VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Problém s viry. Bit Coiner, Dropper - gen

https://forum.viry.cz:443/viewtopic.php?t=138798

Stránka 1 z 1

Problém s viry. Bit Coiner, Dropper - gen

Napsal: 27 čer 2014 09:21
od Wraith
Dobrý den, včera na mě vystartovalo upozornění při spouštění aplikace o přítomnosti viru. Dlouhodobě ověřená aplikace, která z ničeho nic obsahuje virus. Kontrola Avastu ukázala Dropper - gen ve složce Sound Volume Information, po 15ti minutách Bit Coiner v systému... Pokud mi nějakým způsobem poradíte, snažte se "po lopatě" aby nedošlo k nedorozumění.. Předem děkuji :(

Re: Problém s viry. Bit Coiner, Dropper - gen

Napsal: 27 čer 2014 09:42
od Wraith
Přikládám RSIT log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by admin at 2014-06-27 10:13:36
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (19%) free of 70 GB
Total RAM: 2047 MB (64% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\update-S-1-5-21-1292428093-1965331169-682003330-1006.job
C:\WINDOWS\tasks\update-sys.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-11-20 606544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-11-20 606544]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-10 16861184]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-11-20 3568312]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"LogMeIn Hamachi Ui"=D:\Programy\Hamachi\hamachi-2-ui.exe [2014-06-23 3816272]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=D:\DAEMON Tools Lite\DTLite.exe [2012-08-28 3671904]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-11-18 20587168]
"LightShot"=C:\Documents and Settings\admin\Local Settings\Data aplikací\Skillbrains\lightshot\Lightshot.exe [2014-03-06 226592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
D:\samsung\NPSAgent.exe [2009-05-13 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
D:\Program Files\ICQ7.7\ICQ.exe [2012-01-23 127040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
C:\Program Files\Samsung\Kies\KiesHelper.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
D:\Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mncgtghxgSrv]
C:\WINDOWS\inf\mncgtghxg.vbe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSStp]
C:\WINDOWS\system32\msstp.vbe [2014-01-19 1419]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPSStartup]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate]
D:\Program Files\Zoner Photo Studio - 16.0.1.2 Pro CZ + Aktivator\Photo Studio 16\Program32\ZPSTRAY.EXE [2013-09-16 800280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16]
D:\Program Files\Zoner Photo Studio - 16.0.1.2 Pro CZ + Aktivator\Photo Studio 16\Program32\ZPSTRAY.EXE [2013-09-16 800280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Steam Client Service"=3
"Bonjour Service"=2
"Autodesk Content Service"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Documents and Settings\admin\Dokumenty\Stažené soubory\skype-100-funkcni-cz.exe"="C:\Documents and Settings\admin\Dokumenty\Stažené soubory\skype-100-funkcni-cz.exe:*:Enabled:skype-100-funkcni-cz"
"C:\Documents and Settings\admin\Plocha\Skype.exe"="C:\Documents and Settings\admin\Plocha\Skype.exe:*:Enabled:Skype"
"D:\Samsung\npsasvr.exe"="D:\Samsung\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"D:\Samsung\npsvsvr.exe"="D:\Samsung\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"D:\Program Files\ICQ7.7\ICQ.exe"="D:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"
"D:\FlatOut2\FlatOut2.exe"="D:\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Java\jre7\bin\javaw.exe"="C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\ FAR CRY 2\bin\FarCry2.exe"="D:\ FAR CRY 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"D:\ FAR CRY 2\bin\FC2Launcher.exe"="D:\ FAR CRY 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"D:\ FAR CRY 2\bin\FC2Editor.exe"="D:\ FAR CRY 2\bin\FC2Editor.exe:*:Enabled:Editor"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Metin2\metin2client.bin"="D:\Metin2\metin2client.bin:*:Enabled:Metin2Client"
"D:\DeadIsland\Steam.exe"="D:\DeadIsland\Steam.exe:*:Enabled:Steam"
"D:\Dead Island\Dead Island\deadislandgame.exe"="D:\Dead Island\Dead Island\deadislandgame.exe:*:Enabled:DeadIsland"
"D:\WorldOfTanks\WoTLauncher.exe"="D:\WorldOfTanks\WoTLauncher.exe:*:Enabled:World of Tanks Launcher"
"D:\WorldOfTanks\WorldOfTanks.exe"="D:\WorldOfTanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"D:\Dishonered\Binaries\Win32\Dishonored.exe"="D:\Dishonered\Binaries\Win32\Dishonored.exe:*:Enabled:Dishonored"
"D:\Dishonored\Binaries\Win32\Dishonored.exe"="D:\Dishonored\Binaries\Win32\Dishonored.exe:*:Enabled:Dishonored"
"D:\quake3.exe"="D:\quake3.exe:*:Enabled:quake3"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Metin2 Sindicate\client.bin"="D:\Metin2 Sindicate\client.bin:*:Enabled:client"
"D:\AgeOfEmpires\empires2.exe"="D:\AgeOfEmpires\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\Java\jre7\bin\java.exe"="C:\Program Files\Java\jre7\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Test Drive Unlimited\TestDriveUnlimited.exe"="D:\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"D:\Valve\hl.exe"="D:\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\admin\Local Settings\Temp\DSOClient\dlcache\app.n3app"="C:\Documents and Settings\admin\Local Settings\Temp\DSOClient\dlcache\app.n3app:*:Enabled:Drakensang Online"
"C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe"="C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP (HP Deskjet 3520 series)"
"C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Síťový komunikační program HP (HP Deskjet 3520 series)"
"D:\AgeofEmpires Conquerors\Age Of Empires 2 CZ!!!!\age2_x1.exe"="D:\AgeofEmpires Conquerors\Age Of Empires 2 CZ!!!!\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"D:\uTorrent\uTorrent.exe"="D:\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Counter-Strike 1.6\csko.exe"="D:\Counter-Strike 1.6\csko.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\admin\Plocha\uTorrent.exe"="C:\Documents and Settings\admin\Plocha\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\EasySetupAssistant\wr841n\EasySetupAssistant.exe"="E:\EasySetupAssistant\wr841n\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant"
"D:\World_of_Tanks\WoTLauncher.exe"="D:\World_of_Tanks\WoTLauncher.exe:*:Enabled:World of Tanks Launcher"
"D:\Metin2 Sindicate\game.exe"="D:\Metin2 Sindicate\game.exe:*:Enabled:game"
"D:\Counter-Strike 1.6\hl.exe"="D:\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Hry\Far_Cry_2\bin\farcry2.exe"="D:\Hry\Far_Cry_2\bin\farcry2.exe:*:Enabled:Far Cry® 2"
"D:\Hry\Age of Empires - Conquerors\Age Of Empires 2 CZ!!!!\age2_x1.exe"="D:\Hry\Age of Empires - Conquerors\Age Of Empires 2 CZ!!!!\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"D:\Hry\Age of Empires - Conquerors\Age Of Empires 2 CZ!!!!\empires2.exe"="D:\Hry\Age of Empires - Conquerors\Age Of Empires 2 CZ!!!!\empires2.exe:*:Enabled:Age of Empires II"
"D:\Hry\CoD - Modern Warfare\iw3mp.exe"="D:\Hry\CoD - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"D:\Hry\World_of_Tanks\WOTLauncher.exe"="D:\Hry\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"D:\Hry\World_of_Tanks\WorldOfTanks.exe"="D:\Hry\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\ICQ7.7\ICQ.exe"="D:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f72e8a83-fe65-11e1-98bd-002421f0d638}]
shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
shell\dinstall\command - F:\Directx\dxsetup.exe


