VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Vista Internet Security 2010

https://forum.viry.cz:443/viewtopic.php?t=98342

Stránka 1 z 2

Vista Internet Security 2010

Napsal: 01 bře 2010 19:53
od Gonzales1
Dobrý den
Kamarádovi se v nootebooku začal zobrazovat "Vista Internet Security 2010 " je to zřejmě virus.
Prosím o kontrolu

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-03-01 19:46:09
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 150 GB (66%) free of 227 GB
Total RAM: 3837 MB (65% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForOwner.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}]
ALOT Toolbar - C:\Program Files (x86)\alot\bin\alot.dll [2008-07-17 675624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [2008-02-07 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-05-21 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-06 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-06 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-14 501056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-02-07 349552]
{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - ALOT Toolbar - C:\Program Files (x86)\alot\bin\alot.dll [2008-07-17 675624]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-06 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"UCam_Menu"=C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-12-24 222504]
"QPService"=C:\Program Files (x86)\HP\QuickPlay\QPService.exe [2008-05-15 468264]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-14 202032]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-23 80896]
"hpWirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-11-20 488752]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1555968]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-14 39408]
"ICQ"=C:\Program Files (x86)\ICQ6.5\ICQ.exe [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.exe - open - "C:\Users\Owner\AppData\Local\av.exe" /START "%1" %*
.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-01 19:46:10 ----D---- C:\Program Files (x86)\trend micro
2010-03-01 19:46:09 ----D---- C:\rsit
2010-02-23 22:57:49 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-23 22:57:49 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-23 22:57:48 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-23 22:57:47 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-23 22:57:47 ----A---- C:\Windows\system32\secproc.dll
2010-02-23 22:57:47 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-23 22:57:46 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-23 22:57:46 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-23 22:57:45 ----A---- C:\Windows\system32\msdrm.dll
2010-02-23 21:27:40 ----A---- C:\Windows\system32\tzres.dll
2010-02-23 21:22:13 ----A---- C:\Windows\system32\jscript.dll
2010-02-10 08:09:02 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 08:09:01 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 08:09:01 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 08:09:01 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 08:09:01 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 08:09:01 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 08:09:01 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 08:09:01 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 08:09:01 ----A---- C:\Windows\system32\avifil32.dll
2010-02-10 08:09:01 ----A---- C:\Windows\system32\avicap32.dll

======List of files/folders modified in the last 1 months======

2010-03-01 19:46:11 ----D---- C:\Windows\Temp
2010-03-01 19:46:10 ----RD---- C:\Program Files (x86)
2010-03-01 19:46:06 ----D---- C:\Windows\Prefetch
2010-03-01 19:43:33 ----D---- C:\Windows\Tasks
2010-03-01 19:43:29 ----D---- C:\ProgramData\Google Updater
2010-02-26 18:11:33 ----D---- C:\Users\Owner\AppData\Roaming\Skype
2010-02-26 17:27:58 ----SHD---- C:\System Volume Information
2010-02-26 16:33:42 ----D---- C:\Users\Owner\AppData\Roaming\skypePM
2010-02-25 19:07:05 ----SHD---- C:\Windows\Installer
2010-02-24 03:36:07 ----D---- C:\Windows\rescache
2010-02-24 03:17:11 ----D---- C:\Windows\SysWOW64
2010-02-24 03:17:11 ----D---- C:\Windows\system32\en-US
2010-02-24 03:17:11 ----D---- C:\Windows\System32
2010-02-24 03:17:09 ----RSD---- C:\Windows\Fonts
2010-02-24 03:01:58 ----D---- C:\Windows\winsxs
2010-02-11 03:19:59 ----D---- C:\Program Files (x86)\Windows Mail
2010-02-08 08:08:58 ----D---- C:\Program Files (x86)\Google
2010-02-04 09:17:02 ----D---- C:\Windows\inf
2010-02-02 11:35:31 ----SD---- C:\Users\Owner\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS []
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys []
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS []
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys []
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys []
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20080122.037\ENG64.SYS [2008-01-22 125488]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20080122.037\EX64.SYS [2008-01-22 1418288]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR64.SYS []
R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS []
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys []
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys []
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys []
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
S3 IDSvia64;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20071204.002\IDSvia64.sys [2007-11-06 251952]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x64.sys []
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V64.SYS []
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS []
S3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_a02f3f3d\AESTSr64.exe []
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe []
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-07 149864]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-07 149864]
R2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-07 149864]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe []
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-02-26 73728]
R2 LiveUpdate Notice;LiveUpdate Notice; c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-07 149864]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2008-05-15 292248]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [2008-05-15 116112]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-03-26 341328]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2008-01-26 148832]
R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-05-21 1245064]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-27 135664]
S2 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_a02f3f3d\STacSV64.exe []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 comHost;COM Host; c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 267096]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe [2007-12-05 181784]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-02-09 3220856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]

-----------------EOF-----------------

Re: Vista Internet Security 2010

Napsal: 01 bře 2010 20:27
od Rudy
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: Vista Internet Security 2010

Napsal: 01 bře 2010 21:49
od Gonzales1
tak problém číslo 1 - nejde nainstalovat. u sebe v PC to nainstaluju ale uněj na notebooku to nelze
číslo 2 - nelze se připojit přes Wifi na internet

Re: Vista Internet Security 2010

Napsal: 01 bře 2010 23:17
od Rudy
Zkuste AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .

Re: Vista Internet Security 2010

Napsal: 01 bře 2010 23:42
od Gonzales1
podařilo se mi rozchodit MBAM

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

3/1/2010 11:39:47 PM
mbam-log-2010-03-01 (23-39-39).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 303970
Uplynulý čas: 1 hour(s), 40 minute(s), 45 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 5
Infikované hodnoty registru: 0
Infikované datové položky registru: 2
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Users\Owner\AppData\Local\Temp\28F4.tmp (Backdoor.Bot) -> No action taken.
C:\Users\Owner\AppData\Local\Temp\balamutra.php (Trojan.Injector) -> No action taken.

Re: Vista Internet Security 2010

Napsal: 02 bře 2010 18:32
od Rudy
Vše smažte.

Re: Vista Internet Security 2010

Napsal: 02 bře 2010 18:39
od Gonzales1
smazáno. problém přetrvává log zde:
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

3/2/2010 6:34:57 PM
mbam-log-2010-03-02 (18-34-57).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 303970
Uplynulý čas: 1 hour(s), 40 minute(s), 45 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 5
Infikované hodnoty registru: 0
Infikované datové položky registru: 2
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Users\Owner\AppData\Local\Temp\28F4.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\balamutra.php (Trojan.Injector) -> Quarantined and deleted successfully.

Re: Vista Internet Security 2010

Napsal: 02 bře 2010 19:26
od Rudy
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Re: Vista Internet Security 2010

Napsal: 02 bře 2010 19:57
od Gonzales1
malý problém. Combofix mi hlásí že na W Vista se nerozjede

Re: Vista Internet Security 2010

Napsal: 02 bře 2010 20:18
od Rudy
CF by na Vistě měl fungovat. Zkuste to v nouz. režimu.

Re: Vista Internet Security 2010

Napsal: 02 bře 2010 20:20
od Gonzales1
zkoušel jsem se do něj dostat ale moje zkušenosti na to nestačili. Po několika pokusech mi při spuštění naběhl nějaký "Startup repair". Mohl by jste mi napsat postup na dostání se do Nouzového režimu?

Re: Vista Internet Security 2010

Napsal: 02 bře 2010 20:25
od Rudy
Při startu PC tiskněte F8. Objeví se menu, v němž kurzorovámi šipkami vyberete Stav nouze a stiskněte Enter.

Re: Vista Internet Security 2010

Napsal: 02 bře 2010 20:35
od Gonzales1
píše mi to "Incompatobole OS Combofix only works for Windows 2000 and XP" i v nouzovém režimu

Re: Vista Internet Security 2010

Napsal: 02 bře 2010 21:28
od Gonzales1
podle googlu je CF jen na 32bit procesor ale kamarádův notebook má 64bit. co stím ?

Re: Vista Internet Security 2010

Napsal: 02 bře 2010 22:38
od Rudy
OK. Zkuste sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Přehlédl jsem, že jde o 64b systém. Omlouvám se.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz