---- C:\Windows\system32\drivers\Rt86win7.sys
2012-03-03 10:09:48 ----A---- C:\Windows\system32\RTSUSTORicon.dll
2012-03-03 10:09:38 ----D---- C:\Program Files\Realtek
2012-03-03 10:09:38 ----A---- C:\Windows\system32\RtsUStor.dll
2012-03-03 10:09:38 ----A---- C:\Windows\system32\drivers\RtsUStor.sys
2012-03-03 10:09:23 ----D---- C:\Program Files\Apoint2K
2012-03-03 10:07:50 ----D---- C:\Windows\system32\Lang
2012-03-03 10:07:49 ----A---- C:\Windows\system32\igxpun.exe
2012-03-03 10:01:19 ----D---- C:\Windows\Prefetch
2012-03-03 10:00:00 ----ASH---- C:\pagefile.sys
2012-03-03 10:00:00 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 month======

2012-03-08 20:50:17 ----D---- C:\Windows\Temp
2012-03-08 20:50:00 ----D---- C:\Program Files
2012-03-08 20:36:41 ----D---- C:\Windows\Tasks
2012-03-08 20:36:41 ----D---- C:\Windows\system32\Tasks
2012-03-08 20:36:41 ----D---- C:\Windows
2012-03-08 20:35:54 ----RSD---- C:\Windows\assembly
2012-03-08 20:35:54 ----D---- C:\Windows\Microsoft.NET
2012-03-08 20:25:41 ----D---- C:\Windows\system32\LogFiles
2012-03-08 20:23:26 ----D---- C:\Windows\system32\wdi
2012-03-08 19:23:17 ----SHD---- C:\Windows\Installer
2012-03-08 19:23:01 ----D---- C:\Windows\system32\drivers
2012-03-08 19:23:01 ----D---- C:\Windows\system32\catroot
2012-03-08 19:23:01 ----D---- C:\Windows\System32
2012-03-08 19:23:01 ----D---- C:\Windows\inf
2012-03-08 19:23:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-08 19:22:59 ----SD---- C:\ProgramData\Microsoft
2012-03-08 19:22:38 ----D---- C:\Windows\winsxs
2012-03-08 19:21:53 ----D---- C:\Windows\system32\config
2012-03-08 18:51:36 ----HD---- C:\ProgramData
2012-03-08 18:50:11 ----D---- C:\ProgramData\Norton
2012-03-08 18:50:10 ----D---- C:\Program Files\Common Files
2012-03-08 18:33:58 ----RSD---- C:\Windows\Fonts
2012-03-08 18:33:50 ----D---- C:\Program Files\Common Files\microsoft shared
2012-03-08 18:33:35 ----D---- C:\Program Files\MSBuild
2012-03-08 17:42:00 ----D---- C:\Windows\system32\catroot2
2012-03-08 17:33:15 ----D---- C:\Program Files\Hewlett-Packard
2012-03-08 17:29:09 ----D---- C:\Windows\Help
2012-03-08 17:26:01 ----HD---- C:\Program Files\InstallShield Installation Information
2012-03-08 17:23:27 ----D---- C:\Program Files\HP Games
2012-03-08 17:23:10 ----D---- C:\ProgramData\WildTangent
2012-03-08 17:19:19 ----D---- C:\Windows\system32\DriverStore
2012-03-08 17:05:14 ----D---- C:\Windows\Logs
2012-03-03 18:58:55 ----A---- C:\Windows\CSUP.txt
2012-03-03 18:56:53 ----D---- C:\Program Files\Microsoft Games
2012-03-03 18:56:53 ----D---- C:\Program Files\DVD Maker
2012-03-03 18:56:52 ----D---- C:\Windows\system32\wbem
2012-03-03 18:56:52 ----D---- C:\Windows\PolicyDefinitions
2012-03-03 12:31:08 ----D---- C:\Windows\system32\drivers\UMDF
2012-03-03 11:36:57 ----SHD---- C:\$Recycle.Bin
2012-03-03 11:36:50 ----D---- C:\SwSetup
2012-03-03 11:33:33 ----RD---- C:\Program Files\Online Services
2012-03-03 11:33:31 ----D---- C:\Program Files\Windows Sidebar
2012-03-03 11:32:55 ----HD---- C:\SYSTEM.SAV
2012-03-03 11:32:55 ----D---- C:\Windows\system32\restore
2012-03-03 11:32:45 ----SHD---- C:\Recovery
2012-03-03 11:32:45 ----D---- C:\Windows\system32\Recovery
2012-03-03 11:14:21 ----D---- C:\Windows\rescache
2012-03-03 11:13:00 ----RD---- C:\Users
2012-03-03 11:12:34 ----D---- C:\Program Files\Windows NT
2012-03-03 11:10:48 ----D---- C:\Windows\Panther
2012-03-03 11:05:08 ----D---- C:\Windows\system32\sysprep
2012-03-03 11:04:04 ----D---- C:\ProgramData\Hewlett-Packard
2012-03-03 10:44:43 ----HD---- C:\HP
2012-03-03 10:43:47 ----D---- C:\ProgramData\Temp
2012-03-03 10:42:09 ----D---- C:\ProgramData\CyberLink
2012-03-03 10:41:20 ----SD---- C:\Windows\system32\Microsoft
2012-03-03 10:14:16 ----D---- C:\Windows\system32\zh-TW
2012-03-03 10:14:16 ----D---- C:\Windows\system32\zh-HK
2012-03-03 10:14:16 ----D---- C:\Windows\system32\zh-CN
2012-03-03 10:14:15 ----D---- C:\Windows\system32\tr-TR
2012-03-03 10:14:15 ----D---- C:\Windows\system32\th-TH
2012-03-03 10:14:15 ----D---- C:\Windows\system32\sv-SE
2012-03-03 10:14:14 ----D---- C:\Windows\system32\sl-SI
2012-03-03 10:14:14 ----D---- C:\Windows\system32\sk-SK
2012-03-03 10:14:13 ----D---- C:\Windows\system32\ru-RU
2012-03-03 10:14:13 ----D---- C:\Windows\system32\ro-RO
2012-03-03 10:14:13 ----D---- C:\Windows\system32\pt-PT
2012-03-03 10:14:13 ----D---- C:\Windows\system32\pt-BR
2012-03-03 10:14:13 ----D---- C:\Windows\system32\pl-PL
2012-03-03 10:14:12 ----D---- C:\Windows\system32\nl-NL
2012-03-03 10:14:12 ----D---- C:\Windows\system32\nb-NO
2012-03-03 10:14:12 ----D---- C:\Windows\system32\lv-LV
2012-03-03 10:14:12 ----D---- C:\Windows\system32\lt-LT
2012-03-03 10:14:12 ----D---- C:\Windows\system32\ko-KR
2012-03-03 10:14:12 ----D---- C:\Windows\system32\ja-JP
2012-03-03 10:14:12 ----D---- C:\Windows\system32\it-IT
2012-03-03 10:14:12 ----D---- C:\Windows\system32\hu-HU
2012-03-03 10:14:11 ----D---- C:\Windows\system32\hr-HR
2012-03-03 10:14:11 ----D---- C:\Windows\system32\he-IL
2012-03-03 10:14:11 ----D---- C:\Windows\system32\fr-FR
2012-03-03 10:14:11 ----D---- C:\Windows\system32\fi-FI
2012-03-03 10:14:11 ----D---- C:\Windows\system32\et-EE
2012-03-03 10:14:11 ----D---- C:\Windows\system32\es-ES
2012-03-03 10:14:11 ----D---- C:\Windows\system32\en-US
2012-03-03 10:14:10 ----D---- C:\Windows\system32\el-GR
2012-03-03 10:14:10 ----D---- C:\Windows\system32\de-DE
2012-03-03 10:14:10 ----D---- C:\Windows\system32\da-DK
2012-03-03 10:14:10 ----D---- C:\Windows\system32\cs-CZ
2012-03-03 10:14:10 ----D---- C:\Windows\system32\bg-BG
2012-03-03 10:14:10 ----D---- C:\Windows\system32\ar-SA