======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2014-06-22 23:01:38 ----D---- C:\Documents and Settings\admin\Data aplikací\Notepad++
2014-06-11 08:26:58 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 months======

2014-06-27 10:13:37 ----D---- C:\Program Files\trend micro
2014-06-27 10:01:25 ----D---- C:\WINDOWS\Temp
2014-06-27 09:59:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-06-27 09:59:24 ----D---- C:\WINDOWS\system32\drivers
2014-06-27 09:54:41 ----RD---- C:\Program Files
2014-06-27 09:44:35 ----D---- C:\WINDOWS\Prefetch
2014-06-27 00:38:43 ----D---- C:\Documents and Settings\admin\Data aplikací\Skype
2014-06-27 00:35:56 ----HD---- C:\WINDOWS\inf
2014-06-27 00:14:04 ----D---- C:\WINDOWS
2014-06-27 00:10:59 ----SHD---- C:\System Volume Information
2014-06-27 00:10:59 ----D---- C:\WINDOWS\system32\Restore
2014-06-26 23:48:41 ----D---- C:\Documents and Settings\admin\Data aplikací\.minecraft
2014-06-25 10:37:03 ----SHD---- C:\WINDOWS\Installer
2014-06-25 04:06:02 ----D---- C:\WINDOWS\system32\CatRoot2
2014-06-24 21:06:23 ----D---- C:\Documents and Settings\admin\Data aplikací\GHISLER
2014-06-21 16:52:11 ----D---- C:\WINDOWS\Microsoft.NET
2014-06-21 13:32:06 ----D---- C:\Documents and Settings\admin\Data aplikací\TS3Client
2014-06-21 13:01:39 ----D---- C:\WINDOWS\system32
2014-06-21 13:01:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-21 13:01:29 ----RSD---- C:\WINDOWS\assembly
2014-06-21 13:01:24 ----D---- C:\WINDOWS\WinSxS
2014-06-16 21:36:05 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2014-06-15 17:17:59 ----D---- C:\Documents and Settings\admin\Data aplikací\vlc
2014-06-14 13:01:45 ----D---- C:\WINDOWS\system32\MRT
2014-06-14 13:01:44 ----D---- C:\WINDOWS\Debug
2014-06-14 13:01:03 ----A---- C:\WINDOWS\system32\MRT.exe
2014-06-11 17:49:05 ----D---- C:\Program Files\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 aswRdr;aswRdr; \??\C:\WINDOWS\system32\drivers\aswRdr.sys []
R1 aswSnx;aswSnx; \??\C:\WINDOWS\system32\drivers\aswSnx.sys []
R1 aswSP;aswSP; \??\C:\WINDOWS\system32\drivers\aswSP.sys []
R1 aswTdi;aswTdi; \??\C:\WINDOWS\system32\drivers\aswTdi.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-09-14 242240]
R2 aswFsBlk;aswFsBlk; \??\C:\WINDOWS\system32\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 Dokan;Dokan; \??\C:\WINDOWS\system32\drivers\dokan.sys []
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2013-02-08 12648960]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-31 117888]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2009-03-18 30336]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\WINDOWS\System32\Drivers\ssadadb.sys [2010-12-21 30312]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2011-02-18 66112]
S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2010-12-21 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2010-12-21 123648]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\ssadserd.sys [2011-01-03 114152]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2013-02-12 12928]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WinUSB;WinUSB Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S3 ZSMC303;VIMICRO USB PC Camera (ZC0301PLH); C:\WINDOWS\System32\Drivers\usbVM303.sys [2007-02-02 389788]
S4 aswKbd;aswKbd; \??\C:\WINDOWS\system32\drivers\aswKbd.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-20 50344]
R2 DokanMounter;DokanMounter; C:\Program Files\Dokan\DokanLibrary\mounter.exe [2011-01-10 25088]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-05-11 233472]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; D:\Programy\Hamachi\hamachi-2.exe [2014-06-23 1889616]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 97432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-12-18 182696]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-08 2253120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2014-05-18 66872]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-09 3275136]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-08 136176]
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-10-08 298304]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15 257712]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-10-02 1044816]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-08 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-11 119408]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 756392]
S4 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe []
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]

-----------------EOF-----------------

Re: Problém s viry. Bit Coiner, Dropper - gen

Napsal: 27 čer 2014 10:18
od vyosek
Zdravim :)

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
:arrow: Udelejte MBAM dle tohoto http://forum.viry.cz/viewtopic.php?f=29&t=137928

Re: Problém s viry. Bit Coiner, Dropper - gen

Napsal: 27 čer 2014 10:45
od Wraith
# AdwCleaner v3.213 - Report created 27/06/2014 at 11:39:37
# Updated 23/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : admin - SYSTEM-A2
# Running from : C:\Documents and Settings\admin\Dokumenty\Stažené soubory\adwcleaner_3.213.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Ask
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\Skillbrains
Folder Deleted : C:\Documents and Settings\admin\Local Settings\Data aplikací\Skillbrains
Folder Deleted : C:\Documents and Settings\admin\Data aplikací\Iminent
Folder Deleted : C:\Documents and Settings\PC\Local Settings\Data aplikací\AskToolbar
Folder Deleted : C:\Documents and Settings\PC\Data aplikací\Iminent
Folder Deleted : C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\iuu9bubj.default\Extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com
Folder Deleted : C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\iuu9bubj.default\Extensions\staged\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com
File Deleted : C:\DOCUME~1\admin\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\admin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
File Deleted : C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\jlwz9t4c.default-1377018778734\searchplugins\bingp.xml
File Deleted : C:\WINDOWS\Tasks\update-sys.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Samsung\npsasvr.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Samsung\npsvsvr.exe]
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\SkillBrains
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\SkillBrains
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v30.0 (cs)

[ File : C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\jlwz9t4c.default-1377018778734\prefs.js ]


[ File : C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\iuu9bubj.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.asyncdb.rules.value", "%5B%5B%22%5E%28www.%29%3F%28bet365.com%29%24%22%2C%22hxxp%3A//s.mgkaxjfwfc.[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.js", "\n\n /************************************************************************************\[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_122.code", "if(!(/^hxxps\\:\\/\\//.test(document.location.href))){appAPI.dom.addRem[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_137.code", "(function() {\n function injectScript(geo) {\n var prot = window.locat[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_31.code", "if (!appAPI.monetize || appAPI.monetize.isNeedToRun(\"monitzation_80\"))[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Deleted : user_pref("extensions.crossrider.bic", "14277029866bf68a4653c17e82b01784");
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&locale=en_EU&apn_uid=558448A9-CC68-4238-B89C-2BE0860C92B0&apn_ptnrs=U3&apn_sauid=A582A7B7-7F43-4607-A443[...]

-\\ Google Chrome v35.0.1916.153

[ File : C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\PC\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13577 octets] - [27/06/2014 11:37:40]
AdwCleaner[S0].txt - [13603 octets] - [27/06/2014 11:39:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13664 octets] ##########

Re: Problém s viry. Bit Coiner, Dropper - gen

Napsal: 27 čer 2014 10:47
od Wraith
Při instalaci MBAM vyskočí celkem 3 okna s chybou, číslem a run time.. nelze spustit

Re: Problém s viry. Bit Coiner, Dropper - gen

Napsal: 27 čer 2014 10:57
od vyosek
Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Re: Problém s viry. Bit Coiner, Dropper - gen

Napsal: 27 čer 2014 11:04
od Wraith
při otevření http://vyosek.tym.cz/pro_usery/FRSTLauncher.exe avast zablokoval virus? :D je to možné?

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-06-2014
Ran by admin (administrator) on SYSTEM-A2 on 27-06-2014 12:01:26
Running from C:\Documents and Settings\admin\Dokumenty\Stažené soubory
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) D:\Programy\Hamachi\hamachi-2-ui.exe
(DT Soft Ltd) D:\DAEMON Tools Lite\DTLite.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\Dokan\DokanLibrary\mounter.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(LogMeIn, Inc.) D:\Programy\Hamachi\LMIGuardianSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
() C:\WINDOWS\system32\PnkBstrA.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(LogMeIn Inc.) D:\Programy\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Programy\Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16861184 2008-04-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-20] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => D:\Programy\Hamachi\hamachi-2-ui.exe [3816272 2014-06-23] (LogMeIn Inc.)
HKU\S-1-5-21-1292428093-1965331169-682003330-1006\...\Run: [DAEMON Tools Lite] => D:\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-1292428093-1965331169-682003330-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.)
HKU\S-1-5-21-1292428093-1965331169-682003330-1006\...\Run: [LightShot] => C:\Documents and Settings\admin\Local Settings\Data aplikací\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
HKU\S-1-5-21-1292428093-1965331169-682003330-1006\...\MountPoints2: {f72e8a83-fe65-11e1-98bd-002421f0d638} - F:\setup\rsrc\Autorun.exe
Startup: C:\Documents and Settings\PC\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
URLSearchHook: HKCU - (No Name) - {95289393-33EA-4F8D-B952-483415B9C955} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - E478E738E0594F9CAB782E50909E5983 URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {CD6A975A-A823-49CD-8B23-3D6E77641E29} URL = http://websearch.ask.com/redirect?clien ... B8B43BC1E3
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\jlwz9t4c.default-1377018778734
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.seznam.cz/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-16]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: http://www.bing.com/search?q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-08-04]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-20] (AVAST Software)
S4 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 DokanMounter; C:\Program Files\Dokan\DokanLibrary\mounter.exe [25088 2011-01-10] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-10-02] (Flexera Software, Inc.)
R2 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [233472 2009-05-11] (Teruten) [File not signed]
R2 Hamachi2Svc; D:\Programy\Hamachi\hamachi-2.exe [1889616 2014-06-23] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] () [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120 2011-10-08] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [66872 2014-05-18] ()
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R2 Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-06-19] (Advanced Micro Devices) [File not signed]
R2 aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [35656 2013-11-20] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2013-11-20] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-11-20] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2013-11-20] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [774392 2013-11-20] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [403440 2013-11-20] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-11-20] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [178304 2013-11-20] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 Dokan; C:\WINDOWS\system32\drivers\dokan.sys [91904 2011-01-10] (Windows (R) Win 7 DDK provider) [File not signed]
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2012-09-14] (DT Soft Ltd)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2009-05-11] () [File not signed]
R3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 sfhlp02; C:\WINDOWS\System32\drivers\sfhlp02.sys [6656 2005-05-16] (Protection Technology) [File not signed]
R0 sfsync02; C:\WINDOWS\System32\drivers\sfsync02.sys [19968 2006-02-21] (Protection Technology) [File not signed]
S3 ss_bbus; C:\WINDOWS\System32\DRIVERS\ss_bbus.sys [98432 2010-12-21] (MCCI)
S3 ss_bmdfl; C:\WINDOWS\System32\DRIVERS\ss_bmdfl.sys [14848 2010-12-21] (MCCI Corporation)
S3 ss_bmdm; C:\WINDOWS\System32\DRIVERS\ss_bmdm.sys [123648 2010-12-21] (MCCI Corporation)
S3 ZSMC303; C:\WINDOWS\System32\Drivers\usbVM303.sys [389788 2007-02-02] (Vimicro Corporation) [File not signed]
U4 aswKbd; \??\C:\WINDOWS\system32\drivers\aswKbd.sys [X]
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-27 12:00 - 2014-06-27 12:01 - 00000000 ____D () C:\FRST
2014-06-27 11:46 - 2014-06-27 11:46 - 00000777 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2014-06-27 11:46 - 2014-06-27 11:46 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes Anti-Malware
2014-06-27 11:45 - 2014-06-27 11:46 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-27 11:45 - 2014-06-27 11:45 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-06-27 11:45 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-27 11:45 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-27 11:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-06-27 11:36 - 2014-06-27 11:39 - 00000000 ____D () C:\AdwCleaner
2014-06-27 00:14 - 2014-06-27 00:14 - 00000060 _____ () C:\WINDOWS\setupact.log
2014-06-27 00:14 - 2014-06-27 00:14 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-06-26 23:39 - 2014-06-26 23:39 - 00027438 ____H () C:\treeinfo.wc
2014-06-26 23:24 - 2014-06-26 23:24 - 00016821 _____ () C:\Documents and Settings\admin\Plocha\ChestCommands-BB.rar
2014-06-26 18:52 - 2014-06-26 22:20 - 00011406 _____ () C:\Documents and Settings\admin\Plocha\Plná moc k přepisu vozidla.odt
2014-06-26 17:55 - 2014-06-26 17:59 - 00000000 ____D () C:\Documents and Settings\admin\Plocha\ChestCommands-Kity
2014-06-25 01:27 - 2014-06-25 01:28 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\LogMeIn Hamachi
2014-06-24 23:59 - 2014-06-24 23:59 - 00000000 ____D () C:\Documents and Settings\admin\Plocha\Nová složka
2014-06-24 22:12 - 2014-06-25 00:27 - 00001611 _____ () C:\Documents and Settings\admin\Plocha\Pravidla.txt
2014-06-22 23:01 - 2014-06-22 23:08 - 00000000 ____D () C:\Documents and Settings\admin\Data aplikací\Notepad++
2014-06-22 23:01 - 2014-06-22 23:01 - 00000615 _____ () C:\Documents and Settings\admin\Plocha\Notepad++.lnk
2014-06-22 23:01 - 2014-06-22 23:01 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Notepad++
2014-06-22 23:01 - 2014-06-22 23:01 - 00000000 ____D () C:\Documents and Settings\admin\Nabídka Start\Programy\Notepad++
2014-06-17 20:57 - 2014-06-17 20:57 - 00335360 _____ () C:\Documents and Settings\admin\Plocha\Vestibul.ppt
2014-06-14 18:05 - 2014-06-27 11:42 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Data aplikací\LogMeIn Hamachi
2014-06-11 08:26 - 2014-06-11 08:27 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-02 22:01 - 2014-06-02 22:01 - 00000000 ____D () C:\Documents and Settings\NetworkService\Nabídka Start\Programy
2014-06-02 22:01 - 2014-06-02 22:01 - 00000000 ____D () C:\Documents and Settings\NetworkService\Nabídka Start
2014-05-30 22:03 - 2014-05-30 22:03 - 00000000 _____ () C:\Documents and Settings\admin\Plocha\Nový objekt - Textový dokument (2).txt
2014-05-30 21:57 - 2014-05-30 21:57 - 00000556 _____ () C:\Documents and Settings\admin\Plocha\EVEREST Ultimate Edition.lnk
2014-05-30 21:57 - 2014-05-30 21:57 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Lavalys
2014-05-30 15:41 - 2014-05-30 15:41 - 00000533 _____ () C:\Documents and Settings\admin\Plocha\Fraps.lnk
2014-05-30 15:41 - 2014-05-30 15:41 - 00000000 ____D () C:\Documents and Settings\admin\Nabídka Start\Programy\Fraps
2014-05-30 10:26 - 2014-05-30 10:32 - 116106267 _____ () C:\Documents and Settings\admin\Plocha\Hrdina-počítačový-hry-jde-do-světa.zip

==================== One Month Modified Files and Folders =======

2014-06-27 12:02 - 2011-12-08 18:39 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Temp
2014-06-27 12:01 - 2014-06-27 12:00 - 00000000 ____D () C:\FRST
2014-06-27 12:01 - 2011-12-08 19:13 - 00000000 ____D () C:\Documents and Settings\admin\Dokumenty\Stažené soubory
2014-06-27 11:47 - 2012-07-20 17:49 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-06-27 11:46 - 2014-06-27 11:46 - 00000777 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2014-06-27 11:46 - 2014-06-27 11:46 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes Anti-Malware
2014-06-27 11:46 - 2014-06-27 11:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-27 11:46 - 2012-09-26 18:04 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-27 11:46 - 2011-12-07 19:54 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-06-27 11:46 - 2011-12-07 19:54 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-06-27 11:45 - 2014-06-27 11:45 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-06-27 11:45 - 2011-12-07 19:54 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-06-27 11:44 - 2011-12-07 19:07 - 01609725 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-27 11:42 - 2014-06-14 18:05 - 00000000 ____D () C:\Documents and Settings\admin\Local Settings\Data aplikací\LogMeIn Hamachi
2014-06-27 11:42 - 2012-07-01 21:45 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2014-06-27 11:42 - 2011-12-07 20:00 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-27 11:42 - 2011-12-07 20:00 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-27 11:41 - 2014-03-23 13:13 - 00000222 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-06-27 11:41 - 2011-12-08 17:58 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-27 11:41 - 2011-12-07 19:12 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-27 11:40 - 2011-12-08 18:39 - 00000178 ___SH () C:\Documents and Settings\admin\ntuser.ini
2014-06-27 11:40 - 2011-12-07 19:12 - 00032480 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-27 11:39 - 2014-06-27 11:36 - 00000000 ____D () C:\AdwCleaner
2014-06-27 11:39 - 2012-01-02 13:14 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\ICQ
2014-06-27 11:39 - 2011-12-08 18:39 - 00000000 __RHD () C:\Documents and Settings\admin\Data aplikací
2014-06-27 11:39 - 2011-12-08 18:39 - 00000000 ___HD () C:\Documents and Settings\admin\Local Settings\Data aplikací
2014-06-27 11:39 - 2011-12-08 17:14 - 00000178 ___SH () C:\Documents and Settings\UpdatusUser\ntuser.ini
2014-06-27 11:39 - 2011-12-08 00:59 - 00000000 __RHD () C:\Documents and Settings\PC\Data aplikací
2014-06-27 11:39 - 2011-12-08 00:59 - 00000000 ___HD () C:\Documents and Settings\PC\Local Settings\Data aplikací
2014-06-27 11:32 - 2011-12-08 17:58 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-27 11:01 - 2011-12-08 19:20 - 00000000 ____D () C:\Documents and Settings\admin\Data aplikací\Skype
2014-06-27 10:13 - 2013-11-20 15:39 - 00000000 ____D () C:\Program Files\trend micro
2014-06-27 10:10 - 2013-08-11 17:10 - 00000452 _____ () C:\WINDOWS\Tasks\At1.job
2014-06-27 09:22 - 2013-12-24 18:46 - 00000376 _____ () C:\WINDOWS\Tasks\update-S-1-5-21-1292428093-1965331169-682003330-1006.job
2014-06-27 09:11 - 2012-05-13 18:46 - 00000000 ____D () C:\Documents and Settings\admin\Plocha\David
2014-06-27 09:11 - 2011-12-08 18:39 - 00000000 ____D () C:\Documents and Settings\admin\Plocha
2014-06-27 00:14 - 2014-06-27 00:14 - 00000060 _____ () C:\WINDOWS\setupact.log
2014-06-27 00:14 - 2014-06-27 00:14 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-06-27 00:10 - 2011-12-07 19:06 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-06-26 23:48 - 2013-07-06 20:53 - 00000000 ____D () C:\Documents and Settings\admin\Data aplikací\.minecraft
2014-06-26 23:48 - 2011-12-08 18:39 - 00000000 ___RD () C:\Documents and Settings\admin\Nabídka Start\Programy
2014-06-26 23:39 - 2014-06-26 23:39 - 00027438 ____H () C:\treeinfo.wc
2014-06-26 23:24 - 2014-06-26 23:24 - 00016821 _____ () C:\Documents and Settings\admin\Plocha\ChestCommands-BB.rar
2014-06-26 22:20 - 2014-06-26 18:52 - 00011406 _____ () C:\Documents and Settings\admin\Plocha\Plná moc k přepisu vozidla.odt
2014-06-26 20:40 - 2013-08-11 17:10 - 00000452 _____ () C:\WINDOWS\Tasks\At2.job
2014-06-26 19:59 - 2012-03-20 15:12 - 00002283 _____ () C:\Documents and Settings\All Users\Plocha\Skype.lnk
2014-06-26 17:59 - 2014-06-26 17:55 - 00000000 ____D () C:\Documents and Settings\admin\Plocha\ChestCommands-Kity
2014-06-26 17:10 - 2013-08-11 17:10 - 00000452 _____ () C:\WINDOWS\Tasks\At3.job
2014-06-26 14:00 - 2013-08-11 17:10 - 00000452 _____ () C:\WINDOWS\Tasks\At4.job
2014-06-25 01:28 - 2014-06-25 01:27 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\LogMeIn Hamachi
2014-06-25 01:28 - 2014-05-17 23:35 - 00011620 _____ () C:\WINDOWS\setupapi.log
2014-06-25 00:27 - 2014-06-24 22:12 - 00001611 _____ () C:\Documents and Settings\admin\Plocha\Pravidla.txt
2014-06-24 23:59 - 2014-06-24 23:59 - 00000000 ____D () C:\Documents and Settings\admin\Plocha\Nová složka
2014-06-24 21:06 - 2011-12-08 18:42 - 00000000 ____D () C:\Documents and Settings\admin\Data aplikací\GHISLER
2014-06-22 23:08 - 2014-06-22 23:01 - 00000000 ____D () C:\Documents and Settings\admin\Data aplikací\Notepad++
2014-06-22 23:01 - 2014-06-22 23:01 - 00000615 _____ () C:\Documents and Settings\admin\Plocha\Notepad++.lnk
2014-06-22 23:01 - 2014-06-22 23:01 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Notepad++
2014-06-22 23:01 - 2014-06-22 23:01 - 00000000 ____D () C:\Documents and Settings\admin\Nabídka Start\Programy\Notepad++
2014-06-22 22:59 - 2011-12-11 19:24 - 00342528 ___SH () C:\Documents and Settings\admin\Plocha\Thumbs.db
2014-06-22 12:34 - 2008-04-14 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-21 16:52 - 2012-02-02 19:51 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-06-21 13:32 - 2012-09-28 16:37 - 00000000 ____D () C:\Documents and Settings\admin\Data aplikací\TS3Client
2014-06-21 13:01 - 2011-12-07 19:54 - 01231878 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-17 20:57 - 2014-06-17 20:57 - 00335360 _____ () C:\Documents and Settings\admin\Plocha\Vestibul.ppt
2014-06-17 16:24 - 2012-09-14 14:47 - 00000565 _____ () C:\Documents and Settings\All Users\Plocha\DAEMON Tools Lite.lnk
2014-06-16 21:36 - 2014-05-17 23:34 - 00022328 _____ () C:\WINDOWS\system32\Drivers\PnkBstrK.sys
2014-06-16 21:36 - 2012-05-14 13:17 - 00103736 _____ () C:\WINDOWS\system32\PnkBstrB.exe
2014-06-15 17:17 - 2011-12-08 18:49 - 00000000 ____D () C:\Documents and Settings\admin\Data aplikací\vlc
2014-06-14 13:04 - 2013-07-27 13:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-14 13:01 - 2012-02-23 13:34 - 92708840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-13 22:28 - 2011-12-08 17:59 - 00001813 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2014-06-12 23:17 - 2011-12-10 20:46 - 00085504 _____ () C:\Documents and Settings\admin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-12 17:54 - 2012-02-17 00:46 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-06-12 13:30 - 2013-01-07 00:42 - 00000000 ___RD () C:\Documents and Settings\admin\Plocha\Hry
2014-06-11 17:49 - 2012-04-25 09:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-11 08:27 - 2014-06-11 08:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-08 15:06 - 2014-03-23 13:13 - 00000216 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-06-06 21:14 - 2014-05-17 22:19 - 00000000 ____D () C:\Documents and Settings\admin\Plocha\CALL-OF-DUTY-4-Modern-Warfare+(CZ).L79
2014-06-03 09:32 - 2013-12-24 18:46 - 00000502 _____ () C:\Documents and Settings\admin\Local Settings\Data aplikací\UserProducts.xml
2014-06-03 09:14 - 2013-12-24 18:45 - 00000000 ____D () C:\Documents and Settings\admin\Nabídka Start\Programy\LightShot
2014-06-02 22:01 - 2014-06-02 22:01 - 00000000 ____D () C:\Documents and Settings\NetworkService\Nabídka Start\Programy
2014-06-02 22:01 - 2014-06-02 22:01 - 00000000 ____D () C:\Documents and Settings\NetworkService\Nabídka Start
2014-06-02 22:01 - 2011-12-07 19:11 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-05-30 22:03 - 2014-05-30 22:03 - 00000000 _____ () C:\Documents and Settings\admin\Plocha\Nový objekt - Textový dokument (2).txt
2014-05-30 21:57 - 2014-05-30 21:57 - 00000556 _____ () C:\Documents and Settings\admin\Plocha\EVEREST Ultimate Edition.lnk
2014-05-30 21:57 - 2014-05-30 21:57 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Lavalys
2014-05-30 15:41 - 2014-05-30 15:41 - 00000533 _____ () C:\Documents and Settings\admin\Plocha\Fraps.lnk
2014-05-30 15:41 - 2014-05-30 15:41 - 00000000 ____D () C:\Documents and Settings\admin\Nabídka Start\Programy\Fraps
2014-05-30 10:32 - 2014-05-30 10:26 - 116106267 _____ () C:\Documents and Settings\admin\Plocha\Hrdina-počítačový-hry-jde-do-světa.zip

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job


Some content of TEMP:
====================
C:\Documents and Settings\admin\Local Settings\Temp\AcDeltree.exe
C:\Documents and Settings\admin\Local Settings\Temp\APNStub.exe
C:\Documents and Settings\admin\Local Settings\Temp\AutoRun.exe
C:\Documents and Settings\admin\Local Settings\Temp\AutoRunGUI.dll
C:\Documents and Settings\admin\Local Settings\Temp\CojLauncher.exe
C:\Documents and Settings\admin\Local Settings\Temp\drm_dialogs.dll
C:\Documents and Settings\admin\Local Settings\Temp\drm_dyndata_7300015.dll
C:\Documents and Settings\admin\Local Settings\Temp\drm_dyndata_7370014.dll
C:\Documents and Settings\admin\Local Settings\Temp\drm_dyndata_7380007.dll
C:\Documents and Settings\admin\Local Settings\Temp\eauninstall.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-1.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-2.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-3.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-4.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-5.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-6.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-7.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-8.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-9.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe.exe
C:\Documents and Settings\admin\Local Settings\Temp\FNP_ACT_InstallerCA.dll
C:\Documents and Settings\admin\Local Settings\Temp\InstallManager_GEN_GEN.exe
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u3-windows-i586-iftw.exe
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u5-windows-i586-iftw.exe
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u7-windows-i586-iftw.exe
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u9-windows-i586-iftw.exe
C:\Documents and Settings\admin\Local Settings\Temp\primosdk.DLL
C:\Documents and Settings\admin\Local Settings\Temp\px.dll
C:\Documents and Settings\admin\Local Settings\Temp\pxafs.dll
C:\Documents and Settings\admin\Local Settings\Temp\PxCpyA64.exe
C:\Documents and Settings\admin\Local Settings\Temp\PxCpyI64.exe
C:\Documents and Settings\admin\Local Settings\Temp\pxdrv.dll
C:\Documents and Settings\admin\Local Settings\Temp\pxhpinst.exe
C:\Documents and Settings\admin\Local Settings\Temp\PxInsA64.exe
C:\Documents and Settings\admin\Local Settings\Temp\PxInsI64.exe
C:\Documents and Settings\admin\Local Settings\Temp\pxmas.dll
C:\Documents and Settings\admin\Local Settings\Temp\pxsetup.exe
C:\Documents and Settings\admin\Local Settings\Temp\pxsfs.dll
C:\Documents and Settings\admin\Local Settings\Temp\pxwave.dll
C:\Documents and Settings\admin\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\admin\Local Settings\Temp\setup.exe
C:\Documents and Settings\admin\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\admin\Local Settings\Temp\The Sims 2_uninst.exe
C:\Documents and Settings\admin\Local Settings\Temp\vxblock.dll
C:\Documents and Settings\admin\Local Settings\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Re: Problém s viry. Bit Coiner, Dropper - gen

Napsal: 27 čer 2014 11:10
od vyosek
:arrow: Je to chybna detekce, pozadame opet Avast o vyjmuti z databaze

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] => D:\Programy\Hamachi\hamachi-2-ui.exe [3816272 2014-06-23] (LogMeIn Inc.)
HKU\S-1-5-21-1292428093-1965331169-682003330-1006\...\Run: [DAEMON Tools Lite] => D:\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-1292428093-1965331169-682003330-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.)
HKU\S-1-5-21-1292428093-1965331169-682003330-1006\...\MountPoints2: {f72e8a83-fe65-11e1-98bd-002421f0d638} - F:\setup\rsrc\Autorun.exe

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
URLSearchHook: HKCU - (No Name) - {95289393-33EA-4F8D-B952-483415B9C955} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - E478E738E0594F9CAB782E50909E5983 URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {CD6A975A-A823-49CD-8B23-3D6E77641E29} URL = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=558448A9-CC68-4238-B89C-2BE0860C92B0&apn_sauid=A582A7B7-7F43-4607-A443-9AB8B43BC1E3

FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing 
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]

CHR HomePage:
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: http://www.bing.com/search?q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-08-04]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

R2 Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

C:\WINDOWS\inf\mncgtghxg.vbe
C:\WINDOWS\system32\msstp.vbe
2014-06-27 11:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-06-27 11:36 - 2014-06-27 11:39 - 00000000 ____D () C:\AdwCleaner
2014-06-27 00:14 - 2014-06-27 00:14 - 00000060 _____ () C:\WINDOWS\setupact.log
2014-06-27 00:14 - 2014-06-27 00:14 - 00000000 _____ () C:\WINDOWS\setuperr.log
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Documents and Settings\admin\Local Settings\Temp\AcDeltree.exe
C:\Documents and Settings\admin\Local Settings\Temp\APNStub.exe
C:\Documents and Settings\admin\Local Settings\Temp\AutoRun.exe
C:\Documents and Settings\admin\Local Settings\Temp\AutoRunGUI.dll
C:\Documents and Settings\admin\Local Settings\Temp\CojLauncher.exe
C:\Documents and Settings\admin\Local Settings\Temp\drm_dialogs.dll
C:\Documents and Settings\admin\Local Settings\Temp\drm_dyndata_7300015.dll
C:\Documents and Settings\admin\Local Settings\Temp\drm_dyndata_7370014.dll
C:\Documents and Settings\admin\Local Settings\Temp\drm_dyndata_7380007.dll
C:\Documents and Settings\admin\Local Settings\Temp\eauninstall.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-1.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-2.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-3.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-4.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-5.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-6.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-7.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-8.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-9.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe.exe
C:\Documents and Settings\admin\Local Settings\Temp\FNP_ACT_InstallerCA.dll
C:\Documents and Settings\admin\Local Settings\Temp\InstallManager_GEN_GEN.exe
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u3-windows-i586-iftw.exe
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u5-windows-i586-iftw.exe
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u7-windows-i586-iftw.exe
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u9-windows-i586-iftw.exe
C:\Documents and Settings\admin\Local Settings\Temp\primosdk.DLL
C:\Documents and Settings\admin\Local Settings\Temp\px.dll
C:\Documents and Settings\admin\Local Settings\Temp\pxafs.dll
C:\Documents and Settings\admin\Local Settings\Temp\PxCpyA64.exe
C:\Documents and Settings\admin\Local Settings\Temp\PxCpyI64.exe
C:\Documents and Settings\admin\Local Settings\Temp\pxdrv.dll
C:\Documents and Settings\admin\Local Settings\Temp\pxhpinst.exe
C:\Documents and Settings\admin\Local Settings\Temp\PxInsA64.exe
C:\Documents and Settings\admin\Local Settings\Temp\PxInsI64.exe
C:\Documents and Settings\admin\Local Settings\Temp\pxmas.dll
C:\Documents and Settings\admin\Local Settings\Temp\pxsetup.exe
C:\Documents and Settings\admin\Local Settings\Temp\pxsfs.dll
C:\Documents and Settings\admin\Local Settings\Temp\pxwave.dll
C:\Documents and Settings\admin\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\admin\Local Settings\Temp\setup.exe
C:\Documents and Settings\admin\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\admin\Local Settings\Temp\The Sims 2_uninst.exe
C:\Documents and Settings\admin\Local Settings\Temp\vxblock.dll
C:\Documents and Settings\admin\Local Settings\Temp\xmlUpdater.exe

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ" /f
REG: reg delete "REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mncgtghxgSrv" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSStp" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPSStartup" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16" /f

Hosts:
Reboot:
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt

Re: Problém s viry. Bit Coiner, Dropper - gen

Napsal: 27 čer 2014 11:22
od Wraith
Cituji: Přesuňte vytvořený fixlist vedle FRST.
Mám fixlist vložit do složky s názvem FRST? nebo k FRST.exe?

Re: Problém s viry. Bit Coiner, Dropper - gen

Napsal: 27 čer 2014 11:31
od Wraith
Mám to...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-06-2014
Ran by admin at 2014-06-27 12:25:28 Run:1
Running from C:\Documents and Settings\admin\Dokumenty\Stažené soubory
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] => D:\Programy\Hamachi\hamachi-2-ui.exe [3816272 2014-06-23] (LogMeIn Inc.)
HKU\S-1-5-21-1292428093-1965331169-682003330-1006\...\Run: [DAEMON Tools Lite] => D:\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-1292428093-1965331169-682003330-1006\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.)
HKU\S-1-5-21-1292428093-1965331169-682003330-1006\...\MountPoints2: {f72e8a83-fe65-11e1-98bd-002421f0d638} - F:\setup\rsrc\Autorun.exe

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
URLSearchHook: HKCU - (No Name) - {95289393-33EA-4F8D-B952-483415B9C955} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - E478E738E0594F9CAB782E50909E5983 URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {CD6A975A-A823-49CD-8B23-3D6E77641E29} URL = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=558448A9-CC68-4238-B89C-2BE0860C92B0&apn_sauid=A582A7B7-7F43-4607-A443-9AB8B43BC1E3

FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]

CHR HomePage:
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: http://www.bing.com/search?q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-08-04]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

R2 Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

C:\WINDOWS\inf\mncgtghxg.vbe
C:\WINDOWS\system32\msstp.vbe
2014-06-27 11:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-06-27 11:36 - 2014-06-27 11:39 - 00000000 ____D () C:\AdwCleaner
2014-06-27 00:14 - 2014-06-27 00:14 - 00000060 _____ () C:\WINDOWS\setupact.log
2014-06-27 00:14 - 2014-06-27 00:14 - 00000000 _____ () C:\WINDOWS\setuperr.log
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Documents and Settings\admin\Local Settings\Temp\AcDeltree.exe
C:\Documents and Settings\admin\Local Settings\Temp\APNStub.exe
C:\Documents and Settings\admin\Local Settings\Temp\AutoRun.exe
C:\Documents and Settings\admin\Local Settings\Temp\AutoRunGUI.dll
C:\Documents and Settings\admin\Local Settings\Temp\CojLauncher.exe
C:\Documents and Settings\admin\Local Settings\Temp\drm_dialogs.dll
C:\Documents and Settings\admin\Local Settings\Temp\drm_dyndata_7300015.dll
C:\Documents and Settings\admin\Local Settings\Temp\drm_dyndata_7370014.dll
C:\Documents and Settings\admin\Local Settings\Temp\drm_dyndata_7380007.dll
C:\Documents and Settings\admin\Local Settings\Temp\eauninstall.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-1.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-2.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-3.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-4.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-5.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-6.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-7.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-8.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-9.exe
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe.exe
C:\Documents and Settings\admin\Local Settings\Temp\FNP_ACT_InstallerCA.dll
C:\Documents and Settings\admin\Local Settings\Temp\InstallManager_GEN_GEN.exe
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u3-windows-i586-iftw.exe
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u5-windows-i586-iftw.exe
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u7-windows-i586-iftw.exe
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u9-windows-i586-iftw.exe
C:\Documents and Settings\admin\Local Settings\Temp\primosdk.DLL
C:\Documents and Settings\admin\Local Settings\Temp\px.dll
C:\Documents and Settings\admin\Local Settings\Temp\pxafs.dll
C:\Documents and Settings\admin\Local Settings\Temp\PxCpyA64.exe
C:\Documents and Settings\admin\Local Settings\Temp\PxCpyI64.exe
C:\Documents and Settings\admin\Local Settings\Temp\pxdrv.dll
C:\Documents and Settings\admin\Local Settings\Temp\pxhpinst.exe
C:\Documents and Settings\admin\Local Settings\Temp\PxInsA64.exe
C:\Documents and Settings\admin\Local Settings\Temp\PxInsI64.exe
C:\Documents and Settings\admin\Local Settings\Temp\pxmas.dll
C:\Documents and Settings\admin\Local Settings\Temp\pxsetup.exe
C:\Documents and Settings\admin\Local Settings\Temp\pxsfs.dll
C:\Documents and Settings\admin\Local Settings\Temp\pxwave.dll
C:\Documents and Settings\admin\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\admin\Local Settings\Temp\setup.exe
C:\Documents and Settings\admin\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\admin\Local Settings\Temp\The Sims 2_uninst.exe
C:\Documents and Settings\admin\Local Settings\Temp\vxblock.dll
C:\Documents and Settings\admin\Local Settings\Temp\xmlUpdater.exe

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ" /f
REG: reg delete "REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mncgtghxgSrv" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSStp" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPSStartup" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16" /f

Hosts:
Reboot:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\LogMeIn Hamachi Ui => value deleted successfully.
HKU\S-1-5-21-1292428093-1965331169-682003330-1006\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value deleted successfully.
HKU\S-1-5-21-1292428093-1965331169-682003330-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value deleted successfully.
'HKU\S-1-5-21-1292428093-1965331169-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f72e8a83-fe65-11e1-98bd-002421f0d638}' => Key deleted successfully.
'HKCR\CLSID\{f72e8a83-fe65-11e1-98bd-002421f0d638}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{95289393-33EA-4F8D-B952-483415B9C955} => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\E478E738E0594F9CAB782E50909E5983' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\E478E738E0594F9CAB782E50909E5983'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CD6A975A-A823-49CD-8B23-3D6E77641E29}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{CD6A975A-A823-49CD-8B23-3D6E77641E29}'=> Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.3 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully.
C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully.
CHR DefaultSearchKeyword: bing.com ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Bing ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://www.bing.com/search?q={searchTerms} ==> The Chrome "Settings" can be used to fix the entry.
C:\Documents and Settings\admin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Moved successfully.
'HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl' => Key deleted successfully.
C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx => Moved successfully.
Skype C2C Service => Service stopped successfully.
Skype C2C Service => Service deleted successfully.
"C:\WINDOWS\inf\mncgtghxg.vbe" => File/Directory not found.
C:\WINDOWS\system32\msstp.vbe => Moved successfully.
C:\WINDOWS\system32\sqlite3.dll => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\WINDOWS\setupact.log => Moved successfully.
C:\WINDOWS\setuperr.log => Moved successfully.
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Windows\Tasks\At2.job => Moved successfully.
C:\Windows\Tasks\At3.job => Moved successfully.
C:\Windows\Tasks\At4.job => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\AcDeltree.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\APNStub.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\AutoRun.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\AutoRunGUI.dll => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\CojLauncher.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\drm_dialogs.dll => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\drm_dyndata_7300015.dll => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\drm_dyndata_7370014.dll => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\drm_dyndata_7380007.dll => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\eauninstall.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-1.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-2.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-3.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-4.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-5.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-6.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-7.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-8.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe-9.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\firefoxjre_exe.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\FNP_ACT_InstallerCA.dll => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\InstallManager_GEN_GEN.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u3-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u5-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u7-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\jre-7u9-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\primosdk.DLL => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\px.dll => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\pxafs.dll => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\PxCpyA64.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\PxCpyI64.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\pxdrv.dll => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\pxhpinst.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\PxInsA64.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\PxInsI64.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\pxmas.dll => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\pxsetup.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\pxsfs.dll => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\pxwave.dll => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\setup.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\SkypeSetup.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\The Sims 2_uninst.exe => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\vxblock.dll => Moved successfully.
C:\Documents and Settings\admin\Local Settings\Temp\xmlUpdater.exe => Moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper" /f =========



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mncgtghxgSrv" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSStp" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPSStartup" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16" /f =========


Operace byla dokončena úspěšně.


========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.


The system needed a reboot.

==== End of Fixlog ====

Re: Problém s viry. Bit Coiner, Dropper - gen

Napsal: 27 čer 2014 12:04
od vyosek
Tak jeste uklidime :James008:

:arrow: T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|

Re: Problém s viry. Bit Coiner, Dropper - gen

Napsal: 27 čer 2014 12:21
od Wraith
Mohl bych se ještě zeptat, v jaké fázi se ztratil vir? Jinak děkuji moc za spolupráci

Re: Problém s viry. Bit Coiner, Dropper - gen

Napsal: 27 čer 2014 19:35
od vyosek
:arrow: Vir jsme smazali tim skriptem pro FRST

Nemate zac, rad jsem pomohl :worship: Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat :lock:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz