Tak dostalo sa to na počítač mojej mamy. Avast na začiatku zahlási že "zablokovaný trojský kôň" a nasleduje.. všetci vieme čo.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-06-2013 02
Ran by Admin (administrator) on 26-06-2013 13:33:05
Running from F:\
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Safe Mode (minimal)
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray [729088 2006-07-13] (Analog Devices, Inc.)
HKLM\...\Run: [MSI] "C:\Program Files\MSI\MSI.exe" -nogui [311296 2007-01-13] (Info Linker Limited)
HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [110696 2010-01-11] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [13666408 2010-01-11] (NVIDIA Corporation)
HKLM\...\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-12-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [3493720 2011-07-04] (AVAST Software)
HKLM\...\Run: [WheelMouse] C:\ADVANC~1\wh_exec.exe [86016 2007-03-11] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
HKCU\...\Run: [] [x]
HKCU\...\Run: [SugarSync] "C:\Program Files\SugarSync\SugarSync.exe" -startInTray -usedelay=true [12418400 2013-06-05] (SugarSync, Inc.)
HKCU\...\Run: [ctfmon32.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\bjecob.dat,XFG00 [155648 2013-06-26] (Microsoft Corporation) <===== ATTENTION
Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\bjecob.dat (Microsoft Corporation)
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\WINDOWS\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope value is missing.
BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKCU -Foxit Toolbar - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
DPF: {62789780-B744-11D0-986B-00609731A21D} http://195.28.70.134/kapor2/lib/mgaxctrl.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\..\Interfaces\{0B8E3DC8-A574-43D8-A93A-C7D3063AD842}: [NameServer]192.168.0.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\c23tbtsx.default
FF Homepage: hxxp://start.icq.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.448 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\24.0.1312.52\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Extension: (YouTube) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (avast! WebRep) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0
CHR Extension: (Gmail) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
========================== Services (Whitelisted) =================
S2 ACS; C:\WINDOWS\system32\acs.exe [36864 2005-12-30] ()
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [42184 2011-07-04] (AVAST Software)
S2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [247608 2010-11-21] ()
S2 winmgmt; C:\DOCUME~1\ALLUSE~1\APPLIC~1\bjecob.dat [155648 2013-06-26] (Microsoft Corporation)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
==================== Drivers (Whitelisted) ====================
S1 Aavmker4; C:\Windows\System32\Drivers\Aavmker4.sys [30808 2011-07-04] (AVAST Software)
S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21275 2009-10-28] (Meetinghouse Data Communications)
S3 AR5211; C:\Windows\System32\DRIVERS\ar5211.sys [470048 2005-12-21] (Atheros Communications, Inc.)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [19544 2011-07-04] (AVAST Software)
S2 aswMon2; C:\Windows\System32\Drivers\aswMon2.sys [102616 2011-07-04] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [25432 2011-07-04] (AVAST Software)
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [441176 2011-07-04] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [309848 2011-07-04] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [43608 2011-07-04] (AVAST Software)
S3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [4525056 2009-12-11] (ATI Technologies Inc.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R0 nvata; C:\Windows\System32\DRIVERS\nvata.sys [105344 2006-08-14] (NVIDIA Corporation)
S3 NVENETFD; C:\Windows\System32\DRIVERS\NVENETFD.sys [57856 2006-07-11] (NVIDIA Corporation)
S3 nvnetbus; C:\Windows\System32\DRIVERS\nvnetbus.sys [20480 2006-07-11] (NVIDIA Corporation)
S1 PQNTDrv; C:\Windows\System32\Drivers\PQNTDrv.sys [4228 2004-05-05] (PowerQuest Corporation)
S3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [392960 2006-03-17] (Sensaura)
S3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [295488 2012-10-30] (EldoS Corporation)
S1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [6784 2007-01-25] ()
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL;
========================== Drivers MD5 =======================
C:\Windows\System32\Drivers\Aavmker4.sys DFCDD5936CAD0138775D5A105D4C7716
C:\Windows\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17
C:\Windows\System32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5
C:\Windows\System32\drivers\ADIHdAud.sys 0158F4027C0808FF65ED3B3D683339C9
C:\Windows\System32\drivers\AEAudio.sys 358063AB6C1C4173B735525CDFA65F94
C:\Windows\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\Windows\System32\DRIVERS\AegisP.sys 91F3DF93F40A74D222CD166FE95DB633
C:\Windows\System32\drivers\afd.sys 322D0E36693D6E24A2398BEE62A268CD
C:\Windows\System32\DRIVERS\ar5211.sys 3CB8E72B7C9887B42B90000E8CB1E7BE
C:\Windows\System32\Drivers\aswFsBlk.sys 861CB512E4E850E87DD2316F88D69330
C:\Windows\System32\Drivers\aswMon2.sys 7857E0B4C817F69FF463EEA2C63E56F9
C:\Windows\System32\Drivers\aswRdr.sys 8DB043BF96BB6D334E5B4888E709E1C7
C:\Windows\System32\Drivers\aswSnx.sys 17230708A2028CD995656DF455F2E303
C:\Windows\System32\Drivers\aswSP.sys DBEDD9D43B00630966EF05D2D8D04CEE
C:\Windows\System32\Drivers\aswTdi.sys 984CFCE2168286C2511695C2F9621475
C:\Windows\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\Windows\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674
C:\Windows\System32\DRIVERS\ati2mtag.sys 323B30FAAE1F544A549EBBBD837ED625
C:\Windows\System32\drivers\AtiHdmi.sys DC6957811FF95F2DD3004361B20D8D3F
C:\Windows\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\Windows\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\Windows\System32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\Windows\System32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\Windows\System32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\Windows\System32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\Windows\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE
C:\Windows\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\Windows\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41
C:\Windows\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F
C:\Windows\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\Windows\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\Windows\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\Windows\System32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\Windows\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\Windows\System32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3
C:\Windows\System32\Drivers\Flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\Windows\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\Windows\System32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\Windows\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D
C:\Windows\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\Windows\System32\DRIVERS\HDAudBus.sys 573C7D0A32852B48F3058CFD8026F511
C:\Windows\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1
C:\Windows\System32\Drivers\HTTP.sys F6AACF5BCE2893E0C1754AFEB672E5C9
C:\Windows\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30
C:\Windows\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\Windows\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\Windows\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\Windows\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\Windows\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\Windows\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\Windows\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\Windows\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7
C:\Windows\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128
C:\Windows\System32\DRIVERS\kbdhid.sys 9EF487A186DEA361AA06913A75B3FA99
C:\Windows\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\Windows\System32\Drivers\KSecDD.sys 1705745D900DABF2D89F90EBADDC7517
C:\Windows\System32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\Windows\System32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1
C:\Windows\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04
C:\Windows\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685
C:\Windows\System32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\Windows\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\Windows\System32\DRIVERS\mrxsmb.sys 68755F0FF16070178B54674FE5B847B0
C:\Windows\System32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\Windows\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\Windows\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\Windows\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\Windows\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\Windows\System32\DRIVERS\ASACPI.sys D48659BB24C48345D926ECB45C1EBDF5
C:\Windows\System32\Drivers\Mup.sys 2F625D11385B1A94360BFC70AAEFDEE1
C:\Windows\System32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\Windows\System32\DRIVERS\ndistapi.sys 1AB3D00C991AB086E69DB84B6C0ED78F
C:\Windows\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\Windows\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\Windows\System32\Drivers\NDProxy.sys 6215023940CFD3702B46ABC304E1D45A
C:\Windows\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\Windows\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\Windows\System32\drivers\ccdcmb.sys 28E36E677849174C910FAAEAD3E60E9E
C:\Windows\System32\drivers\ccdcmbo.sys 3823DEB17F9F6775DE0187A98FA0536D
C:\Windows\System32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\Windows\System32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\Windows\System32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\Windows\System32\DRIVERS\nv4_mini.sys CB0CE8DE9F66A297CD86EB98921B8E58
C:\Windows\System32\DRIVERS\nvata.sys 947C4A0E7B25BCECC3B40F0F1070378B
C:\Windows\System32\DRIVERS\NVENETFD.sys 4D6F0D3FB17C1BA64942F415C73ADCDB
C:\Windows\System32\DRIVERS\nvnetbus.sys 921E63AA1E1A20302223D016ACAFB52B
C:\Windows\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\Windows\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\Windows\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C
C:\Windows\System32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\Windows\System32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1
C:\Windows\System32\DRIVERS\pccsmcfd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1
C:\Windows\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0
C:\Windows\System32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1
C:\Windows\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\Windows\System32\Drivers\PQNTDrv.sys 04F3971B70A7855F04D351AA4BEE7799
C:\Windows\System32\DRIVERS\processr.sys A32BEBAF723557681BFC6BD93E98BD26
C:\Windows\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424
C:\Windows\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\Windows\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\Windows\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\Windows\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\Windows\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\Windows\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\Windows\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\Windows\System32\Drivers\RDPWD.sys 6728E45B66F93C08F11DE2E316FC70DD
C:\Windows\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5
C:\Windows\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\Senfilt.sys B6A6B409FDA9D9EBD3AADB838D3D7173
C:\Windows\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE
C:\Windows\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7
C:\Windows\System32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\Windows\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\Windows\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D
C:\Windows\System32\DRIVERS\srv.sys 5252605079810904E31C332E241CD59B
C:\Windows\System32\DRIVERS\sscbfs3.sys FBA532D4E00ACADB3FB0B6673E185B45
C:\Windows\System32\DRIVERS\ss_bus.sys BD15182E9D2D3FABC1D1313BADBD2415
C:\Windows\System32\DRIVERS\ss_mdfl.sys 67D1144F249A3C5E03EBD7A2304DEE11
C:\Windows\System32\DRIVERS\ss_mdm.sys 954B7CE2D54C703D6A8471D6B05A5E13
C:\Windows\System32\Drivers\StarOpen.sys 306521935042FC0A6988D528643619B3
C:\Windows\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\Windows\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\Windows\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\Windows\System32\DRIVERS\tcpip.sys 93EA8D04EC73A85DB02EB8805988F733
C:\Windows\System32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\Windows\System32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\Windows\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\Windows\System32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\Windows\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\Windows\System32\DRIVERS\usbser_lowerflt.sys B1B8BEE26227DAD9835019201552CB05
C:\Windows\System32\DRIVERS\usbccgp.sys 173F317CE0DB8E21322E71B7E60A27E8
C:\Windows\System32\DRIVERS\usbehci.sys 65DCF09D0E37D4C6B11B5B0B76D470A7
C:\Windows\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\Windows\System32\DRIVERS\usbohci.sys 0DAECCE65366EA32B162F85F07C6753B
C:\Windows\System32\drivers\usbser.sys 1C888B000C2F9492F4B15B5B6B84873E
C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys 98E1FF1D732C6C7200B6C59D4FF8C1C3
C:\Windows\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9
C:\Windows\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\Windows\System32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025
C:\Windows\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\Windows\System32\Drivers\wdf01000.sys BBCFEAB7E871CDDAC2D397EE7FA91FDC
C:\Windows\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F
C:\Windows\System32\DRIVERS\whfltr2k.sys 97D0D27A87622154BC90B92D84FD91B5
C:\Windows\System32\DRIVERS\wpdusb.sys CF4DEF1BF66F06964DC0D91844239104
C:\Windows\System32\DRIVERS\WudfPf.sys 6FF66513D372D479EF1810223C8D20CE
C:\Windows\System32\DRIVERS\wudfrd.sys AC13CB789D93412106B0FB6C7EB2BCB6
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-26 13:32 - 2013-06-26 13:32 - 00000000 ____D C:\FRST
2013-06-26 07:41 - 2013-06-26 07:50 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-06-26 07:30 - 2013-06-26 07:30 - 00000403 ____A C:\Windows\wmsetup.log
2013-06-26 07:29 - 2013-06-26 13:31 - 95023320 ___AT C:\Documents and Settings\All Users\Application Data\bocejb.pad
2013-06-26 07:29 - 2013-06-26 13:30 - 00000000 ____A C:\Documents and Settings\All Users\Application Data\kjhy64.txt
2013-06-26 07:29 - 2013-06-26 07:29 - 00155648 ____A (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\bjecob.dat
2013-06-26 07:29 - 2013-06-26 07:29 - 00033280 ____A (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\rundll32.exe
2013-06-02 16:14 - 2013-06-02 16:19 - 00000000 ____D C:\Documents and Settings\Admin\Desktop\Svadba
==================== One Month Modified Files and Folders ========
2013-06-26 13:32 - 2013-06-26 13:32 - 00000000 ____D C:\FRST
2013-06-26 13:32 - 2013-01-02 20:27 - 00096370 ____A C:\Windows\setupapi.log
2013-06-26 13:32 - 2009-10-28 18:05 - 00000062 __ASH C:\Documents and Settings\Admin\Local Settings\desktop.ini
2013-06-26 13:32 - 2009-10-27 11:59 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-26 13:31 - 2013-06-26 07:29 - 95023320 ___AT C:\Documents and Settings\All Users\Application Data\bocejb.pad
2013-06-26 13:30 - 2013-06-26 07:29 - 00000000 ____A C:\Documents and Settings\All Users\Application Data\kjhy64.txt
2013-06-26 13:30 - 2012-09-16 07:26 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-26 13:30 - 2012-02-26 09:35 - 00000157 ____A C:\Windows\wiadebug.log
2013-06-26 13:30 - 2012-02-26 09:35 - 00000051 ____A C:\Windows\wiaservc.log
2013-06-26 13:30 - 2009-10-27 11:55 - 01890431 ____A C:\Windows\WindowsUpdate.log
2013-06-26 13:29 - 2009-10-27 12:15 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-26 13:29 - 2009-10-27 12:15 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-26 07:51 - 2010-02-24 17:19 - 00524288 ____A C:\Windows\System32\config\ACEEvent.evt
2013-06-26 07:51 - 2009-10-28 18:05 - 00000178 ___SH C:\Documents and Settings\Admin\ntuser.ini
2013-06-26 07:51 - 2009-10-27 12:15 - 00032540 ____A C:\Windows\SchedLgU.Txt
2013-06-26 07:50 - 2013-06-26 07:41 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-06-26 07:30 - 2013-06-26 07:30 - 00000403 ____A C:\Windows\wmsetup.log
2013-06-26 07:29 - 2013-06-26 07:29 - 00155648 ____A (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\bjecob.dat
2013-06-26 07:29 - 2013-06-26 07:29 - 00033280 ____A (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\rundll32.exe
2013-06-26 07:23 - 2012-04-17 09:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-26 07:14 - 2012-09-16 07:26 - 00000922 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-25 07:42 - 2004-08-04 14:00 - 00012598 ____A C:\Windows\System32\wpa.dbl
2013-06-23 17:01 - 2009-11-23 13:36 - 00000000 ___RD C:\fotky
2013-06-23 15:26 - 2013-01-02 20:27 - 00000000 ____D C:\Program Files\SugarSync
2013-06-21 15:19 - 2012-09-16 07:27 - 00001813 ____A C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-06-15 16:23 - 2012-04-17 09:34 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-15 16:23 - 2011-05-17 11:59 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-02 16:19 - 2013-06-02 16:14 - 00000000 ____D C:\Documents and Settings\Admin\Desktop\Svadba
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2004-08-04 14:00] - [2008-04-14 06:42] - 0108544 ____A (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Ten Addition.txt to ale nevytvorilo. Možno som to predsa len neoznačil, neviem.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Ransomware..
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Ransomware..
pouzi Avenger - jeho script:
Files to delete:
C:\Documents and Settings\All Users\Application Data\bocejb.pad
C:\Documents and Settings\All Users\Application Data\kjhy64.txt
C:\Documents and Settings\All Users\Application Data\bjecob.dat
C:\Documents and Settings\All Users\Application Data\rundll32.exe
Files to delete:
C:\Documents and Settings\All Users\Application Data\bocejb.pad
C:\Documents and Settings\All Users\Application Data\kjhy64.txt
C:\Documents and Settings\All Users\Application Data\bjecob.dat
C:\Documents and Settings\All Users\Application Data\rundll32.exe
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Ransomware..
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Documents and Settings\All Users\Application Data\bocejb.pad" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\kjhy64.txt" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\bjecob.dat" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\rundll32.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Díky moc - fičí to.
Je to všetko?
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\Documents and Settings\All Users\Application Data\bocejb.pad" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\kjhy64.txt" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\bjecob.dat" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\rundll32.exe" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Díky moc - fičí to.
Je to všetko?
Re: Ransomware..
no toto bolo to hlavne, ostava este to pohlavne 
prescanuj este PC s MBAM - rychla kontrola
prescanuj este PC s MBAM - rychla kontrola
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Ransomware..
Tak niečo to našlo:
Malwarebytes Anti-Malware (Skúšobná verzia) 1.75.0.1300
www.malwarebytes.org
Verzia databázy: v2013.06.26.03
Windows XP Service Pack 3 x86 FAT32
Internet Explorer 6.0.2900.5512
Admin :: SIGMA [administrátor]
Ochrana: Zapnuté
26.6.2013 14:43:32
MBAM-log-2013-06-26 (14-54-13).txt
Typ kontroly: Rýchla kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 196865
Uplynutý čas: 7 min, 6 sek
Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)
Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)
Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)
Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)
Detegované položky registračných dát: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Škodlivý: (1) Dobrý: (0) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Škodlivý: (1) Dobrý: (0) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Škodlivý: (1) Dobrý: (0) -> Žiadna úloha nevykonaná.
Detegované priečinky: 0
(Škodlivé položky neboli zistené)
Detegované súbory: 1
C:\Documents and Settings\Admin\Local Settings\Temp\b34btbztdb0vavaw.exe (Trojan.Ransom) -> Žiadna úloha nevykonaná.
(koniec)
Malwarebytes Anti-Malware (Skúšobná verzia) 1.75.0.1300
www.malwarebytes.org
Verzia databázy: v2013.06.26.03
Windows XP Service Pack 3 x86 FAT32
Internet Explorer 6.0.2900.5512
Admin :: SIGMA [administrátor]
Ochrana: Zapnuté
26.6.2013 14:43:32
MBAM-log-2013-06-26 (14-54-13).txt
Typ kontroly: Rýchla kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 196865
Uplynutý čas: 7 min, 6 sek
Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)
Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)
Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)
Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)
Detegované položky registračných dát: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Škodlivý: (1) Dobrý: (0) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Škodlivý: (1) Dobrý: (0) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Škodlivý: (1) Dobrý: (0) -> Žiadna úloha nevykonaná.
Detegované priečinky: 0
(Škodlivé položky neboli zistené)
Detegované súbory: 1
C:\Documents and Settings\Admin\Local Settings\Temp\b34btbztdb0vavaw.exe (Trojan.Ransom) -> Žiadna úloha nevykonaná.
(koniec)
Re: Ransomware..
nechaj najdene odstranit v MBAM - restart a mas hotovo 
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Ransomware..
Odstranené - díky moc za pomoc
Re: Ransomware..
rado sa stalo
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Přispějete na provoz fóra?