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-08-07 330264]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 MpKsl749e71cc;MpKsl749e71cc; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{403019BB-8AA5-469C-9CFD-157821E26B48}\MpKsl749e71cc.sys [2012-03-08 29904]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2009-08-21 212528]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-08-29 2661368]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-08-13 5946368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 185344]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-08-13 409088]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-01 86056]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-07-01 108072]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-01 18344]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2009-07-17 171008]
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;Ovladač procesoru VIA C7; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S4 RsFx0151;RsFx0151 Driver; C:\Windows\system32\DRIVERS\RsFx0151.sys [2011-06-17 240736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe [2009-03-02 81920]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-30 582944]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2011-06-17 43040096]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-01-21 247152]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-04-03 267616]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-04-03 97632]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe [2009-08-13 221266]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-06-17 370016]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 08 bře 2012 20:59

Zdravim a pekny vecer preji

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

Davond · #3 Příspěvek od **Davond** » 08 bře 2012 21:16

Log z USBFix

############################## | UsbFix 7.014 | [Deletion]

User: HP (Administrator) # HP-PC [Hewlett-Packard HP Pavilion dm1 Notebook PC]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 21:04:46 | 08/03/2012
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Genuine Intel(R) CPU U4100 @ 1.30GHz
CPU 2: Genuine Intel(R) CPU U4100 @ 1.30GHz
Microsoft Windows 7 Home Premium (6.1.7600 32-Bit) #
Internet Explorer 8.0.7600.16385

Windows Firewall: Enabled
RAM -> 3003 Mb
C:\ (%systemdrive%) -> Fixed drive # 286 Gb (258 Mb free - 90%) [] # NTFS
D:\ -> Fixed drive # 12 Gb (2 Mb free - 17%) [RECOVERY] # NTFS
E:\ -> Fixed drive # 466 Gb (37 Mb free - 8%) [Disk Ext 0,5TB] # NTFS
F:\ -> Removable drive # 8 Gb (7 Mb free - 99%) [] # FAT32
G:\ -> Fixed drive # 1863 Gb (68 Mb free - 4%) [DiskExt 2TB] # NTFS

################## | Files # Infected Folders |

################## | Registry |

################## | Mountpoints2 |

################## | Listing |

[08/03/2012 - 21:10:10 | SHD ] C:\$Recycle.Bin
[08/03/2012 - 17:37:52 | D ] C:\a634e0670685a941161ccbdfb077fe
[10/06/2009 - 22:42:20 | A | 24] C:\autoexec.bat
[02/09/2009 - 13:15:34 | SHD ] C:\boot
[14/07/2009 - 02:38:58 | RASH | 383562] C:\bootmgr
[10/06/2009 - 22:42:20 | A | 10] C:\config.sys
[14/07/2009 - 05:53:55 | SHD ] C:\Documents and Settings
[08/03/2012 - 18:50:13 | ASH | 2361589760] C:\hiberfil.sys
[03/03/2012 - 10:44:43 | HD ] C:\HP
[03/03/2012 - 11:15:17 | RHD ] C:\MSOCache
[08/03/2012 - 18:50:16 | ASH | 3148787712] C:\pagefile.sys
[14/07/2009 - 03:37:05 | D ] C:\PerfLogs
[08/03/2012 - 20:59:50 | D ] C:\Program Files
[08/03/2012 - 20:59:47 | HD ] C:\ProgramData
[03/03/2012 - 11:32:45 | SHD ] C:\Recovery
[08/03/2012 - 20:50:27 | D ] C:\rsit
[03/03/2012 - 11:36:50 | D ] C:\SwSetup
[08/03/2012 - 19:27:08 | SHD ] C:\System Volume Information
[03/03/2012 - 11:32:55 | HD ] C:\SYSTEM.SAV
[08/03/2012 - 21:10:10 | D ] C:\UsbFix
[08/03/2012 - 21:04:46 | A | 2033] C:\UsbFix.txt
[03/03/2012 - 11:13:00 | RD ] C:\Users
[08/03/2012 - 20:36:41 | D ] C:\Windows
[08/03/2012 - 21:10:10 | SHD ] D:\$RECYCLE.BIN
[03/03/2012 - 11:36:53 | SHD ] D:\boot
[14/07/2009 - 19:39:00 | ASH | 383562] D:\bootmgr
[03/03/2012 - 11:36:53 | SH | 0] D:\BT_HP.FLG
[03/03/2012 - 10:24:03 | ASH | 453] D:\CSP.DAT
[03/03/2012 - 10:35:25 | ASH | 11435] D:\DeployRp.log
[03/03/2012 - 11:36:53 | SHD ] D:\hp
[03/03/2012 - 11:36:44 | ASH | 8] D:\HP_WSD.dat
[03/03/2012 - 11:36:53 | ASH | 22] D:\language.ini
[03/03/2012 - 11:36:53 | SHD ] D:\preload
[03/03/2012 - 11:36:53 | SD ] D:\Recovery
[03/03/2012 - 10:35:13 | ASH | 0] D:\RPCONFIG.LOG
[08/03/2012 - 15:51:35 | SHD ] D:\System Volume Information
[03/03/2012 - 11:36:53 | SHD ] D:\system.sav
[08/03/2012 - 21:10:10 | SHD ] E:\$RECYCLE.BIN
[01/05/2011 - 11:37:42 | SHD ] E:\ADELE - 21 (2011)
[27/07/2011 - 12:29:36 | SHD ] E:\Alba
[30/10/2011 - 14:48:16 | SHD ] E:\American Dad
[06/09/2011 - 17:18:27 | SHD ] E:\Disk2TB
[30/10/2011 - 15:15:26 | SHD ] E:\Doctor Who
[15/12/2011 - 04:49:19 | A | 638742688] E:\Expozitura15.avi
[25/09/2011 - 16:42:15 | SHD ] E:\found.000
[26/10/2011 - 07:14:39 | A | 11738501764] E:\Harry.Potter.And.The.Deathly.Hallows.Part.2.1080p.Bluray.x264-MaxHD-by_DRICK.mkv
[03/02/2012 - 15:14:39 | SHD ] E:\Instalacky
[03/02/2012 - 21:44:37 | SHD ] E:\Lidice
[19/08/2011 - 11:34:00 | A | 6629757421] E:\Limit.20.CZ.mkv
[27/07/2011 - 23:19:53 | SHD ] E:\mp3
[08/03/2012 - 21:07:25 | HD ] E:\RECYCLER
[25/09/2011 - 18:59:46 | A | 10552367750] E:\s7-tf3.1080.mkv
[27/07/2011 - 11:54:24 | SHD ] E:\Soundtracky
[16/11/2011 - 14:35:10 | SHD ] E:\System Volume Information
[08/03/2012 - 15:10:46 | A | 0] E:\System Volume Information.lnk
[14/06/2011 - 10:02:57 | SHD ] E:\The Best Of Trance and Progressive 2 (2009)
[27/07/2011 - 18:21:10 | SHD ] E:\Výběr
[26/02/2012 - 19:55:44 | SHD ] E:\zaloha NTB-Martini
[27/02/2012 - 15:51:46 | SHD ] E:\Zálohy
[15/01/2004 - 02:00:37 | | 1122816] E:\__temprec__.ss
[08/03/2012 - 15:41:54 | SHD ] F:\RECYCLER
[08/03/2012 - 15:50:12 | A | 24576] F:\bootwiz.sys
[08/03/2012 - 15:50:12 | A | 264] F:\bootwiz.cfg
[08/03/2012 - 15:50:12 | A | 4850] F:\mouse.com
[08/03/2012 - 15:50:12 | A | 31942] F:\bootmenu.exe
[08/03/2012 - 15:50:12 | A | 2164703] F:\ti_boot.so
[08/03/2012 - 15:50:14 | A | 4917695] F:\cpp.so
[08/03/2012 - 15:50:14 | A | 355246] F:\libgcc_s.so
[08/03/2012 - 15:50:14 | A | 397108] F:\libc.so
[08/03/2012 - 15:50:14 | A | 107876] F:\threads.so
[08/03/2012 - 15:50:14 | A | 1989936] F:\icu38.so
[08/03/2012 - 15:50:14 | A | 1552384] F:\icudt38.so
[08/03/2012 - 15:50:16 | A | 1477254] F:\graphapi.so
[08/03/2012 - 15:50:16 | A | 2795268] F:\fox.so
[08/03/2012 - 15:50:16 | A | 175908] F:\resource.so
[08/03/2012 - 15:50:16 | A | 102704] F:\osfiles.so
[08/03/2012 - 15:50:16 | A | 51609] F:\menulogo.png
[08/03/2012 - 15:50:16 | A | 7908] F:\icon_continue_48.png
[08/03/2012 - 15:50:16 | A | 1169] F:\bootmenu.xml
[08/03/2012 - 15:50:16 | A | 14563] F:\C1.png
[08/03/2012 - 15:50:16 | A | 37456] F:\SPL1.EXE
[08/03/2012 - 15:50:22 | A | 33296831] F:\dat2.dat
[08/03/2012 - 15:50:22 | A | 1469408] F:\dat3.dat
[08/03/2012 - 15:50:22 | A | 15690] F:\C2.png
[08/03/2012 - 15:50:22 | A | 37456] F:\SPL3.EXE
[08/03/2012 - 15:50:28 | A | 33296641] F:\dat4.dat
[08/03/2012 - 15:50:28 | A | 1469408] F:\dat5.dat
[08/03/2012 - 15:50:12 | D ] F:\Recovery Manager
[08/03/2012 - 21:10:10 | SHD ] G:\$RECYCLE.BIN
[15/06/2011 - 23:10:21 | SHD ] G:\4c3baf8543f2a0877bab7525e4
[26/02/2012 - 16:14:19 | SHD ] G:\Filmy
[26/02/2012 - 20:20:45 | SHD ] G:\Filmy - nerozdělené
[26/06/2011 - 11:03:54 | SHD ] G:\Kabát
[16/08/2011 - 14:06:29 | SHD ] G:\Mamma mia!
[16/07/2011 - 18:44:22 | SHD ] G:\mp3
[08/03/2012 - 19:40:53 | HD ] G:\RECYCLER
[26/02/2012 - 17:41:28 | SHD ] G:\Seriály
[26/06/2011 - 14:07:41 | ASH | 36] G:\syncguid.dat
[04/05/2011 - 22:30:32 | SHD ] G:\System Volume Information
[08/03/2012 - 19:40:53 | A | 0] G:\System Volume Information.lnk
[01/06/2011 - 19:34:25 | SHD ] G:\zaloha

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | E.O.F |

Log z RogueKiller
RogueKiller V7.3.0 [03/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7600 ) 32 bits version
Spuštěno v: Normální režim
Uživatel: HP [Práva správce]
Mode: Kontrola -- Date: 03/08/2012 21:15:00

¤¤¤ Škodlivé procesy: 1 ¤¤¤
[SVCHOST] svchost.exe -- Path not found -> KILLED [TermThr]

¤¤¤ Záznamy Registrů: 6 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Fatcth (C:\Users\HP\AppData\Roaming\Fatcth.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-474535098-343388190-2205423715-1000[...]\Run : Fatcth (C:\Users\HP\AppData\Roaming\Fatcth.exe) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-60A23T0 +++++
--- User ---
[MBR] 86f8b7b402c6367f4139d8d12b3993f1
[BSP] 868f4a9e24369e4fd8236c4964db519c : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 292687 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 599832576 | Size: 12254 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WD My Passport 0730 USB Device +++++
--- User ---
[MBR] cedf468dd84bd525b09bcf46718ae7b2
[BSP] fe13ee90b40071bc49e35b4a3e6f42a8 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476907 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Corsair Voyager Mini USB Device +++++
--- User ---
[MBR] a63a4f533d942328e7c3f82114e2ac25
[BSP] dfba9db17e3b181b17e631024f259a40 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2048 | Size: 7717 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: SAMSUNG HD204UI USB Device +++++
--- User ---
[MBR] 0de1861e72e02bc30439ee5a5334777d
[BSP] 491b2dc5a4432fbe2ea9d7c56124b91c : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

#4 Příspěvek od **vyosek** » 08 bře 2012 21:22

Nedavejte prosim logy co quote

Spustte znovu RogueKiller

Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

Ulozte nejlepe na plochu
Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Report
Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

Davond · #5 Příspěvek od **Davond** » 08 bře 2012 21:30

Omlouvám se za QUOTE, dělal jsem to jen kvůli přehlednosti

Zde nový log z RogueKiller
RogueKiller V7.3.0 [03/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7600 ) 32 bits version
Spuštěno v: Normální režim
Uživatel: HP [Práva správce]
Mode: Odebrat -- Date: 03/08/2012 21:26:38

¤¤¤ Škodlivé procesy: 1 ¤¤¤
[SVCHOST] svchost.exe -- Path not found -> KILLED [TermThr]

¤¤¤ Záznamy Registrů: 5 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Fatcth (C:\Users\HP\AppData\Roaming\Fatcth.exe) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-60A23T0 +++++
--- User ---
[MBR] 86f8b7b402c6367f4139d8d12b3993f1
[BSP] 868f4a9e24369e4fd8236c4964db519c : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 292687 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 599832576 | Size: 12254 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WD My Passport 0730 USB Device +++++
--- User ---
[MBR] cedf468dd84bd525b09bcf46718ae7b2
[BSP] fe13ee90b40071bc49e35b4a3e6f42a8 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476907 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Corsair Voyager Mini USB Device +++++
--- User ---
[MBR] a63a4f533d942328e7c3f82114e2ac25
[BSP] dfba9db17e3b181b17e631024f259a40 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2048 | Size: 7717 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

_____________________________________________________________________________________________________________

A zde z toho MBRScan
MBRScan v1.1.1

OS : Windows 7 (32 bit)
PROCESSOR : x86 Family 6 Model 23 Stepping 10, GenuineIntel
BOOT : Normal Boot
DATE : 2012/03/08 (ISO 8601) at 21:29:42
________________________________________________________________________________

DISK : Device\Harddisk0\DR0 __WDC WD32 00BEVT-60A23 (02.0)
BUS_TYPE : (0x03) P-ATA
USE_PIO : NO
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

DISK : Device\Harddisk1\DR3 __My Passport 0730 (1012)
BUS_TYPE : (0x07) USB
USE_PIO : NO
MAX_TRANSFER : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________

DISK : Device\Harddisk2\DR4 __Corsair Voyager Mini (0.00)
BUS_TYPE : (0x07) USB
USE_PIO : NO
MAX_TRANSFER : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________

DISK : Device\Harddisk3\DR6 __SAMSUNG HD204UI (1AQ1)
BUS_TYPE : (0x07) USB
USE_PIO : NO
MAX_TRANSFER : 64 Kb
ALIGNMENT_MASK : byte aligned
________________________________________________________________________________

Device\Harddisk0\DR0 298.1 Go [Fixed] ==> HP Recovery Manager

MBR_MD5 : 86F8B7B402C6367F4139D8D12B3993F1
MBR_SHA1 : 940F283A3E78EE3EE7BCCCF1A2FDAC438902A02A

Device\Harddisk0\Partition1 199.0 Mo 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 285.8 Go 0x07 NTFS / HPFS
Device\Harddisk0\Partition3 11.97 Go 0x07 NTFS / HPFS
Device\Harddisk0\Partition4 103.3 Mo 0x0C FAT32 [LBA]
________________________________________________________________________________

Device\Harddisk1\DR3 465.7 Go [Fixed] ==> XP MBR Code ....

MBR_MD5 : CEDF468DD84BD525B09BCF46718AE7B2
MBR_SHA1 : 2153A905B7EEA1DA6EA475C582679D08E4316CDA

Device\Harddisk1\Partition1 465.7 Go 0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________

Device\Harddisk2\DR4 7.54 Go [Removable] ==> Unknown MBR Code

MBR_MD5 : A63A4F533D942328E7C3F82114E2AC25
MBR_SHA1 : EEB5EACCB9B6DFDA0DE9D77A1BEEA498ADFC08CE

Device\Harddisk2\Partition1 7.54 Go 0x0B FAT32 [CHS] __ BOOTABLE __
________________________________________________________________________________

Device\Harddisk3\DR6 1.82 To [Fixed] ==> 7 MBR Code ....

MBR_MD5 : 0DE1861E72E02BC30439EE5A5334777D
MBR_SHA1 : 63BEDEF78259574C45DAD2D6BA70363CE0970D5D

Device\Harddisk3\Partition1 1.82 To 0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER : C:\Windows\System32\Drivers\dump_iaStor.sys => Invisible on the disk
ADDRESS : 0x8FE32000
SIZE : 872.0 Ko

DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x94385000
SIZE : 68.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions : NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR \Device\Harddisk0\DR0

0x00000000 33 C0 8E D0 BC 00 7C FB 8E C0 8E D8 8B F4 BF 00 3À.Ð¼.|û.À.Ø.ô¿.
0x00000010 06 B9 00 02 FC F3 A4 EA 60 06 00 00 00 00 00 00 .¹..üó¤ê`.......
0x00000020 52 65 63 6F 76 65 72 79 4D 67 72 20 00 B8 C0 23 RecoveryMgr .¸À#
0x00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0D 0A ................
0x00000050 00 00 00 00 57 00 00 00 FF FF FF FF FF FF FF FF ....W...........
0x00000060 86 4C BD BE 30 06 AC B4 0E 33 DB CD 10 0A C0 75 .L½¾0.¬´.3ÛÍ..Àu
0x00000070 F5 E3 0B FE 06 13 06 53 53 E8 6D 00 EB 36 B8 12 õã.þ...SSèm.ë6¸.
0x00000080 5F 66 BA 51 50 48 5F CD 15 80 E3 01 74 20 EB 24 _fºQPH_Í..ã.t ë$
0x00000090 8B 16 6C 04 FA 66 A1 1C 06 BF 54 06 B1 03 F2 66 ..l.úf¡..¿T.±.òf
0x000000A0 AF FB 74 0A A1 3D 00 00 C2 83 F8 24 76 E6 B0 01 ¯ût.¡=..Â.ø$væ°.
0x000000B0 84 C0 75 1C BB C6 7D 66 8B 37 66 8B 3E 2C 06 66 .Àu.»Æ}f.7f.>,.f
0x000000C0 3B F7 74 07 80 C3 10 73 EE EB 05 BB 28 06 EB 10 ;÷t..Ã.sîë.»(.ë.
0x000000D0 BB C2 7D 80 7F FC 00 78 07 80 C3 10 73 F5 EB FE »Â}..ü.x..Ã.sõëþ
0x000000E0 66 FF 77 04 E8 02 00 FF E4 C8 10 00 00 B4 08 B2 f.w.è...äÈ...´.²
0x000000F0 80 CD 13 8A C1 24 3F FE C6 8A D8 F6 E6 C0 E9 06 .Í..Á$?þÆ.ØöæÀé.
0x00000100 86 CD 41 91 F7 E1 39 56 06 8B 56 06 8B 46 04 73 .ÍA.÷á9V..V..F.s
0x00000110 1C F7 F1 91 92 F6 F3 86 CD C0 E1 06 02 CC 41 8A .÷ñ..öó.ÍÀá..ÌA.
0x00000120 F0 B8 01 02 BB 00 7C 86 26 13 06 EB 14 83 C4 10 ð¸..».|.&..ë..Ä.
0x00000130 0E 0E 52 50 0E 68 00 7C 6A 01 6A 10 8B F4 B8 00 ..RP.h.|j.j..ô¸.
0x00000140 42 B2 80 CD 13 C9 C2 04 00 1E 50 53 0E 1F BB 1B B².Í.ÉÂ...PS..».
0x00000150 06 A0 17 04 24 0F 88 47 04 E4 60 3C E0 74 1A 3C ....$..G.ä`<àt.<
0x00000160 1D 74 10 3C 2A 74 0C 3C 36 74 08 3C 38 74 04 84 .t.<*t.<6t.<8t..
0x00000170 C0 79 06 66 83 27 00 EB 06 FE 07 02 1F 88 07 5B Ày.f.'.ë.þ.....[
0x00000180 58 1F EA 00 00 00 00 00 00 00 00 00 00 00 00 00 X.ê.............
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 00 00 00 08 D7 36 8E 00 00 80 20 .........×6....
0x000001C0 21 00 07 7E 25 19 00 08 00 00 00 38 06 00 00 7E !..~%......8...~
0x000001D0 26 19 07 FE FF FF 00 40 06 00 00 78 BA 23 00 FE &..þ...@...xº#.þ
0x000001E0 FF FF 07 FE FF FF 00 B8 C0 23 00 F0 7E 01 00 FE ...þ...¸À#.ð~..þ
0x000001F0 FF FF 0C FE FF FF 00 A8 3F 25 B0 3A 03 00 55 AA ...þ...¨?%°:..Uª

_______MBR \Device\Harddisk1\DR3

0x00000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3À.Ð¼.|ûP.P.ü¾.|
0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ¿..PW¹å.ó¤Ë½¾.±.
0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Å.âôÍ..õ
0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Æ.It.8,tö.µ.´..
0x00000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 ð¬<.tü»..´.Í.ëò.
0x00000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.èF.s*þF..~..t.
0x00000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 .~..t..¶.uÒ.F...
0x00000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..è!.s..¶.ë
0x00000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 ¼.>þ}Uªt..~..tÈ.
0x00000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 ·.ë©.ü.W.õË¿...V
0x000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#.Á$?..Þ.ü
0x000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».|
0x000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A .N..V.Í.sQOtN2ä.
0x000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëä.V.`»ªU´AÍ
0x000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.ûUªu0öÁ.t+a`
0x00000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j..v..v.j.h.|j
0x00000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B.ôÍ.aas.Ot.
0x00000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61 2ä.V.Í.ëÖaùÃInva
0x00000130 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61 lid partition ta
0x00000140 62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E ble.Error loadin
0x00000150 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
0x00000160 65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61 em.Missing opera
0x00000170 74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00 ting system.....
0x00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 2C 44 63 AB 21 05 00 00 00 80 20 .....,Dc«!.....
0x000001C0 21 00 07 FE FF FF 00 08 00 00 00 58 37 3A 00 00 !..þ.......X7:..
0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª

_______MBR \Device\Harddisk2\DR4

0x00000000 E8 10 01 B9 F0 01 BE 10 7C BF 10 06 57 F3 A4 C3 è..¹ð.¾.|¿..Wó¤Ã
0x00000010 8B 4E 14 83 F9 0E 75 08 8D 5E 07 43 02 07 E2 FB .N..ù.u..^.C..âû
0x00000020 8C 56 0C 8C 56 0E 75 67 8A 56 10 84 D2 79 60 E8 .V..V.ug.V..Òy`è
0x00000030 F4 00 BB AA 55 CD 13 72 6D 3B 5E 5C 75 68 D1 E9 ô.»ªUÍ.rm;^\uhÑé
0x00000040 73 64 B4 42 C6 46 02 01 EB 64 89 B6 F4 FE 8A 44 sd´BÆF..ëd.¶ôþ.D
0x00000050 04 84 C0 74 0D 3C 05 74 09 3C 0F 74 05 F6 04 80 ..Àt.<.t.<.t.ö..
0x00000060 75 CD 83 C6 10 06 C4 5C 08 89 5E 08 8C 46 0A 07 uÍ.Æ..Ä\..^..F..
0x00000070 FE 8E F7 FE 75 D4 B0 31 C6 46 D5 50 88 46 D2 BE þ.÷þuÔ°1ÆFÕP.FÒ¾
0x00000080 68 07 AC 84 C0 74 08 B4 0E B3 07 CD 10 EB F3 E8 h.¬.Àt.´.³.Í.ëóè
0x00000090 81 00 88 46 11 BE AE 07 3C 05 75 C6 CD 16 33 D2 ...F.¾®.<.uÆÍ.3Ò
0x000000A0 89 56 08 89 56 0A E8 7D 00 72 1B B8 01 02 BF 05 .V..V.è}.r.¸..¿.
0x000000B0 00 8B DC 56 50 50 32 E4 CD 13 58 8B F5 CD 13 58 ..ÜVPP2äÍ.X.õÍ.X
0x000000C0 5E 73 03 4F 75 EB B0 32 72 B2 40 8A 66 11 9E 7B ^s.Ouë°2r²@.f..{
0x000000D0 04 C6 47 02 0E 72 35 75 0C 88 57 40 C4 4E 08 89 .ÆG..r5u..W@ÄN..
0x000000E0 4F 1C 8C 47 1E 79 06 8A 4E 12 88 4F 25 80 C7 02 O..G.y..N..O%.Ç.
0x000000F0 81 7F FE 55 AA 75 85 81 7F FA CD 19 75 09 C6 47 ..þUªu...úÍ.u.ÆG
0x00000100 FA E9 C7 47 FB 92 88 E8 1C 00 FF E4 74 CE 88 57 úéÇGû..è...ätÎ.W
0x00000110 24 EB C9 5D 33 C0 8E D8 8E C0 8E D0 BC 00 7C 55 $ëÉ]3À.Ø.À.Ð¼.|U
0x00000120 BD A2 07 FC FB C3 B4 08 52 06 CD 13 07 72 33 33 ½¢.üûÃ´.R.Í..r33
0x00000130 DB 8A DE 8B 46 0A 33 D2 83 E1 3F F7 F1 91 97 8B Û.Þ.F.3Ò.á?÷ñ...
0x00000140 46 08 F7 F7 42 87 CA 3B DA 72 17 43 F7 F3 8A F2 F.÷÷B.Ê;Úr.C÷ó.ò
0x00000150 86 C5 D1 E8 D1 E8 0A C8 D0 CC D0 CC 0A F4 84 E4 .ÅÑèÑè.ÈÐÌÐÌ.ô.ä
0x00000160 74 02 B4 41 5B 8A D3 C3 0D 0A 4D 42 52 20 45 72 t.´A[.ÓÃ..MBR Er
0x00000170 72 6F 72 20 00 0D 0A 00 72 65 73 73 20 61 6E 79 ror ....ress any
0x00000180 20 6B 65 79 20 74 6F 20 62 6F 6F 74 20 66 72 6F key to boot fro
0x00000190 6D 20 66 6C 6F 70 70 79 2E 2E 2E 00 00 00 00 00 m floppy........
0x000001A0 00 00 10 00 01 00 00 7C 00 00 67 20 73 79 73 74 .......|..g syst
0x000001B0 65 6D 00 00 00 63 7B 9A A7 4B 14 40 00 00 80 20 em...c{.§K.@...
0x000001C0 21 00 0B FE FF D6 00 08 00 00 00 28 F1 00 00 00 !..þ.Ö.....(ñ...
0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª

_______MBR \Device\Harddisk3\DR6

0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.Ð¼.|.À.Ø¾.|¿.
0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..Ëû¹..
0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ½¾..~..|......Å.
0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 âñÍ..V.UÆF..ÆF..
0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu.
0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`.~..t
0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h.
0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ôÍ.
0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..ë.¸..».|.V.
0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.þ
0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......².ë.
0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2ä.V.Í.]ë..>þ}U
0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°Ñæd
0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßæ`è|.°.ædèu
0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT
0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.».
0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf
0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f
0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í
0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..·.ë..¶.ë..µ.2ä
0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....ð¬<.t.»..´.Í
0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ëòôëý+Éädë.$.àø
0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti
0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error
0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati
0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin
0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
0x000001B0 65 6D 00 00 00 63 7B 9A 59 7F 8C CE 00 00 00 20 em...c{.Y..Î...
0x000001C0 21 00 07 FE FF FF 00 08 00 00 00 78 E0 E8 00 00 !..þ.......xàè..
0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª

#6 Příspěvek od **vyosek** » 08 bře 2012 21:36

Nechte flash disky zapojene

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Davond · #7 Příspěvek od **Davond** » 08 bře 2012 21:52

ComboFix 12-03-08.04 - HP 08.03.2012 21:41:48.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3003.1778 [GMT 1:00]
Spuštěný z: c:\users\HP\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-08 do 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-08 20:48 . 2012-03-08 20:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-08 20:10 . 2012-03-08 20:10 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{403019BB-8AA5-469C-9CFD-157821E26B48}\MpKsl3afde657.sys
2012-03-08 20:04 . 2012-03-08 20:10 -------- d-----w- C:\UsbFix
2012-03-08 19:59 . 2012-03-08 19:59 -------- d-----w- c:\program files\Common Files\Skype
2012-03-08 19:59 . 2012-03-08 20:00 -------- d-----r- c:\program files\Skype
2012-03-08 19:59 . 2012-03-08 19:59 -------- d-----w- c:\programdata\Skype
2012-03-08 19:50 . 2012-03-08 19:50 -------- d-----w- c:\program files\trend micro
2012-03-08 19:49 . 2012-03-08 19:50 -------- d-----w- C:\rsit
2012-03-08 18:46 . 2012-03-08 20:07 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{403019BB-8AA5-469C-9CFD-157821E26B48}\offreg.dll
2012-03-08 18:46 . 2012-03-08 18:46 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{403019BB-8AA5-469C-9CFD-157821E26B48}\MpKsl749e71cc.sys
2012-03-08 18:28 . 2012-03-08 18:28 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EE1A01C-EDEC-4B71-8BE1-B5660F0C6AC9}\gapaengine.dll
2012-03-08 18:28 . 2012-02-07 21:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{403019BB-8AA5-469C-9CFD-157821E26B48}\mpengine.dll
2012-03-08 18:22 . 2012-03-08 18:23 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-08 17:31 . 2012-03-08 17:31 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-03-08 17:30 . 2012-03-08 17:30 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-03-08 16:55 . 2010-04-03 10:51 47456 ----a-w- c:\windows\system32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2012-03-08 16:55 . 2010-04-03 10:51 73568 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.51.2500.0.dll
2012-03-08 16:53 . 2012-03-08 16:53 -------- d-----w- c:\windows\system32\RsFx
2012-03-08 16:46 . 2012-03-08 16:46 -------- d-----w- c:\program files\Microsoft SDKs
2012-03-08 16:46 . 2012-03-08 16:47 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-03-08 16:46 . 2012-03-08 16:46 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-03-08 16:46 . 2012-03-08 16:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-03-08 16:46 . 2012-03-08 16:46 -------- d-----w- c:\windows\system32\1033
2012-03-08 16:38 . 2012-03-08 16:53 -------- d-----w- c:\program files\Microsoft SQL Server
2012-03-08 16:37 . 2012-03-08 16:37 -------- d-----w- C:\a634e0670685a941161ccbdfb077fe
2012-03-08 16:35 . 2012-03-01 12:34 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{99B96D09-EAB6-445C-AE82-6A7D9A6BF87F}\mpengine.dll
2012-03-08 16:35 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-08 16:03 . 2009-07-14 01:15 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPWN7.DLL
2012-03-07 12:15 . 2012-03-07 12:15 -------- d-----w- c:\windows\system32\sda
2012-03-03 17:56 . 2012-03-03 17:56 -------- d-----w- c:\windows\ehome
2012-03-03 17:56 . 2012-03-03 17:56 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2012-03-03 17:56 . 2012-03-03 17:56 -------- d-----r- c:\users\Public\Recorded TV
2012-03-03 10:21 . 2012-03-03 10:21 -------- d-----w- c:\program files\Microsoft
2012-03-03 10:21 . 2012-03-03 10:21 -------- d-----w- c:\program files\Windows Live SkyDrive
2012-03-03 10:21 . 2012-03-03 10:22 -------- d-----w- c:\program files\Windows Live
2012-03-03 10:20 . 2012-03-03 10:20 -------- d-----w- c:\program files\Common Files\Windows Live
2012-03-03 10:18 . 2012-03-03 10:18 -------- d-----w- c:\program files\Microsoft Office Suite Activation Assistant
2012-03-03 10:17 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2012-03-03 10:17 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2012-03-03 10:17 . 2012-03-03 10:20 -------- d-----w- c:\program files\Microsoft Works
2012-03-03 10:16 . 2012-03-03 10:16 -------- d-----w- c:\windows\PCHEALTH
2012-03-03 10:15 . 2012-03-08 17:33 -------- d-----w- c:\windows\SHELLNEW
2012-03-03 10:15 . 2012-03-08 18:16 -------- d-----w- c:\programdata\Microsoft Help
2012-03-03 10:15 . 2012-03-03 10:15 -------- d-----r- C:\MSOCache
2012-03-03 10:14 . 2012-03-03 10:14 -------- d-----w- c:\program files\Common Files\Adobe
2012-03-03 10:13 . 2012-03-03 10:37 -------- d-----w- c:\users\HP
2012-03-03 09:41 . 2009-07-01 20:46 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-03-03 09:41 . 2009-04-07 23:32 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-03-03 09:41 . 2009-07-01 20:46 86056 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-03-03 09:41 . 2009-07-01 20:46 18344 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-03-03 09:41 . 2012-03-03 09:41 -------- d-----w- c:\program files\WIDCOMM
2012-03-03 09:35 . 2012-03-08 23:53 -------- d-----w- c:\programdata\Recovery
2012-03-03 09:15 . 2012-03-03 09:15 -------- d-----w- c:\windows\Hewlett-Packard
2012-03-03 09:14 . 2012-03-03 09:14 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-03-03 09:14 . 2012-03-03 09:14 -------- d-----w- c:\program files\Broadcom
2012-03-03 09:13 . 2009-08-13 04:09 490496 ------w- c:\windows\system32\stapi32.dll
2012-03-03 09:13 . 2009-08-10 22:36 380928 ----a-w- c:\windows\system32\aestecap.dll
2012-03-03 09:11 . 2009-08-18 05:44 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-03-03 09:10 . 2009-08-07 04:17 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-03-03 09:10 . 2012-03-03 09:11 -------- d-----w- c:\program files\Intel
2012-03-03 09:09 . 2009-07-13 06:31 185344 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-03-03 09:09 . 2009-05-26 11:30 73728 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-03-03 09:09 . 2009-03-05 06:54 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-03-03 09:09 . 2009-02-02 10:27 7360512 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2012-03-03 09:09 . 2012-03-03 09:09 -------- d-----w- c:\program files\Realtek
2012-03-03 09:09 . 2009-07-17 03:13 171008 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2012-03-03 09:09 . 2009-06-22 03:51 270336 ----a-w- c:\windows\system32\RtsUStor.dll
2012-03-03 09:09 . 2012-03-03 09:09 -------- d-----w- c:\program files\Apoint2K
2012-03-03 09:07 . 2012-03-03 09:07 -------- d-----w- c:\windows\system32\Lang
2012-03-03 09:07 . 2009-08-25 01:52 1002008 ----a-w- c:\windows\system32\igxpun.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 14:53 . 2012-03-08 16:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-25 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-25 151064]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-07-30 225280]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-13 467036]
"UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-02 148888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe [2009-03-02 81920]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 171008]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-17 240736]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-06-17 370016]
S1 MpKsl3afde657;MpKsl3afde657;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{403019BB-8AA5-469C-9CFD-157821E26B48}\MpKsl3afde657.sys [2012-03-08 29904]
S1 MpKsl749e71cc;MpKsl749e71cc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{403019BB-8AA5-469C-9CFD-157821E26B48}\MpKsl749e71cc.sys [2012-03-08 29904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 185344]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPFILTER
*NewlyCreated* - MPKSL3AFDE657
*NewlyCreated* - MPKSL749E71CC
*NewlyCreated* - MPNWMON
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ceburbb0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?toolbar=centrum-1.0.0&q=
FF - prefs.js: network.proxy.ftp - 10.1.1.2
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 10.1.1.2
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 10.1.1.2
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 10.1.1.2
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-03-08 21:51:24
ComboFix-quarantined-files.txt 2012-03-08 20:51
.
Před spuštěním: Volných bajtů: 275 975 581 696
Po spuštění: Volných bajtů: 275 902 005 248
.
- - End Of File - - 2C0A25299A1DC0FDCABD58CB213F0024

#8 Příspěvek od **vyosek** » 08 bře 2012 22:23

MSE stale krici? muzete sem pripadne dat screen jeho hlaseni

Davond · #9 Příspěvek od **Davond** » 14 kvě 2012 17:14

Vir už se mi nevrátil, tudíž se to vyřešilo (omlouvám se za nenapsání o dokončení).

Proč mám tedy pokračovat zde?

http://forum.viry.cz/viewtopic.php?f=13&t=121658

#10 Příspěvek od **vyosek** » 14 kvě 2012 20:56

Jelikoz kdyz se resi jednom PC ve vice tematech, tak je v tom zmatek, kolega zareagoval dobre

Stahnete si instalacku Recovery Konzole odsud http://vyosek.ic.cz/pro_usery/rc.exe a ulozte ji primo na disk c:\ tak at neni v zadne slozce - je to nutne, pac na ni odkazuje skript

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

RecoveryConsole::
c:\rc.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"HP Software Update"=-
"Adobe Reader Speed Launcher"=-

Firefox::
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ceburbb0.default\
FF - prefs.js: keyword.URL - hxxp://search.centrum.cz/index.php?tool ... m-1.0.0&q=
FF - prefs.js: network.proxy.ftp - 10.1.1.2
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 10.1.1.2
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 10.1.1.2
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 10.1.1.2
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Davond · #11 Příspěvek od **Davond** » 14 kvě 2012 21:31

Aha, to jsem nevěděl. Takže všechny problémy s tímhle PC mám dávat sem, je to tak? Jinak log z dokončeného ComboFixu:

ComboFix 12-05-14.03 - HP 14.05.2012 22:07:29.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3003.2017 [GMT 2:00]
Spuštěný z: c:\users\HP\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\HP\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Fonts\pamispe.ttf
c:\windows\system32\odbcad32.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-14 do 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 20:21 . 2012-05-14 20:23 -------- d-----w- c:\users\HP\AppData\Local\temp
2012-05-14 20:21 . 2012-05-14 20:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-14 20:21 . 2012-05-14 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-14 20:01 . 2012-05-14 20:01 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6F641F0-963C-470A-9389-8372595198E2}\offreg.dll
2012-05-14 19:57 . 2012-05-14 19:57 4631272 ----a-w- C:\rc.exe
2012-05-13 17:23 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6F641F0-963C-470A-9389-8372595198E2}\mpengine.dll
2012-05-10 11:12 . 2012-05-10 11:15 -------- d-----w- c:\program files\The KMPlayer
2012-05-03 20:33 . 2012-05-03 20:33 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-03 20:33 . 2012-05-03 20:33 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 20:33 . 2012-05-03 20:33 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-03 11:54 . 2012-05-03 20:25 -------- d-----w- c:\users\HP\AppData\Local\VirtuaTennis2009
2012-05-03 11:29 . 2012-05-03 11:29 -------- d-----w- c:\program files\SEGA
2012-04-28 17:34 . 2012-04-29 08:59 -------- d-----w- c:\program files\Common Files\Steam
2012-04-28 17:34 . 2012-05-14 07:25 -------- d-----w- c:\program files\Steam
2012-04-28 17:27 . 2012-04-28 17:27 -------- d-----w- c:\program files\BestGameEver
2012-04-27 21:18 . 2012-04-29 18:39 -------- d-----w- c:\programdata\DocPortalLocal
2012-04-27 21:18 . 2012-04-27 21:18 -------- d-----w- c:\programdata\Dialog.Goblin
2012-04-27 21:14 . 2012-04-28 17:24 -------- d-----w- C:\AMICUS
2012-04-26 11:00 . 2012-04-26 11:00 -------- d-----w- c:\users\Guest
2012-04-25 18:51 . 2012-04-25 18:51 -------- d--h--w- c:\programdata\Common Files
2012-04-22 17:00 . 2012-04-05 11:08 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-04-20 06:31 . 2012-04-20 06:32 -------- d-----w- c:\users\HP\.idlerc
2012-04-20 06:28 . 2012-04-20 06:28 25600 ----a-r- c:\users\HP\AppData\Roaming\Microsoft\Installer\{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}\python_icon.exe
2012-04-20 06:27 . 2012-04-20 06:28 -------- d-----w- C:\Python26
2012-04-15 11:19 . 2012-04-15 11:21 -------- d-----w- c:\users\HP\AppData\Roaming\Canon
2012-04-15 11:12 . 2012-04-15 11:12 -------- d-----w- C:\CanoScan
2012-04-15 11:12 . 2005-06-23 20:17 352256 ----a-w- c:\windows\system32\CNQL1213.DLL
2012-04-15 11:12 . 2005-02-28 11:20 57344 ----a-w- c:\windows\system32\CNQU110.DLL
2012-04-15 11:03 . 2012-04-15 11:03 -------- d-----w- c:\program files\Canon
2012-04-15 09:44 . 2012-04-15 09:44 -------- d-----w- c:\users\HP\AppData\Local\Diagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 20:47 . 2012-04-02 05:36 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 20:47 . 2012-03-11 18:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-14 20:02 . 2012-04-14 20:02 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-04-13 07:36 . 2012-03-10 17:43 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-10 15:32 . 2012-04-10 15:32 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-04-10 15:32 . 2012-04-10 15:32 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2012-04-10 15:32 . 2012-04-10 15:32 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-04-10 15:32 . 2012-04-10 15:32 170528 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-04-05 11:08 . 2012-03-19 13:15 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-04-05 11:08 . 2012-03-19 13:15 21312 ----a-w- c:\windows\system32\authuitu.dll
2012-03-20 17:15 . 2012-03-20 17:04 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-03-19 15:30 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2012-03-19 15:30 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll
2012-03-19 15:30 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2012-03-15 12:51 . 2012-03-15 12:50 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-03-11 21:18 . 2012-03-11 21:18 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-10 17:28 . 2012-03-10 17:28 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-08 18:28 . 2012-03-08 18:28 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EE1A01C-EDEC-4B71-8BE1-B5660F0C6AC9}\gapaengine.dll
2012-03-03 09:14 . 2012-03-03 09:14 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-03-01 12:34 . 2012-03-08 16:35 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{99B96D09-EAB6-445C-AE82-6A7D9A6BF87F}\mpengine.dll
2012-02-15 05:44 . 2012-03-14 15:34 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-14 15:34 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-14 15:34 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-03 20:33 . 2012-03-08 16:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[-] 2011-02-26 . 8B32D06B6EC15F38BD4E52817E6E6A87 . 2131968 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\SoftwareDistribution\Download\b23c9e49177e4877c3c32ef3b38f35ad\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\SoftwareDistribution\Download\b23c9e49177e4877c3c32ef3b38f35ad\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\ERDNT\cache\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2012-04-28 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-25 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-25 151064]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-07-30 225280]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-13 467036]
.
c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"Skype"="c:\program files\Skype\Phone\Skype.exe" /minimized /regrun
"Google Update"="c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "c:\program files\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe"
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"SAOB Monitor"=c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
"Java(TM) ME Platform SDK 3.0.5"="c:\java_me_platform_sdk_3.0.5\bin\device-manager.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 171008]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-17 240736]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-06-17 370016]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2012-04-10 752128]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-11 242240]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe [2009-03-02 81920]
S2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2012-04-10 3246040]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-04-05 1529152]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-04-10 167968]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 185344]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2012-02-09 10064]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:48]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-474535098-343388190-2205423715-1000Core.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-19 18:33]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-474535098-343388190-2205423715-1000UA.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-19 18:33]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.babylon.com/?AF=109989&babsrc=HP_ss&mntrId=d2fd4c7d0000000000000ceee69216d8
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 192.168.0.1:3128
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ceburbb0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1500)
c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\taskhost.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2012-05-14 22:29:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-05-14 20:29
ComboFix2.txt 2012-03-08 20:51
.
Před spuštěním: Volných bajtů: 163 631 591 424
Po spuštění: Volných bajtů: 163 612 889 088
.
- - End Of File - - 13325311E3C7E1A9A7153AF864F215AA

#12 Příspěvek od **vyosek** » 14 kvě 2012 21:35

Takto, pokud je problem ne starsi nez par mesicu, tak ano...samozrejme po roce je vypis zcela jiny, takze muzete zalozit nove tema...ale ted po par dnech je lepsi pokracovat v puvodnim...

Jeste jeden skript pro ComboFix, postup stejny

Kód: Vybrat vše

KillAll::

Restore::
c:\windows\explorer.exe

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-474535098-343388190-2205423715-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-474535098-343388190-2205423715-1000UA.job

DDS::
uStart Page = hxxp://search.babylon.com/?AF=109989&ba ... eee69216d8
uInternet Settings,ProxyServer = 192.168.0.1:3128

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Davond · #13 Příspěvek od **Davond** » 14 kvě 2012 22:05

ComboFix 12-05-14.03 - HP 14.05.2012 22:42:27.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3003.1914 [GMT 2:00]
Spuštěný z: c:\users\HP\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\HP\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-474535098-343388190-2205423715-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-474535098-343388190-2205423715-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\explorer.exe . . . je infikován!!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-14 do 2012-05-14 )))))))))))))))))))))))))))))))
.
.
2012-05-14 20:56 . 2012-05-14 20:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-14 20:56 . 2012-05-14 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-14 20:36 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E06E2200-8448-4EA9-842E-3EB6DCED44A2}\mpengine.dll
2012-05-14 20:21 . 2012-05-14 20:58 -------- d-----w- c:\users\HP\AppData\Local\temp
2012-05-14 19:57 . 2012-05-14 19:57 4631272 ----a-w- C:\rc.exe
2012-05-10 11:12 . 2012-05-10 11:15 -------- d-----w- c:\program files\The KMPlayer
2012-05-03 20:33 . 2012-05-03 20:33 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-03 20:33 . 2012-05-03 20:33 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 20:33 . 2012-05-03 20:33 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-03 11:54 . 2012-05-03 20:25 -------- d-----w- c:\users\HP\AppData\Local\VirtuaTennis2009
2012-05-03 11:29 . 2012-05-03 11:29 -------- d-----w- c:\program files\SEGA
2012-04-28 17:34 . 2012-04-29 08:59 -------- d-----w- c:\program files\Common Files\Steam
2012-04-28 17:34 . 2012-05-14 20:32 -------- d-----w- c:\program files\Steam
2012-04-28 17:27 . 2012-04-28 17:27 -------- d-----w- c:\program files\BestGameEver
2012-04-27 21:18 . 2012-04-29 18:39 -------- d-----w- c:\programdata\DocPortalLocal
2012-04-27 21:18 . 2012-04-27 21:18 -------- d-----w- c:\programdata\Dialog.Goblin
2012-04-27 21:14 . 2012-04-28 17:24 -------- d-----w- C:\AMICUS
2012-04-26 11:00 . 2012-04-26 11:00 -------- d-----w- c:\users\Guest
2012-04-25 18:51 . 2012-04-25 18:51 -------- d--h--w- c:\programdata\Common Files
2012-04-22 17:00 . 2012-04-05 11:08 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-04-20 06:31 . 2012-04-20 06:32 -------- d-----w- c:\users\HP\.idlerc
2012-04-20 06:28 . 2012-04-20 06:28 25600 ----a-r- c:\users\HP\AppData\Roaming\Microsoft\Installer\{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}\python_icon.exe
2012-04-20 06:27 . 2012-04-20 06:28 -------- d-----w- C:\Python26
2012-04-15 11:19 . 2012-04-15 11:21 -------- d-----w- c:\users\HP\AppData\Roaming\Canon
2012-04-15 11:12 . 2012-04-15 11:12 -------- d-----w- C:\CanoScan
2012-04-15 11:12 . 2005-06-23 20:17 352256 ----a-w- c:\windows\system32\CNQL1213.DLL
2012-04-15 11:12 . 2005-02-28 11:20 57344 ----a-w- c:\windows\system32\CNQU110.DLL
2012-04-15 11:03 . 2012-04-15 11:03 -------- d-----w- c:\program files\Canon
2012-04-15 09:44 . 2012-04-15 09:44 -------- d-----w- c:\users\HP\AppData\Local\Diagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 20:47 . 2012-04-02 05:36 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 20:47 . 2012-03-11 18:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-14 20:02 . 2012-04-14 20:02 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-04-13 07:36 . 2012-03-10 17:43 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-10 15:32 . 2012-04-10 15:32 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-04-10 15:32 . 2012-04-10 15:32 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2012-04-10 15:32 . 2012-04-10 15:32 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-04-10 15:32 . 2012-04-10 15:32 170528 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-04-05 11:08 . 2012-03-19 13:15 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-04-05 11:08 . 2012-03-19 13:15 21312 ----a-w- c:\windows\system32\authuitu.dll
2012-03-20 17:15 . 2012-03-20 17:04 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-03-19 15:30 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2012-03-19 15:30 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll
2012-03-19 15:30 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2012-03-15 12:51 . 2012-03-15 12:50 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-03-11 21:18 . 2012-03-11 21:18 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-10 17:28 . 2012-03-10 17:28 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-03-08 18:28 . 2012-03-08 18:28 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EE1A01C-EDEC-4B71-8BE1-B5660F0C6AC9}\gapaengine.dll
2012-03-03 09:14 . 2012-03-03 09:14 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-03-01 12:34 . 2012-03-08 16:35 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{99B96D09-EAB6-445C-AE82-6A7D9A6BF87F}\mpengine.dll
2012-02-15 05:44 . 2012-03-14 15:34 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-14 15:34 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-14 15:34 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-03 20:33 . 2012-03-08 16:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[-] 2011-02-26 . 8B32D06B6EC15F38BD4E52817E6E6A87 . 2131968 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\SoftwareDistribution\Download\b23c9e49177e4877c3c32ef3b38f35ad\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\SoftwareDistribution\Download\b23c9e49177e4877c3c32ef3b38f35ad\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\ERDNT\cache\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2012-04-28 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-25 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-25 151064]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-07-30 225280]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-13 467036]
.
c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"Skype"="c:\program files\Skype\Phone\Skype.exe" /minimized /regrun
"Google Update"="c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"UpdatePRCShortCut"="c:\program files\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "c:\program files\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe"
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"SAOB Monitor"=c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
"Java(TM) ME Platform SDK 3.0.5"="c:\java_me_platform_sdk_3.0.5\bin\device-manager.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 171008]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-17 240736]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-06-17 370016]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2012-04-10 752128]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-11 242240]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\aestsrv.exe [2009-03-02 81920]
S2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2012-04-10 3246040]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-04-05 1529152]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-04-10 167968]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 185344]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2012-02-09 10064]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:48]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-474535098-343388190-2205423715-1000Core.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-19 18:33]
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-474535098-343388190-2205423715-1000UA.job
- c:\users\HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-19 18:33]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\ceburbb0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3188)
c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_fa0513b7754bf240\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\taskhost.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2012-05-14 23:03:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-05-14 21:03
ComboFix2.txt 2012-05-14 20:29
ComboFix3.txt 2012-03-08 20:51
.
Před spuštěním: Volných bajtů: 163 501 494 272
Po spuštění: Volných bajtů: 163 207 442 432
.
- - End Of File - - 16932EB09F20FE5BFED0017A50748BDE

#14 Příspěvek od **vyosek** » 15 kvě 2012 09:49

Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/

c:\windows\explorer.exe
Kliknete na Choose file
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Scan It
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

Davond · #15 Příspěvek od **Davond** » 15 kvě 2012 10:15

Explorer jsem musel najít ručně, nešla mi napsat cesta (resp., když jsem jí vložil, otevřely se mi Knihovny)

Každopádně žádnej antivir nic nehlásil, všechny prošly (0/41)

https://www.virustotal.com/file/1c04cd0 ... 337073095/

VIRY.CZ

Worm32:Win32/Dorkbot'lnk

Worm32:Win32/Dorkbot'lnk

Re: Worm32:Win32/Dorkbot'lnk

Re: Worm32:Win32/Dorkbot'lnk

Re: Worm32:Win32/Dorkbot'lnk

Re: Worm32:Win32/Dorkbot'lnk

Re: Worm32:Win32/Dorkbot'lnk

Re: Worm32:Win32/Dorkbot'lnk

Re: Worm32:Win32/Dorkbot'lnk

Re: Worm32:Win32/Dorkbot'lnk

Re: Worm32:Win32/Dorkbot'lnk

Re: Worm32:Win32/Dorkbot'lnk

Re: Worm32:Win32/Dorkbot'lnk

Re: Worm32:Win32/Dorkbot'lnk

Re: Worm32:Win32/Dorkbot'lnk

Re: Worm32:Win32/Dorkbot'lnk