Re: worm vbs jenxcus
Napsal: 23 pro 2015 14:14
Ještě proveďte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Zdravím, posílám vysledky scenu.
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 25.12.2015
Čas skenování: 20:24
Protokol: Malwarebytes log.txt
Správce: Ano
Verze: 2.2.0.1024
Databáze malwaru: v2015.12.25.05
Databáze rootkitů: v2015.12.18.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Cynik
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 360280
Uplynulý čas: 25 min, 59 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 11
PUP.Optional.Montiera, HKLM\SOFTWARE\CLASSES\APPID\{301966DF-A84B-4255-AAB9-574B5CE237E4}, , [2c1da306c1ca87af46ed102b2ed401ff],
PUP.Optional.Montiera, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{301966DF-A84B-4255-AAB9-574B5CE237E4}, , [2c1da306c1ca87af46ed102b2ed401ff],
PUP.Optional.Montiera, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{301966DF-A84B-4255-AAB9-574B5CE237E4}, , [2c1da306c1ca87af46ed102b2ed401ff],
PUP.Optional.Montiera, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FAB42C19-A7C3-4A99-9DD9-5CF0B97F2CAF}, , [43062881dfacbd79ec48fa41da289967],
PUP.Optional.WebExpEnhanced, HKLM\SOFTWARE\WOW6432NODE\WebexpEnhancedV1, , [82c7703998f360d6dc5beae1fa09fd03],
PUP.Optional.WebExpEnhanced, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\AMOFHGCALENOMECLPNCHHLEBCAIDOINN, , [ec5d8821a7e40b2b45f0a52619eaa45c],
PUP.Optional.VideoPlayer, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\DDHFLJGMJIFMMDDJIBNAOKKLEGLJFBEB, , [93b61198e1aa989e6cfeeedb53b07e82],
PUP.Optional.PrivitizeTB, HKLM\SOFTWARE\WOW6432NODE\INDUSTRIYA\privitize, , [5bee08a196f56accd41401b710f332ce],
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\DRAGDROP\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}, , [b59452576d1ecd69438516b021e2f40c],
PUP.Optional.PrivitizeTB, HKU\S-1-5-21-4073195468-1047248204-2128101136-1000\SOFTWARE\INDUSTRIYA\privitize, , [64e5faafcdbe76c09154fabe7d86639d],
PUP.Optional.TNT, HKU\S-1-5-21-4073195468-1047248204-2128101136-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AA05920B-91DF-4DB1-9151-63AE892C4CF4}, , [21286346692244f2b0394b7b39ca6c94],
Hodnoty registru: 5
PUP.Optional.FindWide, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://search.findwide.com/?guid={81007 ... }&serpv=22, , [59f02683870494a289564530c043b54b]
PUP.Optional.WebExpEnhanced, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\amofhgcalenomeclpnchhlebcaidoinn|path, C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha8187\ch\WebexpEnhancedV1alpha8187.crx, , [ec5d8821a7e40b2b45f0a52619eaa45c]
PUP.Optional.VideoPlayer, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ddhfljgmjifmmddjibnaokklegljfbeb|path, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta732\ch\VideoPlayerV3beta732.crx, , [93b61198e1aa989e6cfeeedb53b07e82]
PUP.Optional.WebExpEnhanced, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|ext@WebexpEnhancedV1alpha8187.net, C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha8187\ff, , [3514c6e3860548ee9c9abc0ffc07f50b]
PUP.Optional.TNT, HKU\S-1-5-21-4073195468-1047248204-2128101136-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AA05920B-91DF-4DB1-9151-63AE892C4CF4}|OSDFileURL, file:///C:/Users/Cynik/AppData/Local/TNT2/Profiles/10809/yah10809.xml, , [21286346692244f2b0394b7b39ca6c94]
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 2
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}, , [68e107a24843e2548e780b79f70b1ee2],
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\9A5E136A93B8978E, , [68e107a24843e2548e780b79f70b1ee2],
Soubory: 10
Adware.Agent, C:\ProgramData\InstallMate\{6DB7E8AD-D006-4D99-AF72-9824B654CA5B}\Custom.dll, , [63e6753492f969cd07fd09a2ae52b54b],
Adware.Agent, C:\ProgramData\InstallMate\{D9C6EB28-6C47-47B9-A552-24650225C9DE}\Custom.dll, , [3c0d961369229c9a6b998823f10ff808],
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\0.ini, , [68e107a24843e2548e780b79f70b1ee2],
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\20121231101300.log, , [68e107a24843e2548e780b79f70b1ee2],
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\Setup.dat, , [68e107a24843e2548e780b79f70b1ee2],
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\Setup.exe, , [68e107a24843e2548e780b79f70b1ee2],
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\Setup.ico, , [68e107a24843e2548e780b79f70b1ee2],
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\TsuDll.dll, , [68e107a24843e2548e780b79f70b1ee2],
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\_Setup.dll, , [68e107a24843e2548e780b79f70b1ee2],
PUP.Optional.InstallMate, C:\ProgramData\InstallMate\{DBB02F63-2284-42AA-B1BC-F2912BC5B32B}\_Setupx.dll, , [68e107a24843e2548e780b79f70b1ee2],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
