Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

virus zaplaťte částku XYZ

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Brawler
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 10 kvě 2010 10:12

virus zaplaťte částku XYZ

#1 Příspěvek od Brawler »

Ahojte ...
Kamarádka mi celá zoufalá přinesla NTB s tím, že jí tam vyskakuje hláška o tom, že má někomu něco zplatit a ona nemůže nic dělat ...
Říkal jsem si že to bude ten "policejní" virus, ten už jsem jednou odstraňoval a myslím si že úspěšně, od té doby problém nebyl, ale tohle je asi nějaká novinka.
Po spuštění NTB vidím jen bílou obrazovku, občas něco šahá na disk, ale já NTB nijak neovládám, jen kurzor na bílém pozadí ...
NTB nejde spustit ani v jednom z nouzových režimů, začne se sice spouštět, ale pak dojde k samovolnému restartu ...

Vidíte nějakou možnost, jak NTB ještě oživit do provozuschopného stavu, abych ji nechal vykopírovat si co bude potřebovat, nebo je zle a mám NTB rozpitvat, zkusit data z disku vytáhnout a nahrnout tam systém znovu?
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: virus zaplaťte částku XYZ

#2 Příspěvek od vyosek »

Zdravim :)

Postupujte dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=130781
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Brawler
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 10 kvě 2010 10:12

Re: virus zaplaťte částku XYZ

#3 Příspěvek od Brawler »

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013
Ran by hp (administrator) on 21-08-2013 08:58:35
Running from D:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Lavasoft Limited ) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
() C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [353792 2009-12-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-30] (Google Inc.)
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\hp\AppData\Roaming\data.dat [65536 2011-11-17] () <==== ATTENTION
MountPoints2: {b625345b-7a1d-11df-85b5-806e6f6e6963} - D:\autorun.bat
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [NBKeyScan] - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * lsdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=centrum
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... F685F6AC98
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} http://91.187.49.242:8003/VatDec.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: ipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default
FF user.js: detected! => C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.centrum.cz/?utm_source=ch-toolbar&u ... paign=home
FF Keyword.URL: hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_39 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-20.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-21.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-22.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-23.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-24.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-25.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-26.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-27.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-28.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-29.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\searchplugins-backup
FF Extension: No Name - C:\Users\hp\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Visualisateur 3D de 20-20 - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\Extensions\2020Player@2020Technologies.com
FF Extension: Lišta Centrum.cz - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\Extensions\toolbar@centrumholdings.com
FF Extension: Garmin Communicator - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: No Name - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [1737728 2012-09-21] (Lavasoft Limited )
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG)
S2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S3 DCamUSBNovatek; C:\Windows\System32\Drivers\nvtcam.sys [2755072 2010-09-07] (Novatek)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] ()
S3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-07-03] ()
S3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-07-03] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-11-22] (Lavasoft AB)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-06-03] ()
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-06-04] (DEVGURU Co., LTD.(www.devguru.co.kr))

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-20 14:00 - 2013-08-21 08:52 - 00000408 _____ C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2013-08-17 19:03 - 2013-08-21 08:50 - 00000004 _____ C:\Users\hp\AppData\Roaming\settings.ini
2013-08-17 15:35 - 2013-08-17 15:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 12:02 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-16 12:02 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-16 12:02 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-16 12:02 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-16 12:02 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-16 12:02 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-16 12:02 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-16 12:02 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-16 12:02 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-16 12:02 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-16 12:02 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-16 12:02 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-16 12:02 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-16 12:02 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-16 12:02 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-16 12:02 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-16 12:02 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-16 12:02 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-16 12:02 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-16 12:02 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-16 12:02 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-16 12:02 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-16 12:02 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-16 12:02 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-16 12:02 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-16 12:02 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-16 12:02 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-16 12:02 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-16 12:02 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-16 12:02 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-16 12:02 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-16 10:31 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-16 10:31 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-16 10:30 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-16 10:30 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-16 10:30 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-16 10:30 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-16 10:30 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-16 10:30 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-16 10:30 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-16 10:30 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-16 10:29 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-16 10:29 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-16 10:29 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-16 10:29 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-16 10:29 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-16 10:28 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 09:32 - 2013-04-02 20:12 - 1026838528 _____ C:\Users\hp\Desktop\Nikdy-to-nevzdavej-DVDRip-CZ-(DD-5,1)-Petr3007.avi
2013-08-07 19:48 - 2013-08-17 17:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-08-05 19:20 - 2013-08-05 19:20 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-08-05 19:20 - 2013-08-05 19:20 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
2013-07-30 21:43 - 2013-08-01 21:35 - 621625273 _____ C:\Users\hp\Desktop\Půlnoc-v-zahradě-dobra-a-zla.AVI.part
2013-07-30 21:43 - 2013-07-30 21:44 - 00000000 _____ C:\Users\hp\Desktop\Půlnoc-v-zahradě-dobra-a-zla.AVI
2013-07-29 00:46 - 2013-08-16 11:45 - 00000000 ____D C:\Windows\system32\MRT

==================== One Month Modified Files and Folders =======

2013-08-21 08:52 - 2013-08-20 14:00 - 00000408 _____ C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2013-08-21 08:51 - 2011-02-15 08:27 - 00323004 _____ C:\aaw7boot.log
2013-08-21 08:50 - 2013-08-17 19:03 - 00000004 _____ C:\Users\hp\AppData\Roaming\settings.ini
2013-08-21 08:50 - 2012-05-27 18:55 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-21 08:50 - 2010-07-30 18:57 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-21 08:50 - 2010-06-17 16:52 - 01595247 _____ C:\Windows\WindowsUpdate.log
2013-08-20 20:35 - 2010-07-30 18:57 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-20 14:08 - 2009-07-14 06:45 - 00015824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 14:08 - 2009-07-14 06:45 - 00015824 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 14:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-20 14:00 - 2009-07-14 06:51 - 00159337 _____ C:\Windows\setupact.log
2013-08-20 13:58 - 2013-07-14 10:30 - 00003620 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2013-08-20 13:56 - 2011-07-03 10:00 - 00000064 _____ C:\Windows\SysWOW64\rp_stats.dat
2013-08-20 13:56 - 2011-07-03 10:00 - 00000044 _____ C:\Windows\SysWOW64\rp_rules.dat
2013-08-17 19:05 - 2012-05-05 10:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 19:05 - 2010-07-30 18:06 - 00018454 _____ C:\Windows\PFRO.log
2013-08-17 17:30 - 2013-08-07 19:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-08-17 15:37 - 2013-08-17 15:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 18:56 - 2010-09-08 20:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-16 18:56 - 2010-09-03 20:09 - 00000000 ____D C:\ProgramData\Skype
2013-08-16 11:48 - 2013-07-29 00:46 - 00000000 ____D C:\Windows\system32\MRT
2013-08-16 11:45 - 2010-07-31 23:51 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-16 11:37 - 2010-06-17 16:52 - 00000000 ___RD C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-05 19:20 - 2013-08-05 19:20 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg
2013-08-05 19:20 - 2013-08-05 19:20 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat
2013-08-01 21:35 - 2013-07-30 21:43 - 621625273 _____ C:\Users\hp\Desktop\Půlnoc-v-zahradě-dobra-a-zla.AVI.part
2013-08-01 01:13 - 2011-02-14 20:52 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-30 21:44 - 2013-07-30 21:43 - 00000000 _____ C:\Users\hp\Desktop\Půlnoc-v-zahradě-dobra-a-zla.AVI
2013-07-26 13:13 - 2013-06-29 13:17 - 00000000 ___RD C:\Users\hp\Desktop\Images
2013-07-26 07:13 - 2013-08-16 12:02 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-16 12:02 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-16 12:02 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-16 12:02 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-16 12:02 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-16 12:02 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-16 12:02 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-16 12:02 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-16 12:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-16 12:02 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-16 12:02 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-16 12:02 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-16 12:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-16 12:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-16 12:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-16 12:02 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-16 12:02 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-16 12:02 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-16 12:02 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-16 12:02 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-16 12:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-16 12:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-16 12:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-16 12:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-16 12:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-16 12:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-16 12:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-16 12:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-16 12:02 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-16 12:02 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-16 12:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 11:25 - 2013-08-16 10:29 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-16 10:29 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

Files to move or delete:
====================
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\Users\hp\AdbeRdr930_cs_CZ.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-14 22:58

==================== End Of Log ============================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: virus zaplaťte částku XYZ

#4 Příspěvek od vyosek »

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-30] (Google Inc.)
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1828136 2008-02-28] (Nero AG)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\hp\AppData\Roaming\data.dat [65536 2011-11-17] () <==== ATTENTION 
MountPoints2: {b625345b-7a1d-11df-85b5-806e6f6e6963} - D:\autorun.bat
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [NBKeyScan] - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-02-18] (Nero AG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=centrum
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=A92322DD-D3D5-4CA6-909B-A21EC925A625&apn_sauid=2E8D9660-7655-41BE-A62F-A6F685F6AC98
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: ipp - No CLSID Value - 
Handler: msdaipp - No CLSID Value -
Handler-x32: ipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value -
FF Homepage: hxxp://www.centrum.cz/?utm_source=ch-to ... paign=home
FF Keyword.URL: hxxp://search.icq.com/search/afe_result ... r=1.5.3&q=
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-20.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-21.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-22.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-23.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-24.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-25.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-26.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-27.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-28.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-29.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\searchplugins\searchplugins-backup
C:\ProgramData\wavav0bdtzbtb43b.bat
C:\ProgramData\wavav0bdtzbtb43b.reg
C:\Users\hp\AdbeRdr930_cs_CZ.exe
C:\Users\hp\AppData\Roaming\data.dat 
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny log na flashku k FRST
:arrow: Spustte znovu FRST.exe na tom poskozenem PC
  • Kliknete na Fix
  • Probehne oprava a na flash disku se vytvori log Fixlog.txt
:arrow: Pokuste se nastartovat do bezneho rezimu

:arrow: Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Brawler
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 10 kvě 2010 10:12

Re: virus zaplaťte částku XYZ

#5 Příspěvek od Brawler »

Logfile of random's system information tool 1.09 (written by random/random)
Run by hp at 2013-08-21 10:52:07
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 41 GB (14%) free of 305 GB
Total RAM: 3836 MB (70% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
"C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
"C:\Program Files\Apoint2K\Apoint.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Windows\WindowsMobile\wmdcBase.exe"
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Apoint2K\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
C:\Windows\system32\SearchIndexer.exe /Embedding
"Apntex.exe"
\??\C:\Windows\system32\conhost.exe "112386088-1098952652-1578756429-175126874616588171623221906493763308111323067984
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-c287841e-c2db-4e3d-8fed-e84984ebf3b6 -SystemEventPortName:HostProcess-cb56bee9-8b18-4e23-a5bf-df7627099e39 -IoCancelEventPortName:HostProcess-5b83b12f-d216-4be9-8097-af9342f4d6ec -NonStateChangingEventPortName:HostProcess-dbcebbba-2b5c-411e-86ee-97da20966f80 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c2aa8669-d556-4905-8a58-ff920a7016ef -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\wuauclt.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"D:\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "extensions.enabledItems" - "2020Player@2020Technologies.com:5.0.4.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.224 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39]
"Description"=
"Path"=C:\Windows\SysWOW64\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/McAfeeMssPlugin]
"Description"=McAfee Mss Plugin
"Path"=C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.224 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll

C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\vxqy5mb2.default\extensions\
2020Player@2020Technologies.com
toolbar@centrumholdings.com
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
{800b5000-a755-47e1-992b-48a1c1357f07}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-06-25 254032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-14 6311296]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [2013-02-05 94112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2013-01-15 330160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-25 192592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-14 4533120]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2013-01-15 59824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-06-25 254032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-25 192592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2009-12-08 353792]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 1281512]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 660360]

C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-08-21 10:52:08 ----D---- C:\Program Files\trend micro
2013-08-21 10:52:07 ----D---- C:\rsit
2013-08-21 08:58:16 ----D---- C:\FRST
2013-08-17 19:21:49 ----A---- C:\Windows\ntbtlog.txt
2013-08-17 19:03:33 ----A---- C:\Users\hp\AppData\Roaming\settings.ini
2013-08-17 15:35:54 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-08-16 12:02:41 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-08-16 12:02:40 ----A---- C:\Windows\system32\ieui.dll
2013-08-16 12:02:38 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-08-16 12:02:37 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-08-16 12:02:37 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-08-16 12:02:37 ----A---- C:\Windows\system32\iesetup.dll
2013-08-16 12:02:37 ----A---- C:\Windows\system32\iernonce.dll
2013-08-16 12:02:36 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-08-16 12:02:36 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-16 12:02:36 ----A---- C:\Windows\system32\ie4uinit.exe
2013-08-16 12:02:35 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-08-16 12:02:35 ----A---- C:\Windows\system32\iesysprep.dll
2013-08-16 12:02:34 ----A---- C:\Windows\system32\iertutil.dll
2013-08-16 12:02:31 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-08-16 12:02:31 ----A---- C:\Windows\system32\msfeeds.dll
2013-08-16 12:02:30 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-08-16 12:02:30 ----A---- C:\Windows\system32\jscript.dll
2013-08-16 12:02:28 ----A---- C:\Windows\system32\jscript9.dll
2013-08-16 12:02:27 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-08-16 12:02:26 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-08-16 12:02:25 ----A---- C:\Windows\system32\urlmon.dll
2013-08-16 12:02:23 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-08-16 12:02:23 ----A---- C:\Windows\system32\jsproxy.dll
2013-08-16 12:02:22 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-08-16 12:02:21 ----A---- C:\Windows\system32\wininet.dll
2013-08-16 12:02:19 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-08-16 12:02:17 ----A---- C:\Windows\system32\ieframe.dll
2013-08-16 12:02:15 ----A---- C:\Windows\system32\mshtml.dll
2013-08-16 12:02:10 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-08-16 10:31:31 ----A---- C:\Windows\SYSWOW64\tzres.dll
2013-08-16 10:31:31 ----A---- C:\Windows\system32\tzres.dll
2013-08-16 10:30:59 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2013-08-16 10:30:59 ----A---- C:\Windows\system32\crypt32.dll
2013-08-16 10:30:57 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2013-08-16 10:30:57 ----A---- C:\Windows\system32\wintrust.dll
2013-08-16 10:30:56 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2013-08-16 10:30:56 ----A---- C:\Windows\system32\cryptsvc.dll
2013-08-16 10:30:56 ----A---- C:\Windows\system32\cryptnet.dll
2013-08-16 10:30:55 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2013-08-16 10:29:43 ----A---- C:\Windows\system32\WMVDECOD.DLL
2013-08-16 10:29:42 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2013-08-16 10:29:39 ----A---- C:\Windows\system32\rpcrt4.dll
2013-08-16 10:29:38 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2013-08-16 10:29:36 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-08-16 10:28:30 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2013-08-07 19:48:18 ----D---- C:\Program Files (x86)\Mozilla Firefox.bak
2013-07-29 00:46:49 ----D---- C:\Windows\system32\MRT

======List of files/folders modified in the last 1 month======

2013-08-21 10:52:08 ----RD---- C:\Program Files
2013-08-21 10:48:07 ----D---- C:\Windows\Temp
2013-08-21 10:47:28 ----D---- C:\Windows\system32\Tasks
2013-08-21 10:47:24 ----D---- C:\Windows\Tasks
2013-08-21 10:45:10 ----HD---- C:\ProgramData
2013-08-21 08:58:19 ----D---- C:\Windows
2013-08-21 08:50:29 ----D---- C:\Windows\system32\config
2013-08-21 08:50:11 ----D---- C:\Windows\Microsoft.NET
2013-08-20 14:31:51 ----RSD---- C:\Windows\assembly
2013-08-17 21:41:32 ----SHD---- C:\System Volume Information
2013-08-17 19:05:22 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 17:30:41 ----RD---- C:\Program Files (x86)
2013-08-16 18:56:44 ----SHD---- C:\Windows\Installer
2013-08-16 18:56:38 ----HD---- C:\Config.Msi
2013-08-16 18:56:25 ----D---- C:\ProgramData\Skype
2013-08-16 18:56:10 ----RD---- C:\Program Files (x86)\Skype
2013-08-16 18:55:42 ----D---- C:\Windows\winsxs
2013-08-16 18:52:10 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-08-16 18:52:10 ----D---- C:\Windows\SysWOW64
2013-08-16 18:52:10 ----D---- C:\Windows\system32\cs-CZ
2013-08-16 18:52:10 ----D---- C:\Windows\System32
2013-08-16 18:52:08 ----D---- C:\Program Files (x86)\Internet Explorer
2013-08-16 18:52:06 ----D---- C:\Program Files\Internet Explorer
2013-08-16 18:52:03 ----D---- C:\Windows\system32\drivers
2013-08-16 12:03:11 ----D---- C:\Windows\system32\catroot2
2013-08-16 12:03:08 ----D---- C:\Windows\system32\catroot
2013-08-16 11:45:31 ----A---- C:\Windows\system32\MRT.exe
2013-08-05 22:08:34 ----D---- C:\Windows\inf
2013-08-05 22:08:33 ----D---- C:\Windows\system32\DriverStore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2010-11-22 69152]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-01-20 230320]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2009-11-13 276016]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-09-22 1484800]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504]
R3 DCamUSBNovatek;USB2.0 UVC Camera; C:\Windows\System32\Drivers\nvtcam.sys [2010-09-07 2755072]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-06-03 15416]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-06-04 103448]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\SysWOW64\FsUsbExDisk.SYS [2013-03-20 37344]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-07-03 17152]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-06-04 203672]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudserd.sys [2013-06-04 203672]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\drivers\usb8023x.sys [2013-02-12 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-09-21 1737728]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 22056]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-08-14 3291008]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13 256904]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 135664]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-11 194032]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-08-17 117656]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-31 1255736]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: virus zaplaťte částku XYZ

#6 Příspěvek od vyosek »

Tak jeste uklidime :James008:

:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Brawler
Návštěvník
Návštěvník
Příspěvky: 102
Registrován: 10 kvě 2010 10:12

Re: virus zaplaťte částku XYZ

#7 Příspěvek od Brawler »

Projeto všemi těmi udělátky ...
Vypadá to v cajku, díky za pomoc a záchranu dat!!
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: virus zaplaťte částku XYZ

#8 Příspěvek od vyosek »

Nemate zac, rad jsem pomohl :worship: Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat :lock:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“