VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

zavirovany pocitac

https://forum.viry.cz:443/viewtopic.php?t=107723

Stránka 1 z 1

zavirovany pocitac

Napsal: 21 pro 2010 00:02
od datel222
Dobry den, kamaradka me poprosila o pomoc, mela zavirovany pocitac tak, ze nesel ani zapnout..nekdo ji poradil, at odinstaluje antivir (nevim proc)...tedy aspon ona tvrdi ze byl zavirovany...pomoci bodu obnoveni jsme ho dokazali sprovoznit, projel sem to RSIT a hazim log, pred chvili jsem spustil i MBAM, tak uvidime co nam to pak vyhodi...mockrat dekuju.


Logfile of random's system information tool 1.08 (written by random/random)
Run by Kokonat at 2010-12-20 22:00:49
Microsoft Windows 7 Professional
System drive C: has 26 GB (21%) free of 120 GB
Total RAM: 2038 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:03:18, on 20/12/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ICQ7.1\ICQ.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
Q:\140062.enu\Office14\ONENOTEM.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Kokonat\Desktop\RSIT.exe
C:\Program Files\trend micro\Kokonat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.872
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [{D2E2A3A7-E1D4-771F-AA05-24AF75BCF34F}] C:\Users\Kokonat\AppData\Roaming\Exed\ybru.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06AD858B-0C83-4098-8FD8-BD7335B51D68}: NameServer = 93.188.164.97,93.188.166.142
O17 - HKLM\System\CCS\Services\Tcpip\..\{61C86FC5-DC9E-48EC-8BFD-CF360CB62C7E}: NameServer = 93.188.164.97,93.188.166.142
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.97,93.188.166.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{06AD858B-0C83-4098-8FD8-BD7335B51D68}: NameServer = 93.188.164.97,93.188.166.142
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.97,93.188.166.142
O17 - HKLM\System\CS2\Services\Tcpip\..\{06AD858B-0C83-4098-8FD8-BD7335B51D68}: NameServer = 93.188.164.97,93.188.166.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.97,93.188.166.142
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMService - Unknown owner - C:\Windows\TEMP\aiuh\setup.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 7015 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Install_NSS.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-04 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [2009-07-20 484920]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2009-04-10 417792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-04-04 149280]
"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-09-15 1094224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.872 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-09-02 13351304]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-06-24 323376]
"ICQ"=C:\Program Files\ICQ7.1\ICQ.exe [2010-10-27 133432]
"{D2E2A3A7-E1D4-771F-AA05-24AF75BCF34F}"=C:\Users\Kokonat\AppData\Roaming\Exed\ybru.exe [2010-11-26 141824]

C:\Users\Kokonat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-12-20 22:00:52 ----D---- C:\Program Files\trend micro
2010-12-20 22:00:49 ----D---- C:\rsit
2010-12-20 20:51:48 ----D---- C:\Program Files\CCleaner
2010-12-20 20:38:40 ----D---- C:\Program Files\TeamViewer
2010-12-20 13:55:28 ----D---- C:\Windows\Minidump
2010-12-20 13:18:38 ----D---- C:\Users\Kokonat\AppData\Roaming\Pacuki
2010-12-20 13:18:31 ----D---- C:\Users\Kokonat\AppData\Roaming\8F5674E0BA5D53B1474BFE888A7B7F4C
2010-12-20 13:13:30 ----D---- C:\Users\Kokonat\AppData\Roaming\Edudin
2010-12-17 19:35:31 ----D---- C:\Users\Kokonat\AppData\Roaming\OpenOffice.org
2010-12-17 19:30:11 ----D---- C:\Program Files\OpenOffice.org 3
2010-12-17 19:29:54 ----D---- C:\ProgramData\Sun
2010-12-17 19:29:45 ----D---- C:\Program Files\Common Files\Java
2010-12-17 18:40:16 ----D---- C:\ProgramData\MFAData
2010-12-14 14:48:21 ----D---- C:\Program Files\Veetle
2010-12-12 09:53:05 ----D---- C:\Intel
2010-11-26 11:32:35 ----D---- C:\Users\Kokonat\AppData\Roaming\Exed

======List of files/folders modified in the last 1 months======

2010-12-21 04:31:50 ----D---- C:\Windows\system32\config
2010-12-21 04:31:47 ----D---- C:\Windows\Tasks
2010-12-21 04:31:47 ----D---- C:\Windows\system32\wfp
2010-12-21 04:31:47 ----D---- C:\Windows\system32\DriverStore
2010-12-21 04:31:47 ----D---- C:\Windows\system32\catroot2
2010-12-21 04:31:47 ----D---- C:\Windows\System32
2010-12-21 04:31:45 ----RSD---- C:\Windows\assembly
2010-12-21 04:31:45 ----D---- C:\Windows\inf
2010-12-21 04:31:43 ----D---- C:\Users\Kokonat\AppData\Roaming\dvdcss
2010-12-21 04:31:34 ----D---- C:\Windows\system32\wbem
2010-12-21 04:31:34 ----D---- C:\Windows\registration
2010-12-21 04:31:33 ----D---- C:\Windows\winsxs
2010-12-21 04:31:32 ----D---- C:\Windows\system32\Tasks
2010-12-21 04:31:29 ----D---- C:\Users\Kokonat\AppData\Roaming\SoftGrid Client
2010-12-21 04:31:29 ----D---- C:\Users\Kokonat\AppData\Roaming\Skype
2010-12-21 04:31:04 ----SHD---- C:\$Recycle.Bin
2010-12-21 04:31:04 ----HD---- C:\ProgramData
2010-12-20 22:03:18 ----D---- C:\Users\Kokonat\AppData\Roaming\uTorrent
2010-12-20 22:03:03 ----D---- C:\Windows\Temp
2010-12-20 22:00:52 ----RD---- C:\Program Files
2010-12-20 21:50:11 ----D---- C:\Users\Kokonat\AppData\Roaming\vlc
2010-12-20 20:57:23 ----D---- C:\Windows\system32\LogFiles
2010-12-20 20:57:23 ----D---- C:\Windows\Prefetch
2010-12-20 20:57:13 ----D---- C:\Windows\debug
2010-12-20 20:57:12 ----D---- C:\Windows
2010-12-20 20:36:30 ----D---- C:\Users\Kokonat\AppData\Roaming\Etaxe
2010-12-20 20:35:26 ----SHD---- C:\System Volume Information
2010-12-20 20:24:44 ----D---- C:\Users\Kokonat\AppData\Roaming\Atnii
2010-12-20 09:00:55 ----D---- C:\Users\Kokonat\AppData\Roaming\skypePM
2010-12-17 14:39:40 ----D---- C:\Users\Kokonat\AppData\Roaming\ICQ
2010-12-16 10:35:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-15 14:09:50 ----SHD---- C:\Windows\Installer
2010-12-14 14:50:46 ----D---- C:\Program Files\Google
2010-12-12 09:53:16 ----D---- C:\Windows\system32\drivers
2010-12-12 09:53:10 ----D---- C:\Windows\system32\catroot
2010-12-12 08:40:02 ----D---- C:\ProgramData\Google
2010-12-12 08:30:17 ----D---- C:\Program Files\Common Files
2010-12-12 08:24:28 ----RD---- C:\Program Files\Skype
2010-12-12 08:22:21 ----SD---- C:\Users\Kokonat\AppData\Roaming\Microsoft
2010-12-12 08:22:17 ----D---- C:\ProgramData\avg9
2010-11-23 16:00:55 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-13 387584]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R2 mdvrmng;Mobile IP Route Manager; \??\C:\Windows\system32\drivers\mdvrmng.sys [2010-01-28 10240]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2009-06-23 487936]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-13 84992]
R3 sftfs;sftfs; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftfslh.sys [2009-09-23 543064]
R3 sftplay;sftplay; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-09-23 190312]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2009-09-23 21848]
R3 sftvol;sftvol; \??\C:\Program Files\Microsoft Application Virtualization Client\drivers\sftvollh.sys [2009-09-23 14680]
R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2009-04-10 17960]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2010-01-19 9216]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-13 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 17920]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2010-01-19 105088]
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2010-01-19 105088]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys [2010-01-19 105088]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BecHelperService;BecHelperService; C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2009-09-26 819600]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 sftlist;Application Virtualization Client; C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447832]
R2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608]
S2 AMService;AMService; C:\Windows\TEMP\aiuh\setup.exe [2010-12-20 62976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-14 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-09-30 182768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-10 1343400]

-----------------EOF-----------------

Re: zavirovany pocitac

Napsal: 21 pro 2010 11:31
od motji
Hezké poledne :)

:arrow: Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
-přejmenujte combofix na cokoliv.com

Re: zavirovany pocitac

Napsal: 21 pro 2010 15:35
od datel222
Mockrat dekuji, log z ComboFixu hodim k veceru, zatim pridavam log z MBAM....nic jsme nemazali


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 5214

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20/12/2010 23:29:53
mbam-log-2010-12-20 (23-29-43).txt

Typ kontroly: Úplný test (C:\|D:\|E:\|H:\|Q:\|)
Testované objekty: 204671
Uplynulý čas: 32 minut, 16 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 2
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 7

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.

Infikované hodnoty v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{D2E2A3A7-E1D4-771F-AA05-24AF75BCF34F} (Spyware.Passwords.XGen) -> Value: {D2E2A3A7-E1D4-771F-AA05-24AF75BCF34F} -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.164.97,93.188.166.142) Good: () -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{06AD858B-0C83-4098-8FD8-BD7335B51D68}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.164.97,93.188.166.142) Good: () -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{61C86FC5-DC9E-48EC-8BFD-CF360CB62C7E}\NameServer (Trojan.DNSChanger) -> Bad: (93.188.164.97,93.188.166.142) Good: () -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Users\Kokonat\AppData\Roaming\Exed\ybru.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\679085908.exe (Trojan.Hiloti.Gen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\wagetet.dll (Trojan.Hiloti.Gen) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\R5FAUOCV\.exe[1] (Trojan.Hiloti) -> No action taken.
c:\Users\Kokonat\AppData\Local\Temp\taskmgr.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> No action taken.
c:\Windows\Tasks\{8c3fdd81-7ae0-4605-a46a-2488b179f2a3}.job (Trojan.Downloader) -> No action taken.

Re: zavirovany pocitac

Napsal: 21 pro 2010 15:46
od motji
Máte to parádně zavirováno :turned: , v mbamu vše smažte.

Re: zavirovany pocitac

Napsal: 21 pro 2010 17:57
od datel222
Vse jsem smazal a pocitac opet nejde zapnout....

Re: zavirovany pocitac

Napsal: 21 pro 2010 18:09
od motji
Ani v nouzovém režimu? Nefunguje ani poslední známá funkční konfigurace?
V mbamu jsme nic tak zásadního pro chod systému nemazali :o

Re: zavirovany pocitac

Napsal: 21 pro 2010 18:23
od datel222
tak nakonec pomohla popsledni znama funkcni konfigurace...jdu se pustit do toho ComboFixu

Re: zavirovany pocitac

Napsal: 21 pro 2010 18:24
od motji
zazáohujte ale první důležitá data, kdyby to systém nakonec opravdu nepřežil :o
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz