VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

FB vir - Klasika

https://forum.viry.cz:443/viewtopic.php?t=113836

Stránka 1 z 1

FB vir - Klasika

Napsal: 27 črc 2011 20:19
od skeleton
Dobrý den také prosím o pomoc se zákeřným FB virem. Pokud by to šlo, byl bych moc rád kdyby mi někdo pomohl dát počítač do pátku již dohromady. Děkuji



Logfile of random's system information tool 1.09 (written by random/random)
Run by Jarča at 2011-07-27 21:14:37
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 52 GB (68%) free of 76 GB
Total RAM: 447 MB (55% free)

HijackThis download failed

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Jarča\Data aplikací\Mozilla\Firefox\Profiles\u992j50f.default

prefs.js - "browser.startup.homepage" - "seznam.cz"
prefs.js - "extensions.enabledItems" - "{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390, avg@igeared:7.005.030.004, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.6"
prefs.js - "keyword.URL" - "http://search.avg.com/route/?d=4e2acc64 ... &lng=cs&q="

"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG10\Firefox4\
"avg@igeared"=C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
avg_igeared.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2011-07-08 2274144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2011-05-30 2495816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2011-05-30 2495816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice []
"TNOD UP"=C:\Program Files\TNod User & Password Finder\TNODUP.exe [2010-04-02 1811968]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"wxpdrv"=C:\WINDOWS\services32.exe []
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-3-0\svchost.exe [2011-07-22 1167872]
"tray_ico1"=C:\WINDOWS\update.tray-12-0\svchost.exe [2011-07-22 1167872]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"4228325.exe"=C:\DOCUME~1\JARA~1\LOCALS~1\Temp\4228325.exe [2011-07-22 249344]
"4222094.exe"=C:\WINDOWS\TEMP\4222094.exe [2011-07-22 249344]
"1022818.exe"=C:\WINDOWS\TEMP\1022818.exe [2011-07-22 249344]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-23 232960]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-22 114176]
"63366445-loader2.exe"=C:\WINDOWS\TEMP\63366445-loader2.exe [2011-07-22 249344]
"4285394.exe"=C:\WINDOWS\TEMP\4285394.exe [2011-07-23 502272]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2011-04-18 2334560]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe rezerv []
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe rezerv []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Jarča\Nabídka Start\Programy\Po spuštění
Seagate 2GH3L4WJ Product Registration.lnk - C:\Documents and Settings\Jarča\Data aplikací\Leadertech\PowerRegister\Seagate 2GH3L4WJ Product Registration.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Documents and Settings\Jarča\Dokumenty\Stažené soubory\Flash-Player(2).exe"="C:\Documents and Settings\Jarča\Dokumenty\Stažené soubory\Flash-Player(2).exe:*:Enabled:C:\Documents and Settings\Jarča\Dokumenty\Stažené soubory\Flash-Player(2).exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.tray-3-0\svchost.exe"="C:\WINDOWS\update.tray-3-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-3-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\Program Files\AVG\AVG10\avgdiagex.exe"="C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostika 2011"
"C:\Program Files\AVG\AVG10\avgnsx.exe"="C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG10\avgam.exe"="C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:Správce událostí AVG"
"C:\Program Files\AVG\AVG10\avgemcx.exe"="C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Obecná kontrola pošty"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-07-27 21:14:41 ----D---- C:\Program Files\trend micro
2011-07-27 21:14:37 ----D---- C:\rsit
2011-07-27 20:14:40 ----D---- C:\WINDOWS\LastGood
2011-07-23 15:29:52 ----D---- C:\Documents and Settings\Jarča\Data aplikací\AVG10
2011-07-23 15:28:35 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2011-07-23 15:28:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2011-07-23 15:24:04 ----D---- C:\Program Files\AVG
2011-07-23 15:24:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG10
2011-07-23 15:11:16 ----HD---- C:\WINDOWS\update.tray-12-0-lnk
2011-07-23 15:11:16 ----HD---- C:\WINDOWS\update.tray-12-0
2011-07-23 15:02:48 ----D---- C:\WINDOWS\system32\drivers\AVG
2011-07-23 14:46:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-07-22 19:02:46 ----D---- C:\WINDOWS\ufa
2011-07-22 19:02:46 ----D---- C:\WINDOWS\rpcminer
2011-07-22 19:02:46 ----D---- C:\WINDOWS\phoenix
2011-07-22 19:01:59 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-22 19:01:57 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-22 19:01:41 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-22 19:01:36 ----A---- C:\WINDOWS\systemup.exe
2011-07-22 19:01:36 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-22 19:01:16 ----HD---- C:\WINDOWS\update.2
2011-07-22 19:01:08 ----HD---- C:\WINDOWS\update.5.0
2011-07-22 19:00:21 ----A---- C:\WINDOWS\unrar.exe
2011-07-22 18:59:42 ----A---- C:\WINDOWS\iplist.txt
2011-07-22 18:59:11 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-22 18:58:54 ----D---- C:\WINDOWS\av_ico
2011-07-22 18:57:48 ----HD---- C:\WINDOWS\update.1
2011-07-22 18:57:19 ----HD---- C:\WINDOWS\update.tray-3-0-lnk
2011-07-22 18:57:19 ----HD---- C:\WINDOWS\update.tray-3-0
2011-07-22 18:46:32 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-22 18:46:32 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-13 00:07:44 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2011-07-13 00:07:24 ----D---- C:\Documents and Settings\Jarča\Data aplikací\Telefónica Móviles
2011-07-13 00:06:00 ----A---- C:\WINDOWS\system32\drivers\ewusbnet.sys
2011-07-13 00:06:00 ----A---- C:\WINDOWS\system32\drivers\ewusbmdm.sys
2011-07-13 00:06:00 ----A---- C:\WINDOWS\system32\drivers\ewusbdev.sys
2011-07-13 00:06:00 ----A---- C:\WINDOWS\system32\drivers\ewdcsc.sys
2011-07-13 00:05:25 ----D---- C:\Program Files\O2

======List of files/folders modified in the last 1 month======

2011-07-27 21:14:41 ----RD---- C:\Program Files
2011-07-27 21:10:59 ----D---- C:\WINDOWS\Prefetch
2011-07-27 20:31:30 ----D---- C:\WINDOWS\system32\drivers
2011-07-27 20:31:27 ----HD---- C:\WINDOWS\inf
2011-07-27 20:21:19 ----D---- C:\WINDOWS\Temp
2011-07-27 20:15:27 ----D---- C:\WINDOWS\system32
2011-07-27 20:14:40 ----D---- C:\WINDOWS
2011-07-27 20:13:57 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-26 18:16:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-23 15:29:25 ----SHD---- C:\WINDOWS\Installer
2011-07-23 15:29:25 ----HD---- C:\Config.Msi
2011-07-23 15:23:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-23 15:21:23 ----A---- C:\boot.ini
2011-07-23 15:17:45 ----D---- C:\WINDOWS\system32\CatRoot
2011-07-23 15:01:24 ----D---- C:\WINDOWS\WinSxS
2011-07-22 19:02:03 ----SHD---- C:\System Volume Information
2011-07-22 19:02:03 ----D---- C:\WINDOWS\system32\Restore
2011-07-13 00:08:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
R0 SISAGP;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2003-07-18 36992]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2004-08-04 44672]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-18 41216]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-03-01 34896]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-04-07 55232]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 tidnet;TID NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\tidnet.sys [2009-09-15 19200]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-04-07 139192]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-04-07 134488]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 27216]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-10-17 754560]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 26496]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-07-12 30432]
S3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-04-07 32584]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-15 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-15 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-15 21744]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys [2009-12-15 24448]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-12-15 100736]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avgfws;AVG Firewall; C:\Program Files\AVG\AVG10\avgfws.exe [2011-03-09 2708024]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-07-22 1167872]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-05-30 1025352]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe []
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

Re: FB vir - Klasika

Napsal: 27 črc 2011 20:27
od Rudy
Zdravím!
Udělejtze kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. předem nic nemažte.

Re: FB vir - Klasika

Napsal: 27 črc 2011 23:45
od skeleton
Je toho celkem dost:

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

28.7.2011 0:39:24
mbam-log-2011-07-28 (00-39-13).txt

Typ: Úplná kontrola (C:\|)
Kontrolované objekty: 177045
Uplynulý čas: 42 minut, 15 sekund

Infikované procesy v paměti: 5
Infikované moduly v paměti: 0
Infikované klíče v registru: 4
Infikované hodnoty v registru: 8
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 24

Infikované procesy v paměti:
c:\WINDOWS\update.tray-3-0\svchost.exe (Trojan.Dropper) -> 1236 -> No action taken.
c:\WINDOWS\update.tray-12-0\svchost.exe (Trojan.Dropper) -> 1244 -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> 1376 -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> 288 -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> 1360 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TNod (Trojan.Agent.CK) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TNOD UP (Trojan.Agent.CK) -> Value: TNOD UP -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\WINDOWS\update.tray-3-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-12-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\program files\tnod user & password finder\TNODUP.exe (Trojan.Agent.CK) -> No action taken.
c:\documents and settings\Jarča\dokumenty\stažené soubory\flash-player(2).exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\Jarča\dokumenty\stažené soubory\flash-player.exe (Trojan.Dropper) -> No action taken.
c:\program files\tnod user & password finder\uninst-tnod.exe (Trojan.Agent.CK) -> No action taken.
c:\system volume information\_restore{666489fa-1967-40dd-b4a3-07c31f3e2cc9}\RP320\A0018200.exe (Backdoor.Delf) -> No action taken.
c:\system volume information\_restore{666489fa-1967-40dd-b4a3-07c31f3e2cc9}\RP323\A0018208.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{666489fa-1967-40dd-b4a3-07c31f3e2cc9}\RP323\A0018209.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{666489fa-1967-40dd-b4a3-07c31f3e2cc9}\RP323\A0018418.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{666489fa-1967-40dd-b4a3-07c31f3e2cc9}\RP323\A0018419.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{666489fa-1967-40dd-b4a3-07c31f3e2cc9}\RP323\A0018420.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{666489fa-1967-40dd-b4a3-07c31f3e2cc9}\RP323\A0018421.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{666489fa-1967-40dd-b4a3-07c31f3e2cc9}\RP325\A0018753.exe (Trojan.Agent.CK) -> No action taken.
c:\WINDOWS\Temp\2736200.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\4942260.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\7672245.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\9217240.exe (Backdoor.Delf) -> No action taken.
c:\WINDOWS\update.tray-12-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-3-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\570248372.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> No action taken.


Co teď?

Re: FB vir - Klasika

Napsal: 28 črc 2011 10:48
od Rudy
Vše, co MBAM nalezl, smažte. Restartujte a dejte nový log RSIT.

Re: FB vir - Klasika

Napsal: 28 črc 2011 17:48
od skeleton
Tady je

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jarča at 2011-07-28 18:39:19
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 52 GB (68%) free of 76 GB
Total RAM: 447 MB (9% free)

HijackThis download failed

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Jarča\Data aplikací\Mozilla\Firefox\Profiles\u992j50f.default

prefs.js - "browser.startup.homepage" - "seznam.cz"
prefs.js - "extensions.enabledItems" - "{1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390, avg@igeared:7.005.030.004, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.6"
prefs.js - "keyword.URL" - "http://search.avg.com/route/?d=4e2acc64 ... &lng=cs&q="

"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG10\Firefox4\
"avg@igeared"=C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
avg_igeared.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2011-07-08 2274144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2011-05-30 2495816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2011-05-30 2495816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"wxpdrv"=C:\WINDOWS\services32.exe []
"tray_ico"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"4228325.exe"=C:\DOCUME~1\JARA~1\LOCALS~1\Temp\4228325.exe [2011-07-22 249344]
"4222094.exe"=C:\WINDOWS\TEMP\4222094.exe [2011-07-22 249344]
"1022818.exe"=C:\WINDOWS\TEMP\1022818.exe [2011-07-22 249344]
"63366445-loader2.exe"=C:\WINDOWS\TEMP\63366445-loader2.exe [2011-07-22 249344]
"4285394.exe"=C:\WINDOWS\TEMP\4285394.exe [2011-07-23 502272]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2011-04-18 2334560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Jarča\Nabídka Start\Programy\Po spuštění
Seagate 2GH3L4WJ Product Registration.lnk - C:\Documents and Settings\Jarča\Data aplikací\Leadertech\PowerRegister\Seagate 2GH3L4WJ Product Registration.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Documents and Settings\Jarča\Dokumenty\Stažené soubory\Flash-Player(2).exe"="C:\Documents and Settings\Jarča\Dokumenty\Stažené soubory\Flash-Player(2).exe:*:Enabled:C:\Documents and Settings\Jarča\Dokumenty\Stažené soubory\Flash-Player(2).exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.tray-3-0\svchost.exe"="C:\WINDOWS\update.tray-3-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-3-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\Program Files\AVG\AVG10\avgdiagex.exe"="C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostika 2011"
"C:\Program Files\AVG\AVG10\avgnsx.exe"="C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG10\avgam.exe"="C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:Správce událostí AVG"
"C:\Program Files\AVG\AVG10\avgemcx.exe"="C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Obecná kontrola pošty"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-07-28 18:36:06 ----D---- C:\WINDOWS\LastGood
2011-07-27 22:45:09 ----D---- C:\Documents and Settings\Jarča\Data aplikací\Malwarebytes
2011-07-27 22:44:59 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-07-27 22:44:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-07-27 22:44:54 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-07-27 22:44:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-27 21:14:41 ----D---- C:\Program Files\trend micro
2011-07-27 21:14:37 ----D---- C:\rsit
2011-07-23 15:29:52 ----D---- C:\Documents and Settings\Jarča\Data aplikací\AVG10
2011-07-23 15:28:35 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2011-07-23 15:28:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2011-07-23 15:24:04 ----D---- C:\Program Files\AVG
2011-07-23 15:24:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG10
2011-07-23 15:11:16 ----HD---- C:\WINDOWS\update.tray-12-0-lnk
2011-07-23 15:11:16 ----HD---- C:\WINDOWS\update.tray-12-0
2011-07-23 15:02:48 ----D---- C:\WINDOWS\system32\drivers\AVG
2011-07-23 14:46:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-07-22 19:02:46 ----D---- C:\WINDOWS\ufa
2011-07-22 19:02:46 ----D---- C:\WINDOWS\rpcminer
2011-07-22 19:02:46 ----D---- C:\WINDOWS\phoenix
2011-07-22 19:01:59 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-22 19:01:57 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-22 19:01:41 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-22 19:01:16 ----HD---- C:\WINDOWS\update.2
2011-07-22 19:01:08 ----HD---- C:\WINDOWS\update.5.0
2011-07-22 19:00:21 ----A---- C:\WINDOWS\unrar.exe
2011-07-22 18:59:42 ----A---- C:\WINDOWS\iplist.txt
2011-07-22 18:59:11 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-22 18:58:54 ----D---- C:\WINDOWS\av_ico
2011-07-22 18:57:48 ----HD---- C:\WINDOWS\update.1
2011-07-22 18:57:19 ----HD---- C:\WINDOWS\update.tray-3-0-lnk
2011-07-22 18:57:19 ----HD---- C:\WINDOWS\update.tray-3-0
2011-07-22 18:46:32 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-22 18:46:32 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-13 00:07:44 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2011-07-13 00:07:24 ----D---- C:\Documents and Settings\Jarča\Data aplikací\Telefónica Móviles
2011-07-13 00:06:00 ----A---- C:\WINDOWS\system32\drivers\ewusbnet.sys
2011-07-13 00:06:00 ----A---- C:\WINDOWS\system32\drivers\ewusbmdm.sys
2011-07-13 00:06:00 ----A---- C:\WINDOWS\system32\drivers\ewusbdev.sys
2011-07-13 00:06:00 ----A---- C:\WINDOWS\system32\drivers\ewdcsc.sys
2011-07-13 00:05:25 ----D---- C:\Program Files\O2

======List of files/folders modified in the last 1 month======

2011-07-28 18:36:41 ----HD---- C:\WINDOWS\inf
2011-07-28 18:36:41 ----D---- C:\WINDOWS\system32\drivers
2011-07-28 18:36:36 ----D---- C:\WINDOWS\Prefetch
2011-07-28 18:36:28 ----D---- C:\WINDOWS\system32
2011-07-28 18:36:08 ----D---- C:\WINDOWS\Temp
2011-07-28 18:36:06 ----D---- C:\WINDOWS
2011-07-28 18:35:28 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-28 18:33:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-28 18:31:20 ----D---- C:\Program Files\TNod User & Password Finder
2011-07-27 22:45:00 ----RD---- C:\Program Files
2011-07-23 15:29:25 ----SHD---- C:\WINDOWS\Installer
2011-07-23 15:29:25 ----HD---- C:\Config.Msi
2011-07-23 15:23:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-23 15:21:23 ----A---- C:\boot.ini
2011-07-23 15:17:45 ----D---- C:\WINDOWS\system32\CatRoot
2011-07-23 15:01:24 ----D---- C:\WINDOWS\WinSxS
2011-07-22 19:02:03 ----SHD---- C:\System Volume Information
2011-07-22 19:02:03 ----D---- C:\WINDOWS\system32\Restore
2011-07-13 00:08:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
R0 SISAGP;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2003-07-18 36992]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-18 41216]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-03-01 34896]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-04-07 55232]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 tidnet;TID NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\tidnet.sys [2009-09-15 19200]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-04-07 139192]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-04-07 134488]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 27216]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-10-17 754560]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2004-08-04 44672]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-07-12 30432]
S3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-04-07 32584]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-15 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-15 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-15 21744]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys [2009-12-15 24448]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-12-15 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-12-15 100736]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avgfws;AVG Firewall; C:\Program Files\AVG\AVG10\avgfws.exe [2011-03-09 2708024]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-05-30 1025352]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe []
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

Re: FB vir - Klasika

Napsal: 28 črc 2011 19:17
od Rudy
Ještě jsou tam zbytky. Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Re: FB vir - Klasika

Napsal: 28 črc 2011 21:13
od skeleton
Dobrý večer,
menší komplikace, ale snad jsem vše udělal správně. Po nainstalování po mě ComboFix chtěl vypnout rezidentní štít u NODa. Protože jsem ale už dříve zaregistroval tento virus http://viry.cz/go.php?p=viry&t=novinka&id=2689, bál jsem se abych kliknutím na ikonku ve start/programy/ESET../ která odkazovala někam do windows/update.. něco nepokazil. Proto jsem přes přidat nebo odebrat programy odinstaloval NOD i nefunkční a přebytečný AVG. Poté jsem restartoval a spustil MalwaresBytes - rychlý test, který našel v registrech dva problémy ( ..\Run\sysdriver32_.exe a ..\Run\sysdriver32.exe ). Protože vím že tyto dva soubory souvisí s virem nechal jsem je rovnou odstranit.

Poté jsem spustil Combofix, který zřejmě provedl to co měl a napsal že restartuje pc. Pochvíli naskočila černá obrazovka kterou jsem ponechal asi půl hodiny. Pak mi přiznám se už přetekly trochu nervy a po kontrole že hdd už několik minut vůbec nebliká (- nepracuje) počítač natvrdo restartoval. Po dokončení systém naběhl v pořádku a ComboFix bez mého zásahu vyhodil tento log:

ComboFix 11-07-28.04 - Jarča 28.07.2011 21:11:10.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.447.71 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jarča\Plocha\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WXPDRIVERS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-28 )))))))))))))))))))))))))))))))
.
.
2011-07-27 20:45 . 2011-07-27 20:45 -------- d-----w- c:\documents and settings\Jarča\Data aplikací\Malwarebytes
2011-07-27 20:44 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-27 20:44 . 2011-07-27 20:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-27 20:44 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 20:44 . 2011-07-27 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-27 19:14 . 2011-07-27 19:14 -------- d-----w- c:\program files\trend micro
2011-07-27 19:14 . 2011-07-27 19:14 -------- d-----w- C:\rsit
2011-07-23 13:59 . 2011-07-23 13:59 -------- d-----w- c:\documents and settings\Jarča\Local Settings\Data aplikací\AVG Security Toolbar
2011-07-23 13:29 . 2011-07-23 13:29 -------- d-----w- c:\documents and settings\Jarča\Data aplikací\AVG10
2011-07-23 13:28 . 2011-07-23 13:28 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-07-23 13:24 . 2011-07-28 18:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2011-07-23 13:24 . 2011-07-23 13:24 -------- d-----w- c:\program files\AVG
2011-07-23 13:11 . 2011-07-28 16:31 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-07-23 13:11 . 2011-07-28 16:31 -------- d--h--w- c:\windows\update.tray-12-0
2011-07-23 12:46 . 2011-07-28 18:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-07-22 17:02 . 2011-07-22 17:02 -------- d-----w- c:\windows\ufa
2011-07-22 17:00 . 2011-07-22 17:02 246272 ----a-w- c:\windows\unrar.exe
2011-07-22 16:58 . 2011-07-22 16:58 -------- d-----w- c:\windows\av_ico
2011-07-22 16:57 . 2011-07-28 16:31 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-22 16:57 . 2011-07-28 16:31 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-22 16:46 . 2011-07-22 16:46 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-12 22:07 . 2011-07-12 22:07 -------- d-----w- c:\documents and settings\Jarča\Data aplikací\Telefónica Móviles
2011-07-12 22:06 . 2009-12-15 12:05 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-07-12 22:06 . 2009-12-15 12:05 113280 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-07-12 22:06 . 2009-12-15 12:05 102528 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-07-12 22:06 . 2009-12-15 12:05 100736 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2011-07-12 22:05 . 2011-07-12 22:05 -------- d-----w- c:\program files\O2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
c:\documents and settings\Jarźa\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Seagate 2GH3L4WJ Product Registration.lnk - c:\documents and settings\Jarźa\Data aplikacˇ\Leadertech\PowerRegister\Seagate 2GH3L4WJ Product Registration.exe [2011-3-5 1731736]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 21:07 114984]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [15.9.2009 11:51 19200]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [13.7.2011 0:06 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [13.7.2011 0:06 100736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [27.7.2011 22:44 41272]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jarča\Data aplikací\Mozilla\Firefox\Profiles\u992j50f.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-28 21:36
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2964)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Celkový čas: 2011-07-28 21:41:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-28 19:41
.
Před spuštěním: Volných bajtů: 56 081 948 672
Po spuštění: Volných bajtů: 55 986 716 672
.
- - End Of File - - E74AD8B6E022C1A71A56285CEF4D4193

Re: FB vir - Klasika

Napsal: 28 črc 2011 21:23
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Collect::
c:\windows\unrar.exe

Folder::
c:\windows\update.tray-12-0-lnk
c:\windows\update.tray-12-0
c:\windows\ufa
c:\windows\av_ico
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0
Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: FB vir - Klasika

Napsal: 28 črc 2011 21:55
od skeleton
Bohužel jsem zaregistroval stejný problém s černou obrazovkou a zamrznutím jako minule.

Jinak zde je log:


ComboFix 11-07-28.04 - Jarča 28.07.2011 22:32:08.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.447.92 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jarča\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jarča\Plocha\CFScript.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
file zipped: c:\windows\unrar.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_SS_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\update.tray-12-0-lnk
c:\windows\update.tray-12-0
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-28 )))))))))))))))))))))))))))))))
.
.
2011-07-27 20:45 . 2011-07-27 20:45 -------- d-----w- c:\documents and settings\Jarča\Data aplikací\Malwarebytes
2011-07-27 20:44 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-27 20:44 . 2011-07-27 20:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-27 20:44 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-27 20:44 . 2011-07-27 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-27 19:14 . 2011-07-27 19:14 -------- d-----w- c:\program files\trend micro
2011-07-27 19:14 . 2011-07-27 19:14 -------- d-----w- C:\rsit
2011-07-23 13:59 . 2011-07-23 13:59 -------- d-----w- c:\documents and settings\Jarča\Local Settings\Data aplikací\AVG Security Toolbar
2011-07-23 13:29 . 2011-07-23 13:29 -------- d-----w- c:\documents and settings\Jarča\Data aplikací\AVG10
2011-07-23 13:28 . 2011-07-23 13:28 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-07-23 13:24 . 2011-07-28 18:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2011-07-23 13:24 . 2011-07-23 13:24 -------- d-----w- c:\program files\AVG
2011-07-23 12:46 . 2011-07-28 18:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-07-22 17:00 . 2011-07-22 17:02 246272 ----a-w- c:\windows\unrar.exe
2011-07-22 16:46 . 2011-07-22 16:46 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-12 22:07 . 2011-07-12 22:07 -------- d-----w- c:\documents and settings\Jarča\Data aplikací\Telefónica Móviles
2011-07-12 22:06 . 2009-12-15 12:05 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-07-12 22:06 . 2009-12-15 12:05 113280 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-07-12 22:06 . 2009-12-15 12:05 102528 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-07-12 22:06 . 2009-12-15 12:05 100736 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2011-07-12 22:05 . 2011-07-12 22:05 -------- d-----w- c:\program files\O2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
c:\documents and settings\Jarźa\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Seagate 2GH3L4WJ Product Registration.lnk - c:\documents and settings\Jarźa\Data aplikacˇ\Leadertech\PowerRegister\Seagate 2GH3L4WJ Product Registration.exe [2011-3-5 1731736]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 21:07 114984]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [15.9.2009 11:51 19200]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [13.7.2011 0:06 24448]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [13.7.2011 0:06 100736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [27.7.2011 22:44 41272]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jarča\Data aplikací\Mozilla\Firefox\Profiles\u992j50f.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-28 22:46
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(940)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\OSK.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\MSSWCHX.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Celkový čas: 2011-07-28 22:50:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-28 20:50
ComboFix2.txt 2011-07-28 19:41
.
Před spuštěním: Volných bajtů: 55 988 998 144
Po spuštění: Volných bajtů: 55 978 102 784
.
- - End Of File - - 866DB332990F9DCC12D957216A6F89DE

Re: FB vir - Klasika

Napsal: 28 črc 2011 21:59
od Rudy
Smazáno, log již vypadá čistý. Nastala nějaká změna?

Re: FB vir - Klasika

Napsal: 28 črc 2011 22:33
od skeleton
Subjektivně se mi zdá počítač trochu rychlejší. Zdá že už je snad vyčistěn od té havěti.. Takže pokud je to tedy vše tak posílám velké díky!!

PS. Můžete mi ještě doporučit nějaké programy na promazání registrů, dočasných úložišt apod.?

Re: FB vir - Klasika

Napsal: 29 črc 2011 10:12
od Rudy
Doporučovaný program na čištění registry a PC od dočasných souborů máme CCleaner: http://www.viry.cz/forum/viewtopic.php?f=46&t=7478 . Je "user friendly" a nesmaže nic, co byste v budoucnu mohl potřebovat. Je to vše a nemáte zač!
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz