VIRY.CZ

Dobrý den,

prosím o radu, jak postupovat. Rodinný příslušník natáhl do počítače přes odkaz na Skype tohoto červa. Eset jej detekoval a vložil do karantény. Přímo to vypadá, že zasáhl soubory na flash disku a ty se "schovaly". Flash disk jsem odpojila a nyní hledám radu, jak se tohoto červa zbavit. Projela jsem kompletní antivirovou kontrolu Esetem (nalezla infikaci "operační paměť - explorer.exe - varianta infiltrace Dorkbot.B - nelze léčit")

A v karanténě je uveden Dorkbot.D.

Pokusila jsem se udělat log RSIT, ale ve výsledném textu bylo, že se nepodařilo stáhnout Hijackthis .

Prosím o radu, jak postupovat a jaké logy mám dodat. A také jak vyléčit flash paměť, mám ji zapojit a dělat při tom ty logy? Prostě prosím o podrobné instrukce, chtěla bych se toho zbavit, abych to dál nešířila ostatním (skype jsem okamžitě vypla, ani by neměl nabíhat po startu).

Přes CCleaner jsem se ještě podívala, jestli se tam někam nenacpal po startu a našla jsem tohle a to jsem odpojila:

Ne HKCU:Run Wjoioe Skype Technologies S.A. C:\Documents and Settings\Admin\Data aplikací\Wjoioe.exe

Předem děkuji za rady a pomoc


Vkládám ještě log z RSIT a z Hihjackthis separátně, když se nenačetl... snad to tak může být. Děkuji


RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-10-04 16:15:47
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 762 MB (1%) free of 76 GB
Total RAM: 1519 MB (30% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd95234ba90718.job
C:\WINDOWS\tasks\NOD32.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 90f8bd55-4b53-4c9e-8c55-369497a6f8cc.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\rt1t72aq.Evžík

prefs.js - "browser.startup.homepage" - "http://www.aviation-center-berlin.de/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nitropdf.com/NitroPDF]
"Description"=NitroPDF Web Browser Plugin
"Path"=C:\Program Files\Nitro\Pro 8\npnitromozilla.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=13]
"Description"=Google Updater
"Path"=C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=Software602 Form Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\\plugins\
NPOFFICE.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\rt1t72aq.Evžík\extensions\
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-08-13 4120256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-19 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
KMPlayer Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431}
{D4027C7F-154A-4066-A1AD-4243D8127440} - KMPlayer Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-06-06 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-06-06 118784]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 3080264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-09-07 766536]
"InnoSetupRegFile.0000000001"=C:\WINDOWS\is-5376I.exe [2012-10-04 711240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MP3 Skype Recorder"=C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe [2011-06-23 1968640]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-10-01 4763008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Synchronizer]
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2012-07-27 35768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
C:\Documents and Settings\Admin\Local Settings\Data aplikací\Akamai\netsession_win.exe [2012-08-10 4440896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
C:\Program Files\Ask.com\Updater\Updater.exe [2012-01-03 1391272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDSoft]
C:\Program Files\iFree Skype Recorder\irecorder.exe [2010-11-16 2452992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWH myPrintMileage Agent]
C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor]
C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2010-12-03 141368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17418928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2004-06-18 67584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wjoioe]
C:\Documents and Settings\Admin\Data aplikací\Wjoioe.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User7^Nabídka Start^Programy^Po spuštění^Openoffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE [2008-01-24 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Themes"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-06-06 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\HPWHTBX.exe"="C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\HPWHTBX.exe:*:Enabled:Toolbox for HP Printing System for Windows"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Common Files\Soft602\langserv.exe"="C:\Program Files\Common Files\Soft602\langserv.exe:*:Enabled:Software602 Spell Checker"
"C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe"="C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\Documents and Settings\Admin\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Admin\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\Call Graph\CallGraph.exe"="C:\Program Files\Call Graph\CallGraph.exe:*:Enabled:Call Graph"
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe"="C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux4"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux5"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux6"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-10-04 15:47:32 ----D---- C:\Program Files\trend micro
2012-10-04 15:47:31 ----D---- C:\rsit
2012-10-04 11:28:22 ----A---- C:\WINDOWS\system32\drivers\scmkdu.sys
2012-10-04 11:27:23 ----A---- C:\WINDOWS\system32\drivers\uvqbpbj.sys
2012-10-04 11:22:08 ----A---- C:\WINDOWS\system32\drivers\ghygudvj.sys
2012-10-04 11:10:07 ----A---- C:\WINDOWS\is-5376I.exe
2012-10-04 11:07:19 ----D---- C:\Documents and Settings\Admin\Data aplikací\Malwarebytes
2012-10-04 10:50:39 ----D---- C:\Documents and Settings\Admin\Data aplikací\SUPERAntiSpyware.com
2012-10-04 10:48:13 ----D---- C:\Program Files\SUPERAntiSpyware
2012-10-04 10:48:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2012-10-03 20:01:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\FileOpen
2012-10-03 20:01:42 ----D---- C:\Documents and Settings\Admin\Data aplikací\Nitro
2012-10-03 20:01:42 ----D---- C:\Documents and Settings\Admin\Data aplikací\FileOpen
2012-10-03 20:00:56 ----A---- C:\WINDOWS\system32\nitrolocalui2.dll
2012-10-03 20:00:56 ----A---- C:\WINDOWS\system32\nitrolocalmon2.dll
2012-10-03 19:59:36 ----D---- C:\Program Files\Common Files\Nitro
2012-10-03 19:58:41 ----D---- C:\Program Files\Nitro
2012-10-03 19:58:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nitro
2012-10-03 19:53:14 ----D---- C:\Documents and Settings\Admin\Data aplikací\Downloaded Installations
2012-10-01 02:56:58 ----A---- C:\WINDOWS\system32\NLSSRV32.EXE
2012-09-22 17:46:40 ----D---- C:\Documents and Settings\Admin\Data aplikací\Help
2012-09-18 15:17:31 ----D---- C:\Documents and Settings\Admin\Data aplikací\vlc
2012-09-18 15:15:26 ----D---- C:\Program Files\VideoLAN
2012-09-13 23:15:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\PlotSoft
2012-09-13 23:15:22 ----D---- C:\Program Files\PlotSoft
2012-09-12 22:10:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2736233$
2012-09-07 12:24:32 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2012-10-04 16:07:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-10-04 15:48:19 ----D---- C:\WINDOWS\Temp
2012-10-04 15:47:32 ----RD---- C:\Program Files
2012-10-04 11:29:52 ----D---- C:\WINDOWS\system32\drivers
2012-10-04 11:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2641653$
2012-10-04 11:27:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2012-10-04 11:22:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2012-10-04 11:10:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-10-04 11:10:07 ----AD---- C:\WINDOWS
2012-10-04 11:09:42 ----D---- C:\WINDOWS\Prefetch
2012-10-04 10:52:04 ----SD---- C:\WINDOWS\Tasks
2012-10-04 10:51:34 ----D---- C:\WINDOWS\system32\CatRoot2
2012-10-04 10:19:57 ----D---- C:\Documents and Settings\Admin\Data aplikací\Skype
2012-10-04 06:47:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2012-10-03 20:01:12 ----SHD---- C:\WINDOWS\Installer
2012-10-03 20:01:12 ----SHD---- C:\Config.Msi
2012-10-03 20:00:56 ----D---- C:\WINDOWS\system32
2012-10-03 19:59:36 ----D---- C:\Program Files\Common Files
2012-10-03 15:06:14 ----D---- C:\Documents and Settings\Admin\Data aplikací\OpenOffice.org2
2012-09-22 22:06:09 ----HD---- C:\WINDOWS\inf
2012-09-22 22:05:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-09-22 22:05:32 ----D---- C:\WINDOWS\system32\cs-cz
2012-09-22 22:05:32 ----D---- C:\Program Files\Internet Explorer
2012-09-22 22:04:52 ----D---- C:\WINDOWS\ie7updates
2012-09-22 18:09:45 ----A---- C:\WINDOWS\wincmd.ini
2012-09-22 08:38:47 ----HD---- C:\WINDOWS\$hf_mig$
2012-09-17 12:04:27 ----D---- C:\Documents and Settings\Admin\Data aplikací\gtk-2.0
2012-09-13 23:18:44 ----RSD---- C:\WINDOWS\Fonts
2012-09-12 22:10:15 ----A---- C:\WINDOWS\imsins.BAK
2012-09-12 22:01:07 ----A---- C:\WINDOWS\system32\MRT.exe
2012-09-12 08:26:33 ----D---- C:\Program Files\Mozilla Thunderbird
2012-09-10 15:25:46 ----D---- C:\Program Files\CCleaner
2012-09-09 08:09:30 ----D---- C:\Program Files\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 stwlfbus;stwlfbus; C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2011-08-04 61936]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2011-08-04 147480]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-21 626204]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2011-08-09 39824]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-06-06 730653]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
R3 st3wolf;st3wolf; C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0 bdxha;bdxha; C:\WINDOWS\System32\drivers\ghygudvj.sys [2012-10-04 54016]
S0 ldhgpae;ldhgpae; C:\WINDOWS\System32\drivers\uvqbpbj.sys [2012-10-04 54016]
S0 uthrxa;uthrxa; C:\WINDOWS\System32\drivers\scmkdu.sys [2012-10-04 54016]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]
R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-03-14 84520]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [2012-05-04 161664]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\WINDOWS\system32\NLSSRV32.EXE [2012-10-01 69640]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-08 116648]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-19 183280]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8; C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe [2012-10-01 197128]
S2 PanService;PandoraService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe []
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-08 116648]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:26:09, on 4.10.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17114)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.mojebanka.cz/InternetBanking/?L=CS
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: KMPlayer Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-5376I.exe" /REG /REGSVRMODE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MP3 Skype Recorder] C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\MP3 Skype Recorder\Skype4Com.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NitroPDFDriverCreatorReadSpool8 (NitroDriverReadSpool8) - Nitro PDF Software - C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE
O23 - Service: PandoraService (PanService) - Unknown owner - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8327 bytes

Zdravím!
Poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Děkuji za reakci. Vkládám log z Combofixu.

Eset měl být vypnutý, ale asi nebyl.

Může se ten vir šířit dál například skrze mailový klient? (Skype zatím raději stále nezapínám, ale mohu využívat mailový klient? )

Děkuji


ComboFix 12-10-04.01 - Admin 04.10.2012 23:46:10.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1519.965 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dokumenty\~WRL0027.tmp
c:\documents and settings\All Users\Dokumenty\~WRL0125.tmp
c:\documents and settings\All Users\Dokumenty\~WRL0126.tmp
c:\documents and settings\All Users\Dokumenty\~WRL0299.tmp
c:\documents and settings\All Users\Dokumenty\~WRL0396.tmp
c:\documents and settings\All Users\Dokumenty\~WRL0436.tmp
c:\documents and settings\All Users\Dokumenty\~WRL0466.tmp
c:\documents and settings\All Users\Dokumenty\~WRL0515.tmp
c:\documents and settings\All Users\Dokumenty\~WRL0619.tmp
c:\documents and settings\All Users\Dokumenty\~WRL0622.tmp
c:\documents and settings\All Users\Dokumenty\~WRL0929.tmp
c:\documents and settings\All Users\Dokumenty\~WRL1187.tmp
c:\documents and settings\All Users\Dokumenty\~WRL1331.tmp
c:\documents and settings\All Users\Dokumenty\~WRL1473.tmp
c:\documents and settings\All Users\Dokumenty\~WRL1568.tmp
c:\documents and settings\All Users\Dokumenty\~WRL1632.tmp
c:\documents and settings\All Users\Dokumenty\~WRL1707.tmp
c:\documents and settings\All Users\Dokumenty\~WRL2242.tmp
c:\documents and settings\All Users\Dokumenty\~WRL2364.tmp
c:\documents and settings\All Users\Dokumenty\~WRL2539.tmp
c:\documents and settings\All Users\Dokumenty\~WRL3088.tmp
c:\documents and settings\All Users\Dokumenty\~WRL3219.tmp
c:\documents and settings\All Users\Dokumenty\~WRL3250.tmp
c:\documents and settings\All Users\Dokumenty\~WRL3460.tmp
c:\documents and settings\All Users\Dokumenty\~WRL3530.tmp
c:\documents and settings\All Users\Dokumenty\~WRL3552.tmp
c:\documents and settings\All Users\Dokumenty\~WRL3606.tmp
c:\documents and settings\All Users\Dokumenty\~WRL3781.tmp
c:\documents and settings\All Users\Dokumenty\~WRL3839.tmp
c:\documents and settings\All Users\Dokumenty\~WRL3961.tmp
c:\documents and settings\All Users\Dokumenty\~WRL4019.tmp
c:\documents and settings\All Users\Dokumenty\~WRL4053.tmp
c:\documents and settings\All Users\Dokumenty\~WRL4084.tmp
c:\windows\daemon.dll
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\dllcache\dlimport.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-04 do 2012-10-04 )))))))))))))))))))))))))))))))
.
.
2012-10-04 14:25 . 2012-10-04 14:25 388096 ----a-r- c:\documents and settings\Admin\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-04 13:47 . 2012-10-04 14:25 -------- d-----w- c:\program files\trend micro
2012-10-04 13:47 . 2012-10-04 13:47 -------- d-----w- C:\rsit
2012-10-04 09:07 . 2012-10-04 09:07 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Malwarebytes
2012-10-04 08:50 . 2012-10-04 08:50 -------- d-----w- c:\documents and settings\Admin\Data aplikací\SUPERAntiSpyware.com
2012-10-04 08:48 . 2012-10-04 08:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-04 08:48 . 2012-10-04 08:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2012-10-03 18:01 . 2012-10-03 18:02 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Nitro
2012-10-03 18:01 . 2012-10-03 18:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FileOpen
2012-10-03 18:01 . 2012-10-03 18:01 -------- d-----w- c:\documents and settings\Admin\Data aplikací\FileOpen
2012-10-03 18:00 . 2012-10-01 00:56 18440 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-10-03 18:00 . 2012-10-01 00:56 27144 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-10-03 17:59 . 2012-10-03 17:59 -------- d-----w- c:\program files\Common Files\Nitro
2012-10-03 17:58 . 2012-10-03 17:58 -------- d-----w- c:\program files\Nitro
2012-10-03 17:58 . 2012-10-03 17:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nitro
2012-10-03 17:53 . 2012-10-03 17:53 -------- d-----w- c:\documents and settings\Admin\Data aplikací\Downloaded Installations
2012-10-01 00:56 . 2012-10-01 00:56 69640 ----a-w- c:\windows\system32\NLSSRV32.EXE
2012-09-22 15:46 . 2012-09-22 15:46 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Help
2012-09-18 13:17 . 2012-10-02 23:37 -------- d-----w- c:\documents and settings\Admin\Data aplikací\vlc
2012-09-18 13:15 . 2012-09-18 13:15 -------- d-----w- c:\program files\VideoLAN
2012-09-13 21:15 . 2012-09-13 21:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PlotSoft
2012-09-13 21:15 . 2012-09-13 21:15 -------- d-----w- c:\program files\PlotSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 15:04 . 2011-04-10 12:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-27 18:40 . 2004-08-18 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 18:40 . 2004-08-18 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 18:40 . 2004-08-18 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 18:40 . 2004-08-18 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2012-09-07 10:25 . 2012-09-07 10:24 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 14:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MP3 Skype Recorder"="c:\program files\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-06-23 1968640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-06 118784]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^User7^Nabídka Start^Programy^Po spuštění^Openoffice.org 2.3.lnk]
path=c:\documents and settings\User7\Nabídka Start\Programy\Po spuštění\Openoffice.org 2.3.lnk
backup=c:\windows\pss\Openoffice.org 2.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-08-10 16:59 4440896 ----a-w- c:\documents and settings\Admin\Local Settings\Data aplikací\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2012-01-03 14:31 1391272 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 03:22 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDSoft]
2010-11-16 02:05 2452992 ----a-w- c:\program files\iFree Skype Recorder\irecorder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor]
2010-12-03 14:47 141368 ----a-w- c:\program files\Software602\Print2PDF\Print2PDF.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-06-18 08:31 67584 -c--a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-10-01 17:11 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Themes"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Soft602\\langserv.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Call Graph\\CallGraph.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 stwlfbus;stwlfbus;c:\windows\system32\drivers\stwlfbus.sys [27.4.2003 12:39 8704]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 10:20 118104]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.7.2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.7.2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11.7.2012 20:54 116608]
R2 602XML Updater;602Updater;c:\program files\Common Files\Soft602\602updsvc\602updsvc.exe [14.4.2010 10:28 84520]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [22.9.2011 13:03 974944]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.7.2012 15:43 116648]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Nitro\Pro 8\NitroPDFDriverService8.exe [1.10.2012 2:56 197128]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [1.10.2012 2:56 69640]
R3 st3wolf;st3wolf;c:\windows\system32\drivers\st3wolf.sys [27.4.2003 11:43 99360]
S2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe --> c:\program files\PANDORA.TV\PanService\PandoraService.exe [?]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13.8.2012 13:33 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8.7.2012 15:43 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [27.4.2012 7:54 114144]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-19 12:05]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd95234ba90718.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-08 13:43]
.
2012-10-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 14:31]
.
2012-10-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 90f8bd55-4b53-4c9e-8c55-369497a6f8cc.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Doplňkový sken -------
.
uStart Page = https://www.mojebanka.cz/InternetBanking/?L=CS
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {50E43D86-A74D-11D0-98CE-004005249458} - hxxps://www.mojebanka.cz/jars/confwiz/MVSGif.cab
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\rt1t72aq.Evžík\
FF - prefs.js: browser.startup.homepage - hxxp://www.aviation-center-berlin.de/
FF - prefs.js: network.proxy.type - 4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-Adobe Acrobat Synchronizer - c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe
MSConfigStartUp-HPWH myPrintMileage Agent - c:\program files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-05 00:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOSAFEERASE02.00.00.01MSWINDOWS"="5A1B78E0D13C48DB7C5B499FB968B134B8C8B01A810E67BF2429D08150040CB6B5277696EF48126C6AF02AF172119B3EEDB1559DE7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794FEBC9E127BECC74CA2D97226D213B555D1326DFE32149DCA1CC9934B0A6BB6F0738257CB6C41D128A68BC7F900E329CD788F94B83C88566FA80E00855CEAEB81D3449F381E015EA79B296ACBE0BE3988A8781C42FDE52BB3F1CD65118A6BDC1C59CBE822CD681B9B21D8905CA19C4C0998EA2C488E82BA60B9DF5EBBC96DAD7A776964196BC051CD7104211D91316E4CF209FC3CBB98F44438C09B178352515B0E1157EF1FB4990F4039134035117ED25598DDD405479EB0980DDEF857629301F7DA183EC25563B232A6F540C3B532A1D104B1089E1051F9798900FD144A91330002135FE4987111DE236957A8FB8FC16DD7ED96F15AF8FB6D9BEA80C098BD3B66E64A72C8555A855426A287842772BEA3C61CFE1B6FD612FCCF1E26173FDB69DF0E51D9E3C60AEE944E6C9328598B2AE226DC07EA7EFE9F22D2AD530318888E939DCEBD6110BD32125B22049E1E5E978BF1DFB8661A5B894BF9BF32295DAF821EE301089EB309B53831B72520E2C2A0F3C5ECE0C3B8A7395C3B10315B2E13208F4EB769301BD2E4625BAF079EF863E166E45E10F2B3F49DAC31ED02A50D49456BF2D5545B12D5B16305A47D3C94C07BA0B4A01C91C92827079A3D9CC4E33B552987567F9BC89F0E7E7F4321D0512F93D5BD391D769E7ACBA9DAF3B8AA7C28B537E943E59E5495F0ED3FCDCD682A5650ABB03B7128B7780548F89FD5FB0820D2F2993DC7C6ACEB575E5D98A44282B0DF3BDDD239E37E03510A1FDC3692960A9AB1B9F9282AAEAE416F178D08519D10F3133BBDDA99434DB0099C60DFFB221FFEBB92404D151A3CB0384DA9213DA7963E35E2CDFEEF37E12AD564719CFA05EC764B10ECC28493472FC1847EDBE22CBC7A9812EA923E719DC6720D6BF9037F56FC9342EFD72CA4574608E63169511D4EE3A5AB0DC5106AB016D6533CCBBE341011B55CCD9F70374687FB3FF93D4ACF6B3A3B35440F278320266B1368270C2AA4344B379EF16E9E43850380A70E477D86C3AAD73228F6FCC30F92D188E5FBCE716E5F4E0FE8F38CD15876BD1BDA73C36949BBE28D8DA97E4AEA1EB444A753EF28497242DF63021CC69AA23149612DA32E16A6489F009992325553875E4C8D404ED3F8556386D0C74FEE49B63C278903457B1A1C48045926D0F1EFB8297C56D83FA15A7083B64A6FE7F49FD08F734FAA71CD381A77E32D0CD0E522DB8A208F34A6C772203C228D5965D64C2375527AC94C66179EB52D8CFAADD98BA7FEE6CF3287E092131E356C2D6D4070F535"
.
Celkový čas: 2012-10-05 00:19:31
ComboFix-quarantined-files.txt 2012-10-04 22:19
.
Před spuštěním: 1 331 101 696
Po spuštění: 3 511 578 624
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8F413D35BEF58E38FDB9A00841A609ED

Eset vypnutý opravdu nebyl. Nicméně CF mazal. Dorkbot je traojan backdoor, tzn. otevírá útočníkovi přístup do PC. Tyto trojani se obvykle přes mailový klient nešíří, pokud ho záměrně nepřiložím jako přílohu. Doporučuji ale změnit všechna hesla, která jsou v PC uložena.

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\Ask.com
c:\documents and settings\All Users\Data aplikací\Skype\Toolbars

Driver::
Skype C2C Service

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]

Regnull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.