VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Objeven virus kolonija.exe

https://forum.viry.cz:443/viewtopic.php?t=105008

Stránka 1 z 2

Objeven virus kolonija.exe

Napsal: 27 zář 2010 09:31
od PetrHejtmanek
Dobrý den,
objevil jsem na flash-disku složku s názvem SHORTI v níž byl soubor Kolonija.exe. Podle informací, které jsem o tomto souboru našel a přečetl se jedná o virus. Antivirem nelze odstranit, přikládám log-life a předem děkuji za pomoc.



Logfile of random's system information tool 1.08 (written by random/random)
Run by student at 2010-09-27 10:24:28
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (16%) free of 30 GB
Total RAM: 511 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:24:42, on 27.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Common Files\Manažer instalací SolidWorks\Scheduler\sldIMScheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\RSIT.exe
C:\Program Files\trend micro\student.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [RelevantKnowledge] C:\Program Files\RelevantKnowledge\rlvknlg.exe -boot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common Files\Manažer instalací SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Jádro Plánovače úloh SolidWorks.lnk = C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} (ProductView Express) - file://C:\Program Files\proeWildfire 3.0\i486_nt\obj\pvx_install.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2446895640
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systemes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 8638 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSoft.dll [2009-09-23 2261016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSoft.dll [2009-09-23 2261016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"=C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2005-01-05 495616]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"niDevMon"=C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe [2007-07-14 106064]
"RelevantKnowledge"=C:\Program Files\RelevantKnowledge\rlvknlg.exe [2010-04-15 1860736]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SolidWorks_CheckForUpdates"=C:\Program Files\Common Files\Manažer instalací SolidWorks\Scheduler\sldIMScheduler.exe [2008-09-15 7218472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"EVEREST AutoStart"=C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverUpdaterPro]
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []

C:\Documents and Settings\student\Nabídka Start\Programy\Po spuštění
Jádro Plánovače úloh SolidWorks.lnk - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\proeWildfire 3.0\i486_nt\nms\nmsd.exe"="C:\Program Files\proeWildfire 3.0\i486_nt\nms\nmsd.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:\Program Files\proeWildfire 3.0\i486_nt\obj\xtop.exe"="C:\Program Files\proeWildfire 3.0\i486_nt\obj\xtop.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:\Program Files\proeWildfire 3.0\i486_nt\obj\pro_comm_msg.exe"="C:\Program Files\proeWildfire 3.0\i486_nt\obj\pro_comm_msg.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"D:\Temp\Prace\Valve\hl.exe"="D:\Temp\Prace\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Wolfram Research\Mathematica\6.0\Mathematica.exe"="C:\Program Files\Wolfram Research\Mathematica\6.0\Mathematica.exe:*:Enabled:Mathematica 6"
"C:\Program Files\Wolfram Research\Mathematica\6.0\MathKernel.exe"="C:\Program Files\Wolfram Research\Mathematica\6.0\MathKernel.exe:*:Enabled:Mathematica 6 Kernel"
"C:\Program Files\CD-adapco\STAR-CCM+ 3.02.003\starccmw.exe"="C:\Program Files\CD-adapco\STAR-CCM+ 3.02.003\starccmw.exe:*:Enabled:starccmw"
"C:\Program Files\CD-adapco\STAR-CCM+ 3.02.003\win32\intel9.1\star-ccm+.exe"="C:\Program Files\CD-adapco\STAR-CCM+ 3.02.003\win32\intel9.1\star-ccm+.exe:*:Enabled:star-ccm+"
"C:\Program Files\Hummingbird\Connectivity\10.00\Exceed\exceed.exe"="C:\Program Files\Hummingbird\Connectivity\10.00\Exceed\exceed.exe:*:Enabled:X Server for Win32"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\proeWildfire 3.0\bin\proe.exe"="C:\Program Files\proeWildfire 3.0\bin\proe.exe:*:Enabled:Pro/ENGINEER"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\ANSYS Inc\v121\commonfiles\Tcl\bin\intel\wish.exe"="C:\Program Files\ANSYS Inc\v121\commonfiles\Tcl\bin\intel\wish.exe:*:Enabled:Wish Application"
"C:\Program Files\ANSYS Inc\v120\commonfiles\TCL\bin\intel\wish.exe"="C:\Program Files\ANSYS Inc\v120\commonfiles\TCL\bin\intel\wish.exe:*:Enabled:Wish Application"
"C:\Program Files\ANSYS Inc\v120\commonfiles\jre\intel\bin\java.exe"="C:\Program Files\ANSYS Inc\v120\commonfiles\jre\intel\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\student\Local Settings\Temp\~os2.tmp\rlvknlg.exe"="C:\Documents and Settings\student\Local Settings\Temp\~os2.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\orbixd.exe"="C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\orbixd.exe:*:Enabled:orbixd"
"C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CNEXT.exe"="C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CNEXT.exe:*:Enabled:CATIA"
"C:\Documents and Settings\student\Local Settings\Temp\~os5.tmp\rlvknlg.exe"="C:\Documents and Settings\student\Local Settings\Temp\~os5.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"c:\program files\relevantknowledge\rlvknlg.exe"="c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-09-27 10:24:29 ----D---- C:\Program Files\trend micro
2010-09-27 10:24:28 ----D---- C:\rsit
2010-09-27 10:20:54 ----A---- C:\RSIT.exe
2010-09-22 07:42:47 ----RSH---- C:\Documents and Settings\student\Data aplikací\rmhzb.exe
2010-09-14 07:53:22 ----D---- C:\Documents and Settings\student\Data aplikací\SolidWorks 2009
2010-09-13 12:12:10 ----D---- C:\Program Files\Common Files\SolidWorks Shared
2010-09-13 12:11:38 ----D---- C:\WINDOWS\system32\GroupPolicy
2010-09-13 12:11:35 ----D---- C:\Program Files\AGEIA Technologies
2010-09-13 12:11:32 ----D---- C:\Program Files\SolidWorks Corp
2010-09-13 12:11:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\SolidWorks
2010-09-13 12:07:12 ----HD---- C:\WINDOWS\PIF
2010-09-13 12:05:46 ----D---- C:\Program Files\Microsoft.NET
2010-09-13 12:05:45 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-09-13 12:04:02 ----D---- C:\Program Files\SolidWorks Data
2010-09-13 12:01:00 ----D---- C:\Program Files\Common Files\Manažer instalací SolidWorks
2010-09-13 12:00:34 ----D---- C:\WINDOWS\SolidWorks
2010-09-13 12:00:31 ----D---- C:\Documents and Settings\student\Data aplikací\IM
2010-09-13 11:14:59 ----SHD---- C:\Config.Msi
2010-09-01 19:01:16 ----D---- C:\Program Files\MITCalc
2010-09-01 19:00:16 ----D---- C:\Documents and Settings\student\Data aplikací\dvdcss
2010-09-01 09:34:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-09-01 09:32:53 ----A---- C:\WINDOWS\system32\javaws.exe
2010-09-01 09:32:53 ----A---- C:\WINDOWS\system32\javaw.exe
2010-09-01 09:32:53 ----A---- C:\WINDOWS\system32\java.exe
2010-09-01 09:32:53 ----A---- C:\WINDOWS\system32\deployJava1.dll

======List of files/folders modified in the last 1 months======

2010-09-27 10:24:30 ----D---- C:\WINDOWS\Prefetch
2010-09-27 10:24:29 ----D---- C:\Program Files
2010-09-27 08:24:41 ----D---- C:\Program Files\RelevantKnowledge
2010-09-27 08:16:00 ----D---- C:\WINDOWS\Temp
2010-09-27 08:15:54 ----D---- C:\WINDOWS
2010-09-27 08:15:54 ----A---- C:\WINDOWS\pxisys.ini
2010-09-27 08:15:54 ----A---- C:\WINDOWS\pxiesys.ini
2010-09-23 15:41:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-23 08:22:09 ----D---- C:\Documents and Settings\student\Data aplikací\SolidWorks
2010-09-20 13:44:02 ----D---- C:\Documents and Settings\student\Data aplikací\vlc
2010-09-16 13:17:57 ----D---- C:\Documents and Settings\student\Data aplikací\GHISLER
2010-09-15 11:54:53 ----SHD---- C:\WINDOWS\CSC
2010-09-15 07:51:08 ----D---- C:\Program Files\Apollo VUT
2010-09-13 12:33:05 ----RSD---- C:\WINDOWS\assembly
2010-09-13 12:33:05 ----D---- C:\WINDOWS\Microsoft.NET
2010-09-13 12:31:56 ----SHD---- C:\WINDOWS\Installer
2010-09-13 12:31:02 ----SD---- C:\Documents and Settings\student\Data aplikací\Microsoft
2010-09-13 12:30:16 ----HD---- C:\WINDOWS\inf
2010-09-13 12:30:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-09-13 12:21:42 ----D---- C:\WINDOWS\system32
2010-09-13 12:15:28 ----RSD---- C:\WINDOWS\Fonts
2010-09-13 12:12:10 ----D---- C:\Program Files\Common Files
2010-09-13 12:08:58 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-09-13 12:08:45 ----D---- C:\Program Files\MSECache
2010-09-13 12:08:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-09-13 12:07:57 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-09-13 12:07:13 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-13 12:06:47 ----D---- C:\Program Files\Microsoft Office
2010-09-13 11:20:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-13 11:20:28 ----D---- C:\Program Files\Movie Maker
2010-09-13 11:18:50 ----D---- C:\Program Files\The KMPlayer
2010-09-13 11:08:55 ----D---- C:\Program Files\ATI Technologies
2010-09-13 11:06:06 ----D---- C:\Documents and Settings\student\Data aplikací\ATI
2010-09-13 11:02:05 ----D---- C:\Program Files\Wolfram Research
2010-09-13 10:40:37 ----D---- C:\WINDOWS\system32\Restore
2010-09-08 14:09:42 ----D---- C:\Program Files\Mozilla Firefox
2010-09-01 09:44:07 ----D---- C:\Program Files\Opera
2010-09-01 09:34:03 ----D---- C:\Program Files\Common Files\Java
2010-09-01 09:32:50 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 NIPALK;NIPALK; C:\WINDOWS\System32\drivers\nipalk.sys [2007-07-18 580184]
R0 nipbcfk;National Instruments Class Upper Filter Driver; C:\WINDOWS\System32\drivers\nipbcfk.sys [2007-07-10 15448]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-10-07 717296]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 LUMDriver;LUMDriver; \??\C:\WINDOWS\system32\drivers\LUMDriver.sys []
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2007-07-24 4096]
R2 niarbk;niarbk; C:\WINDOWS\system32\drivers\niarbk.dll [2007-04-16 37376]
R2 nibffrk;nibffrk; C:\WINDOWS\system32\drivers\nibffrk.dll [2007-04-16 21504]
R2 nicanpk;nicanpk; C:\WINDOWS\system32\DRIVERS\nicanpkl.sys [2007-07-17 11336]
R2 Nidaq32k;Nidaq32k; C:\WINDOWS\system32\drivers\Nidaq32k.sys [2007-04-16 674304]
R2 nidmmk;NI DMM and Data Logger Kernel Driver; C:\WINDOWS\system32\drivers\nidmmk.dll [2007-04-16 50688]
R2 nimdsk;nimdsk; C:\WINDOWS\system32\drivers\nimdsk.dll [2007-04-16 30208]
R2 nipxirmk;nipxirmk; \??\C:\WINDOWS\system32\drivers\nipxirmkl.sys []
R2 nistck;nistck; C:\WINDOWS\system32\drivers\nistck.dll [2007-04-16 111616]
R2 NiViPxiK;NI-VISA PXI Driver; C:\WINDOWS\System32\drivers\NiViPxiKl.sys [2007-07-19 11360]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 EL90X;3Com EtherLink XL 90X Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xnd5.sys [2001-10-24 153631]
R3 nidimk;nidimk; \??\C:\WINDOWS\system32\drivers\nidimkl.sys []
R3 nimdbgk;nimdbgk; \??\C:\WINDOWS\system32\drivers\nimdbgkl.sys []
R3 nimru2k;nimru2k; \??\C:\WINDOWS\system32\drivers\nimru2kl.sys []
R3 nimstsk;nimstsk; \??\C:\WINDOWS\system32\drivers\nimstskl.sys []
R3 nimxdfk;nimxdfk; \??\C:\WINDOWS\system32\drivers\nimxdfkl.sys []
R3 niorbk;niorbk; \??\C:\WINDOWS\system32\drivers\niorbkl.sys []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2004-11-01 163712]
S3 ab0a0ud1;ab0a0ud1; C:\WINDOWS\system32\drivers\ab0a0ud1.sys []
S3 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 lvalarmk;lvalarmk; \??\C:\WINDOWS\system32\drivers\lvalarmk.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 ni1006k;NI PXI-1006 Chassis Pilot; \??\C:\WINDOWS\system32\drivers\ni1006k.sys []
S3 ni1045k;NI PXI-1045 Chassis Pilot; \??\C:\WINDOWS\system32\drivers\ni1045kl.sys []
S3 ni1065k;NI PXIe-1065 Chassis Pilot; \??\C:\WINDOWS\system32\drivers\ni1065k.sys []
S3 ni488lock;NI-488.2 Locking Service; \??\C:\WINDOWS\system32\drivers\ni488lock.sys []
S3 nicdrk;nicdrk; \??\C:\WINDOWS\system32\drivers\nicdrkl.sys []
S3 nidmxfk;nidmxfk; \??\C:\WINDOWS\system32\drivers\nidmxfkl.sys []
S3 nidsark;nidsark; \??\C:\WINDOWS\system32\drivers\nidsarkl.sys []
S3 nidwgk;nidwgk; \??\C:\WINDOWS\system32\drivers\nidwgkl.sys []
S3 niemrk;niemrk; \??\C:\WINDOWS\system32\drivers\niemrkl.sys []
S3 niemrkw;niemrkw; C:\WINDOWS\system32\DRIVERS\niemrkw.sys [2007-07-24 11336]
S3 niesrk;niesrk; \??\C:\WINDOWS\system32\drivers\niesrkl.sys []
S3 niesrkw;niesrkw; C:\WINDOWS\system32\DRIVERS\niesrkw.sys [2007-07-24 11336]
S3 nifslk;nifslk; \??\C:\WINDOWS\system32\drivers\nifslkl.sys []
S3 nigplk;nigplk; \??\C:\WINDOWS\system32\drivers\nigplkl.sys []
S3 nihsdrk;nihsdrk; \??\C:\WINDOWS\system32\drivers\nihsdrkl.sys []
S3 nimsdrk;nimsdrk; \??\C:\WINDOWS\system32\drivers\nimsdrkl.sys []
S3 nimslk;nimslk; \??\C:\WINDOWS\system32\drivers\nimslk.dll []
S3 nimsrlk;nimsrlk; \??\C:\WINDOWS\system32\drivers\nimsrlk.dll []
S3 nimxpk;nimxpk; \??\C:\WINDOWS\system32\drivers\nimxpkl.sys []
S3 ninshsdk;ninshsdk; \??\C:\WINDOWS\system32\drivers\ninshsdkl.sys []
S3 nipalfwedl;nipalfwedl; C:\WINDOWS\System32\drivers\nipalfwedl.sys [2007-07-18 11904]
S3 nipalusbedl;nipalusbedl; C:\WINDOWS\System32\drivers\nipalusbedl.sys [2007-07-18 11896]
S3 nipsdk;nipsdk; \??\C:\WINDOWS\system32\drivers\nipsdkl.sys []
S3 nipxigpk;NI PXI Generic Chassis Pilot; \??\C:\WINDOWS\system32\drivers\nipxigpk.sys []
S3 nirfsa2k;nirfsa2k; \??\C:\WINDOWS\system32\drivers\nirfsa2kl.sys []
S3 niscdk;niscdk; \??\C:\WINDOWS\system32\drivers\niscdkl.sys []
S3 nisdigk;nisdigk; \??\C:\WINDOWS\system32\drivers\nisdigkl.sys []
S3 nisftk;nisftk; \??\C:\WINDOWS\system32\drivers\nisftkl.sys []
S3 nisldk;nisldk; \??\C:\WINDOWS\system32\drivers\nisldkl.sys []
S3 nispdk;nispdk; \??\C:\WINDOWS\system32\drivers\nispdkl.sys []
S3 nisrcdk;nisrcdk; \??\C:\WINDOWS\system32\drivers\nisrcdkl.sys []
S3 nissrk;nissrk; \??\C:\WINDOWS\system32\drivers\nissrkl.sys []
S3 nistc2k;nistc2k; \??\C:\WINDOWS\system32\drivers\nistc2kl.sys []
S3 nistcrk;nistcrk; \??\C:\WINDOWS\system32\drivers\nistcrkl.sys []
S3 niswdk;niswdk; \??\C:\WINDOWS\system32\drivers\niswdkl.sys []
S3 nitiork;nitiork; \??\C:\WINDOWS\system32\drivers\nitiorkl.sys []
S3 nitnr2k;nitnr2k; \??\C:\WINDOWS\system32\drivers\nitnr2kl.sys []
S3 NiViFWK;NI-VISA FireWire Driver; C:\WINDOWS\System32\drivers\NiViFWKl.sys [2007-07-19 11384]
S3 NiViPciK;NI-VISA PCI Driver; C:\WINDOWS\System32\drivers\NiViPciKl.sys [2007-07-19 11360]
S3 niwfrk;niwfrk; \??\C:\WINDOWS\system32\drivers\niwfrkl.sys []
S3 nixsrk;nixsrk; \??\C:\WINDOWS\system32\drivers\nixsrkl.sys []
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 usb6xxxk;usb6xxxk; \??\C:\WINDOWS\system32\drivers\usb6xxxkl.sys []
S3 usb6xxxkw;usb6xxxkw; C:\WINDOWS\system32\DRIVERS\usb6xxxkw.sys [2007-07-16 11312]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 Autodata Limited License Service;Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [2010-04-28 68608]
R2 BBDemon;Backbone Service; C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [2006-04-29 49152]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [2008-09-26 39936]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 LkCitadelServer;Lookout Citadel Server; C:\WINDOWS\system32\lkcitdl.exe [2007-03-21 695136]
R2 lkClassAds;National Instruments PSP Server Locator; C:\WINDOWS\system32\lkads.exe [2007-07-16 40488]
R2 lkTimeSync;National Instruments Time Synchronization; C:\WINDOWS\system32\lktsrv.exe [2007-07-16 50736]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 mxssvr;NI Configuration Manager; C:\Program Files\National Instruments\MAX\nimxs.exe [2007-03-08 12696]
R2 ni488enumsvc;NI-488.2 Enumeration Service; C:\WINDOWS\system32\nipalsm.exe [2007-02-16 12696]
R2 nidevldu;NI Device Loader; C:\WINDOWS\system32\nipalsm.exe [2007-02-16 12696]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2007-07-16 213040]
R2 nipxirmu;NI PXI Resource Manager; C:\WINDOWS\system32\nipalsm.exe [2007-02-16 12696]
R2 niSvcLoc;NI Service Locator; C:\WINDOWS\system32\nisvcloc.exe [2007-07-19 48704]
R2 NITaggerService;National Instruments Variable Engine; C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2007-07-23 609384]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-11-25 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2008-09-09 79144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NILM License Manager;NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2007-01-29 1007616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 OpcEnum;OpcEnum; C:\WINDOWS\system32\OpcEnum.exe [2007-05-09 98304]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2010-09-13 79360]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Objeven virus kolonija.exe

Napsal: 27 zář 2010 10:57
od JaRon
pouzi USBFix - vid motji - cast zapojte ,,, http://www.viry.cz/forum/viewtopic.php? ... IX#p906559

Re: Objeven virus kolonija.exe

Napsal: 30 zář 2010 12:58
od PetrHejtmanek
Tak až dnes se mi podařilo úspěšně použít USBFix, včera jel scan celý den, ale jelikož mám tento počítač v práci, nebylo možné jej nechat běžet přes noc, nakonec byl problém vyřešen odpojením sí'tového disku a RESERCH byl během pár minut hotový.

tady je jeho LOG:




############################## | UsbFix 7.026 | [Research]

User: student (Administrator) # ITE030 [ ]
Updated 27/09/10 by El Desaparecido / C_XX
Started at 13:47:49 | 30/09/2010
Website: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Pentium(R) 4 CPU 2.00GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 6.0.2900.5512

Windows Firewall: Enabled
RAM -> 511 Mb
C:\ (%systemdrive%) -> Fixed drive # 29 Gb (5 Mb free - 18%) [] # NTFS
D:\ -> Fixed drive # 45 Gb (38 Mb free - 83%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> CD-ROM
I:\ -> Removable drive # 4 Gb (150 Mb free - 4%) [FLASH_4G] # FAT32

################## | Files # Infected Folders |


Found ! C:\DOCUME~1\student\LOCALS~1\Temp\752494.exe

################## | Registry |

Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFolderOptions
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|USBScan.exe

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{a70bfc2f-58de-11df-af93-00609739cfad}
Shell\AutoRun\Command = J:\StartPortableApps.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{b2d0e5f8-be04-11de-af1c-00609739cfad}
Shell\AutoRun\Command = H:\rane\\kure.exe
Shell\explore\Command = H:\rane\\\kure.exe
Shell\open\Command = H:\rane\\\kure.exe


################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |

Re: Objeven virus kolonija.exe

Napsal: 30 zář 2010 13:01
od vyosek
Zdravim a pekny den preji :)

Zaskocim za kolegu :wink:

:arrow: Zapojte opet flesh disky krome toho sitoveho

:arrow: Spustte znovu USBFix a kliknete na Deletion - log pak sem opet vlozte

Re: Objeven virus kolonija.exe

Napsal: 30 zář 2010 13:13
od PetrHejtmanek
Taky přeji pěkný den.

Tady je log z deletion:


############################## | UsbFix 7.026 | [Deletion]

User: student (Administrator) # ITE030 [ ]
Updated 27/09/10 by El Desaparecido / C_XX
Started at 14:05:53 | 30/09/2010
Website: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Pentium(R) 4 CPU 2.00GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 6.0.2900.5512

Windows Firewall: Enabled
RAM -> 511 Mb
C:\ (%systemdrive%) -> Fixed drive # 29 Gb (5 Mb free - 18%) [] # NTFS
D:\ -> Fixed drive # 45 Gb (38 Mb free - 83%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> CD-ROM
I:\ -> Removable drive # 4 Gb (145 Mb free - 4%) [FLASH_4G] # FAT32

################## | Files # Infected Folders |


Deleted ! C:\DOCUME~1\student\LOCALS~1\Temp\752494.exe

################## | Registry |

Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFolderOptions
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|USBScan.exe

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{a70bfc2f-58de-11df-af93-00609739cfad}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{b2d0e5f8-be04-11de-af1c-00609739cfad}

################## | Listing |

[23/09/2008 - 16:36:50 | A | 0] C:\AUTOEXEC.BAT
[30/09/2010 - 13:39:23 | D ] C:\Avenger
[07/10/2008 - 09:14:57 | RASH | 211] C:\boot.ini
[16/04/2003 - 14:00:00 | RASH | 4952] C:\Bootfont.bin
[13/09/2010 - 12:57:13 | SHD ] C:\Config.Msi
[23/09/2008 - 16:36:50 | A | 0] C:\CONFIG.SYS
[26/09/2008 - 10:47:47 | HD ] C:\C_DILLA
[08/10/2008 - 12:50:10 | D ] C:\Documents and Settings
[12/11/2008 - 14:11:34 | A | 0] C:\gambit.fnl
[23/09/2008 - 16:36:50 | RASH | 0] C:\IO.SYS
[23/09/2008 - 16:36:50 | RASH | 0] C:\MSDOS.SYS
[07/10/2008 - 12:27:42 | RHD ] C:\MSOCache
[07/10/2008 - 08:57:42 | RASH | 47564] C:\NTDETECT.COM
[07/10/2008 - 08:57:42 | RASH | 250576] C:\ntldr
[30/09/2010 - 14:03:06 | ASH | 805306368] C:\pagefile.sys
[30/09/2010 - 13:38:54 | D ] C:\Program Files
[04/03/2010 - 16:06:51 | A | 17355] C:\ptcsetup.bak
[04/03/2010 - 17:08:55 | A | 19029] C:\ptcsetup.log
[26/09/2008 - 10:47:42 | SHD ] C:\RECYCLER
[27/09/2010 - 10:24:47 | D ] C:\rsit
[27/09/2010 - 10:20:54 | A | 339991] C:\RSIT.exe
[30/09/2010 - 09:52:27 | SHD ] C:\System Volume Information
[30/09/2010 - 14:11:00 | D ] C:\UsbFix
[30/09/2010 - 14:11:11 | A | 1029] C:\UsbFix.txt
[30/09/2010 - 14:03:42 | D ] C:\WINDOWS
[13/10/2009 - 08:53:04 | D ] D:\22bb50ab97d06d73581dc0
[20/09/2010 - 15:21:00 | A | 27773] D:\curr.pro
[09/09/2008 - 05:37:04 | A | 16823592] D:\DwgDocumentMgrNET.dll
[12/11/2008 - 11:34:50 | D ] D:\Fluent
[23/09/2010 - 15:23:41 | D ] D:\Hejtmanek
[04/03/2010 - 17:27:38 | D ] D:\PRACOVNI
[28/11/2008 - 19:25:52 | D ] D:\PREVOD
[26/09/2008 - 10:49:07 | SHD ] D:\RECYCLER
[27/10/2004 - 15:56:19 | SHD ] D:\System Volume Information
[30/09/2010 - 09:55:28 | D ] D:\Temp
[29/09/2010 - 20:35:36 | D ] I:\SW2010
[29/09/2010 - 19:01:12 | A | 2525643] I:\USBAV.exe
[14/09/2010 - 15:28:06 | D ] I:\130RS
[14/09/2010 - 15:30:08 | D ] I:\bakalářky_2010-2011
[30/09/2010 - 10:00:48 | A | 86016] I:\DIÁŘ.xls
[14/09/2010 - 15:32:56 | D ] I:\Inertia
[14/09/2010 - 15:33:02 | D ] I:\Knihy
[14/09/2010 - 15:33:36 | D ] I:\LabView 2009-Instalace VUT
[14/09/2010 - 15:33:36 | D ] I:\MEPAC
[14/09/2010 - 15:36:12 | D ] I:\MitCalc
[14/09/2010 - 15:36:18 | D ] I:\Ralliraita_subs
[14/09/2010 - 15:36:24 | D ] I:\Scan
[14/09/2010 - 15:36:40 | D ] I:\Šade
[14/09/2010 - 15:36:42 | D ] I:\Workshop - navody
[30/03/2010 - 15:57:02 | A | 58] I:\WD-all.txt
[09/09/2010 - 14:49:44 | A | 2152556] I:\unibaly.pdf
[29/09/2010 - 08:48:14 | A | 19968] I:\Úcet_brno.xls
[13/09/2010 - 13:46:22 | A | 43008] I:\TAROKY.doc
[26/09/2010 - 10:28:04 | A | 57344] I:\Seznam.xls
[26/09/2010 - 10:27:58 | A | 43520] I:\Moja sbírka.xls
[13/09/2010 - 13:49:00 | A | 20992] I:\ADRESY.doc
[22/09/2010 - 08:54:22 | A | 127224257] I:\PREVOD.CATPart
[27/09/2010 - 11:11:42 | D ] I:\Active_Safety
[29/09/2010 - 18:49:28 | D ] I:\Dizertačka
[29/09/2010 - 19:13:18 | D ] I:\Autorun.inf
[29/09/2010 - 19:01:02 | A | 18310552] I:\KAV100927_ENU_DOWN_01011110_0001.EXE
[25/02/2010 - 16:29:56 | A | 1194791] I:\Setup.exe
[30/09/2010 - 12:13:24 | D ] I:\FS
[27/09/2010 - 10:09:08 | D ] I:\Reverzní inženýrství
[30/09/2010 - 13:21:20 | A | 6153352] I:\mbam-setup-1.46.exe

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_ITE030.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |

Re: Objeven virus kolonija.exe

Napsal: 30 zář 2010 13:16
od vyosek
Mel jste tam i ten flash disk, kde se Vam ta havet objevovala :???: Co jste provadel s Avengerem :???:

Re: Objeven virus kolonija.exe

Napsal: 30 zář 2010 13:20
od PetrHejtmanek
Flashdisk byl připojen. Když jsem byl prvně neuspěšný s programem USBFix, zkoušel jsem dnes dopoledne alespoň nějaké antiviry a malwary, které sice infekce odstranily, ale po čase se na systémovém disku opět objevily.

Re: Objeven virus kolonija.exe

Napsal: 30 zář 2010 13:24
od vyosek
:arrow: Co jste si tam vse pustil za antimalware?

:arrow: Avenger neni primo ale antimalware, je to skriptovaci utilita, do ktere je treba napsat prikazy - mazal jste jim neco :???:

:arrow: Tusim jsem tam zahledl MBAM - dejte pripadne screen jeho karanteny - navod na screen http://www.viry.cz/forum/viewtopic.php?f=15&t=14114

:arrow: Jak se chova PC nyni :???:

Re: Objeven virus kolonija.exe

Napsal: 30 zář 2010 13:36
od PetrHejtmanek
Naistalované jsem měl:

- Malwarebytes' Anti-Malware
- USB Virus Scan
- USB Virus Cleaner
- Kingsoft Security

Avanger jsem neinstaloval, ani vědomě nepoužíval.

Všechny už jsem odinstaloval (jelikož jsem je považoval za "neúspěšné"), což vím, že byla chybal ale v tu chvíli mě to nenapadlo.


Počítač se "chová" normálně.

Re: Objeven virus kolonija.exe

Napsal: 30 zář 2010 13:42
od vyosek
:arrow: Vypis z USB Fixu rika neco jineho o Avengeru :o [30/09/2010 - 13:39:23 | D ] C:\Avenger ale dobra tedy...

:arrow: Nikde tam tu mrsku videt neni, na fleshkach se porad tvori ta slozka SHORTI

:arrow: Zapojte znovu flash disky a pustime tam CF

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: Objeven virus kolonija.exe

Napsal: 30 zář 2010 13:48
od vyosek
Bohuzel musim od PC, kolega se tu snad objevi, ja tu budu kazdopadne kolem 11 vecer, tak kouknu na log z CF pokud nebude JaRon rychlejsi :)

Re: Objeven virus kolonija.exe

Napsal: 30 zář 2010 15:13
od PetrHejtmanek
Složka SHORTI na flashce není.

Já už taky budu muset odejít, k tomuto počítači se dostanu znovu až v pondělí ráno, od pátku do neděle dělám doma na svém PC, ale jelikož si veškeré potřebné dokumenty vozím domů na flashce (abych mohl přes víkend taky něco udělat), mám obavy, že "domácí" počítač na tom nebude s podobnými potvorami o moc lépe. A nevím jestli doma na flashku zase něco nenachytám a nebude se situace opakovat.



tady je CF-log:






ComboFix 10-09-29.04 - student 30.09.2010 15:44:45.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.240 [GMT 2:00]
Spuštěný z: c:\documents and settings\student\Plocha\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-08-28 do 2010-09-30 )))))))))))))))))))))))))))))))
.

2010-09-30 13:32 . 2010-09-30 13:32 390144 ----a-w- c:\windows\system32\CF1371.exe
2010-09-30 12:11 . 2010-09-30 12:11 96796 ----a-w- C:\UsbFix_Upload_Me_ITE030.zip
2010-09-30 11:21 . 2010-09-30 12:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-30 06:26 . 2010-09-30 06:26 -------- d-----w- c:\program files\Kingsoft
2010-09-30 06:25 . 2010-09-30 06:25 -------- d-----w- c:\program files\Common Files\Kingsoft
2010-09-30 06:25 . 2010-09-30 11:45 -------- d--h--w- c:\program files\Common Files\nsklog
2010-09-30 06:25 . 2010-09-30 06:25 17839396 ----a-w- c:\documents and settings\All Users\Data aplikací\kingsoft\kis\OnlineInstall\kavsetup.exe
2010-09-27 10:02 . 2010-09-30 12:11 -------- d-----w- C:\UsbFix
2010-09-27 08:24 . 2010-09-27 08:24 -------- d-----w- c:\program files\trend micro
2010-09-27 08:24 . 2010-09-27 08:24 -------- d-----w- C:\rsit
2010-09-27 08:20 . 2010-09-27 08:20 339991 ----a-w- C:\RSIT.exe
2010-09-13 10:12 . 2010-09-13 10:22 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2010-09-13 10:11 . 2010-09-13 10:11 -------- d-----w- c:\windows\system32\GroupPolicy
2010-09-13 10:11 . 2010-09-13 10:11 -------- d-----w- c:\program files\AGEIA Technologies
2010-09-13 10:11 . 2010-09-13 10:11 -------- d-----w- c:\program files\SolidWorks Corp
2010-09-13 10:07 . 2010-09-13 10:07 -------- d--h--w- c:\windows\PIF
2010-09-13 10:05 . 2010-09-13 10:05 -------- d-----w- c:\program files\Microsoft.NET
2010-09-13 10:05 . 2010-09-13 10:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-09-13 10:04 . 2010-09-13 10:11 -------- d-----w- c:\program files\SolidWorks Data
2010-09-13 10:01 . 2010-09-13 10:01 -------- d-----w- c:\program files\Common Files\Manažer instalací SolidWorks
2010-09-13 10:00 . 2010-09-13 10:00 -------- d-----w- c:\windows\SolidWorks
2010-09-13 10:00 . 2008-09-08 23:33 122880 ----a-r- c:\documents and settings\student\Data aplikací\IM\lang\czech\sldadminoptioneditorresu.dll
2010-09-13 10:00 . 2008-09-08 23:32 229376 ----a-r- c:\documents and settings\student\Data aplikací\IM\lang\czech\sldIMresu.dll
2010-09-01 17:01 . 2010-09-01 17:02 -------- d-----w- c:\program files\MITCalc
2010-09-01 07:33 . 2010-09-01 07:33 503808 ----a-w- c:\documents and settings\student\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-465678f4-n\msvcp71.dll
2010-09-01 07:33 . 2010-09-01 07:33 499712 ----a-w- c:\documents and settings\student\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-465678f4-n\jmc.dll
2010-09-01 07:33 . 2010-09-01 07:33 348160 ----a-w- c:\documents and settings\student\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-465678f4-n\msvcr71.dll
2010-09-01 07:33 . 2010-09-01 07:33 61440 ----a-w- c:\documents and settings\student\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-675afa93-n\decora-sse.dll
2010-09-01 07:33 . 2010-09-01 07:33 12800 ----a-w- c:\documents and settings\student\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-675afa93-n\decora-d3d.dll
2010-09-01 07:32 . 2010-07-17 03:00 423656 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 12:11 . 2010-01-20 08:19 -------- d-----w- c:\program files\Softonic-Eng7
2010-09-15 05:51 . 2009-11-10 11:09 -------- d-----w- c:\program files\Apollo VUT
2010-09-13 10:08 . 2008-10-15 14:22 -------- d-----w- c:\program files\MSECache
2010-09-13 09:18 . 2008-11-26 13:37 -------- d-----w- c:\program files\The KMPlayer
2010-09-13 09:08 . 2008-09-26 16:09 -------- d-----w- c:\program files\ATI Technologies
2010-09-13 09:02 . 2008-10-07 11:37 -------- d-----w- c:\program files\Wolfram Research
2010-09-01 07:44 . 2009-10-13 09:01 -------- d-----w- c:\program files\Opera
2010-09-01 07:34 . 2008-11-04 09:24 -------- d-----w- c:\program files\Common Files\Java
2010-09-01 07:32 . 2008-11-04 09:25 -------- d-----w- c:\program files\Java
2004-03-15 16:51 . 2004-03-15 16:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2003-05-01 08:36 . 2003-05-01 08:36 114688 ----a-w- c:\program files\internet explorer\plugins\LV7ActiveXControl.dll
2006-01-23 09:32 . 2006-01-23 09:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 09:48 . 2007-02-08 09:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 18:03 . 2007-07-24 18:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof1.dll" [2010-09-30 2735200]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-09-30 12:11 2735200 ----a-w- c:\program files\Softonic-Eng7\tbSof1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof1.dll" [2010-09-30 2735200]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof1.dll" [2010-09-30 2735200]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-01-05 495616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"niDevMon"="c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2007-07-14 106064]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\Manažer instalací SolidWorks\Scheduler\sldIMScheduler.exe" [2008-09-15 7218472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\student\Nabˇdka Start\Programy\Po spuçtŘnˇ\
J dro Pl novaźe Łloh SolidWorks.lnk - c:\program files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe [2008-9-9 841000]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\proeWildfire 3.0\\i486_nt\\nms\\nmsd.exe"=
"c:\\Program Files\\proeWildfire 3.0\\i486_nt\\obj\\xtop.exe"=
"c:\\Program Files\\proeWildfire 3.0\\i486_nt\\obj\\pro_comm_msg.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\proeWildfire 3.0\\bin\\proe.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ANSYS Inc\\v120\\commonfiles\\TCL\\bin\\intel\\wish.exe"=
"c:\\Program Files\\ANSYS Inc\\v120\\commonfiles\\jre\\intel\\bin\\java.exe"=
"c:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"=
"c:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.exe"=
"c:\\Program Files\\ANSYS Inc\\Shared Files\\Licensing\\win32\\ansysli_client.exe"=
"c:\\Program Files\\ANSYS Inc\\v120\\Framework\\bin\\Win32\\AnsysFWW.exe"=
"c:\\Program Files\\ANSYS Inc\\v120\\AISOL\\Bin\\intel\\Ansys.SolverManager.exe"=
"c:\\Program Files\\ANSYS Inc\\v120\\AISOL\\Bin\\intel\\AnsysWBU.exe"=

R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [10.7.2007 21:08 15448]
R1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [13.10.2006 22:53 14912]
R2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe [29.4.2006 7:32 49152]
R2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe [16.2.2007 12:21 12696]
R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [16.4.2007 16:40 37376]
R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [16.4.2007 16:40 21504]
R2 nicanpk;nicanpk;c:\windows\system32\drivers\nicanpkl.sys [17.7.2007 15:46 11336]
R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [16.4.2007 18:04 674304]
R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [16.2.2007 12:21 12696]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [16.4.2007 18:06 50688]
R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [16.4.2007 16:41 30208]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [22.2.2007 13:18 11552]
R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [16.4.2007 16:42 111616]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [19.7.2007 12:56 11360]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [12.7.2007 19:18 11360]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [24.7.2007 13:19 11360]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [13.7.2007 21:00 11360]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [9.9.2008 6:01 79144]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [11.1.2007 11:18 20256]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [22.2.2007 13:40 25888]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [22.2.2007 13:43 11552]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [25.5.2007 14:26 22360]
S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [26.2.2007 13:40 16672]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [15.7.2007 18:44 11352]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [13.7.2007 23:38 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [19.7.2007 4:06 11344]
S3 nidwgk;nidwgk;c:\windows\system32\drivers\nidwgkl.sys [23.2.2007 23:32 11552]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [24.7.2007 20:37 11336]
S3 niemrkw;niemrkw;c:\windows\system32\drivers\niemrkw.sys [28.1.2010 14:15 11336]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [24.7.2007 20:37 11336]
S3 niesrkw;niesrkw;c:\windows\system32\drivers\niesrkw.sys [24.7.2007 20:37 11336]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [15.7.2007 19:31 11352]
S3 nigplk;nigplk;c:\windows\system32\drivers\nigplkl.sys [23.2.2007 17:20 11552]
S3 nihsdrk;nihsdrk;c:\windows\system32\drivers\nihsdrkl.sys [24.7.2007 23:01 11352]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [18.7.2007 11:47 11392]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [21.6.2007 1:19 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [21.6.2007 1:19 151683]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [13.7.2007 21:01 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [19.7.2007 14:49 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [18.7.2007 22:11 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [18.7.2007 22:12 11896]
S3 nipsdk;nipsdk;c:\windows\system32\drivers\nipsdkl.sys [24.7.2007 16:29 11552]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [22.2.2007 13:45 20768]
S3 nirfsa2k;nirfsa2k;c:\windows\system32\drivers\niRFSA2kl.sys [1.7.2007 0:07 11552]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [19.7.2007 3:32 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [17.7.2007 1:27 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [16.7.2007 13:52 11344]
S3 nisldk;nisldk;c:\windows\system32\drivers\nisldkl.sys [16.6.2007 1:38 11624]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [19.7.2007 3:32 11376]
S3 nisrcdk;nisrcdk;c:\windows\system32\drivers\nisrcdkl.sys [1.6.2007 16:39 11552]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [24.7.2007 20:37 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [15.7.2007 17:48 11312]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [15.7.2007 18:50 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [17.7.2007 5:18 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [18.7.2007 23:15 11360]
S3 nitnr2k;nitnr2k;c:\windows\system32\drivers\nitnr2kl.sys [24.2.2007 1:09 11552]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [19.7.2007 12:48 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [19.7.2007 12:56 11360]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [24.7.2007 20:37 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [24.7.2007 20:38 11336]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [31.3.2010 9:30 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [31.3.2010 9:30 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [31.3.2010 9:30 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [31.3.2010 9:30 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [31.3.2010 9:30 98568]
S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\usb6xxxkl.sys --> c:\windows\system32\drivers\usb6xxxkl.sys [?]
S3 usb6xxxkw;usb6xxxkw;c:\windows\system32\drivers\usb6xxxkw.sys [28.1.2010 14:15 11312]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 7:01 2799808]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.10.2008 12:17 717296]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://c:\program files\proeWildfire 3.0\i486_nt\obj\pvx_install.exe
FF - ProfilePath - c:\documents and settings\student\Data aplikací\Mozilla\Firefox\Profiles\zvyih019.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - component: c:\documents and settings\student\Data aplikací\Mozilla\Firefox\Profiles\zvyih019.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphclx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv85win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-EVEREST AutoStart - c:\program files\Lavalys\EVEREST Ultimate Edition\everest.exe
HKLM-Run-USB AV - c:\program files\USB Virus Cleaner\USBAV.exe
HKLM-Run-USBAV - c:\program files\USB Virus Cleaner\USBAV.exe
MSConfigStartUp-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-30 15:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-583907252-1647877149-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(396)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-09-30 16:03:26
ComboFix-quarantined-files.txt 2010-09-30 14:03

Před spuštěním: 5 562 286 080
Po spuštění: 5 581 918 208

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 18CE856236814B47E3E7544B25C2C506

Re: Objeven virus kolonija.exe

Napsal: 30 zář 2010 16:25
od vyosek
Pokud mate obavy o svuj domaci PC, vlozte do preventivek log z RSITu a nekdo se Vam na nej podiva...

Re: Objeven virus kolonija.exe

Napsal: 01 říj 2010 09:08
od PetrHejtmanek
Děkuji za rady, založil jsem nové téma na "domácí" počítat. Chtěl jsem se ještě zeptat, zda je již tento "pracovní" počítač v pořádku, nebo zda bude (v pondělí) ještě třeba něco opravit.

Re: Objeven virus kolonija.exe

Napsal: 01 říj 2010 12:20
od JaRon
doporucujem preventivne prescanovat PC s MBAM + AVPTool
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz