PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

Kontrola logu z MWAV

https://pc-help.cnews.cz/viewtopic.php?f=47&t=17619

Stránka 1 z 2

Kontrola logu z MWAV

Napsal: 26 srp 2007 10:50
od Marfy
Dělal jsem preventivní kontrolu programem MWAV a tohle mi našel.

Sun Aug 26 08:31:42 2007 => Offending Key found: HKLM\Software\magnet !!!
Sun Aug 26 10:15:34 2007 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Aug 26 10:15:35 2007 => Offending Key found: HKCU\\magnet !!!
Sun Aug 26 10:15:35 2007 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Aug 26 10:16:01 2007 => Offending file found: C:\WINDOWS\tasks\at1.job
Sun Aug 26 10:16:01 2007 => System found infected with w32.rontokbro.d@mm Worm (C:\WINDOWS\tasks\at1.job)! Action taken: No Action Taken.

co se stím dá udělat?

Napsal: 26 srp 2007 12:54
od sakiri
ty dva klíče v zapisech neřeš.

Ale kvůli té naplánované úloze použijeme ComboFix:
Stáhni si ComboFix ulož ho na plochu, zavři všechna spuštěná okna a spusť ho.
Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
(Je možné že se počítač restartuje, bude to kvůli tomu že ComboFix našel infikované soubory aby je smazal tak se restartuje PC)
Pro spusťění ComboFixu je nutné mít práva administrátora.
Jinak je ComboFixův log umístěný na C:\ComboFix.txt

Napsal: 26 srp 2007 20:52
od Marfy
Tady je ten log z ComboFix
ComboFix 07-08-25.2 - "ONDRA" 2007-08-26 20:38:18.1 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.664 [GMT 2:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\regedit.com
C:\WINDOWS\system32\675b73H8.exe
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\Tasks.\At1.job
C:\WINDOWS\Tasks.\At10.job
C:\WINDOWS\Tasks.\At11.job
C:\WINDOWS\Tasks.\At12.job
C:\WINDOWS\Tasks.\At13.job
C:\WINDOWS\Tasks.\At14.job
C:\WINDOWS\Tasks.\At15.job
C:\WINDOWS\Tasks.\At16.job
C:\WINDOWS\Tasks.\At17.job
C:\WINDOWS\Tasks.\At18.job
C:\WINDOWS\Tasks.\At19.job
C:\WINDOWS\Tasks.\At2.job
C:\WINDOWS\Tasks.\At20.job
C:\WINDOWS\Tasks.\At21.job
C:\WINDOWS\Tasks.\At22.job
C:\WINDOWS\Tasks.\At23.job
C:\WINDOWS\Tasks.\At24.job
C:\WINDOWS\Tasks.\At3.job
C:\WINDOWS\Tasks.\At4.job
C:\WINDOWS\Tasks.\At5.job
C:\WINDOWS\Tasks.\At6.job
C:\WINDOWS\Tasks.\At7.job
C:\WINDOWS\Tasks.\At8.job
C:\WINDOWS\Tasks.\At9.job


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_IPRIP


((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))


2007-08-26 20:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 17:05 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2007-08-10 19:42 <DIR> d-------- C:\Program Files\ATITool
2007-08-10 17:23 <DIR> d-------- C:\Program Files\Mojzˇk
2007-08-05 20:47 <DIR> d-------- C:\Program Files\Ashampoo
2007-08-05 15:07 <DIR> d-------- C:\DOCUME~1\ONDRA\AppData
2007-08-03 10:32 <DIR> d-------- C:\Program Files\Valve
2007-08-01 16:32 <DIR> d-------- C:\Program Files\THQ


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-26 11:45 --------- d-------- C:\DOCUME~1\ONDRA\DATAAP~1\Vso
2007-08-23 12:54 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-23 08:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\DVD Shrink
2007-08-21 18:26 --------- d-------- C:\Program Files\DC++
2007-08-19 11:03 --------- d-------- C:\Program Files\SpeedFan
2007-08-18 16:31 --------- d-------- C:\Program Files\GamePark
2007-08-12 17:17 --------- d-------- C:\DOCUME~1\ONDRA\DATAAP~1\Skype
2007-08-12 17:06 --------- d-------- C:\Program Files\ICQLite
2007-08-05 15:04 --------- d-------- C:\Program Files\Microsoft Games
2007-07-22 20:14 --------- d-a------ C:\DOCUME~1\ALLUSE~1\DATAAP~1\TEMP
2007-07-22 14:05 --------- d-------- C:\DOCUME~1\ONDRA\DATAAP~1\Disney Interactive Studios
2007-07-22 14:04 --------- d-------- C:\Program Files\Disney Interactive Studios
2007-07-22 14:04 --------- d-------- C:\DOCUME~1\ONDRA\DATAAP~1\InstallShield
2007-07-15 16:13 --------- d-------- C:\Program Files\SensorsView
2007-07-14 08:17 7952 --a------ C:\WINDOWS\system32\OODDRMBS.EXE
2007-07-14 08:17 --------- d-------- C:\Program Files\OOD2KFRE
2007-07-10 17:40 --------- d-------- C:\Program Files\Tropico
2007-07-05 09:44 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-06-17 22:46 407152 --a------ C:\WINDOWS\system32\pr2ah4nb.exe
2007-03-11 19:57 14427 --a--c--- C:\WINDOWS\inf\SET.EXE
2007-03-11 19:57 1216512 --a--c--- C:\WINDOWS\inf\Tse.exe
2004-10-01 16:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe
--------- C:\Program Files\Mojzík


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 12:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]
"C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpamAwareOELauncher]
C:\Program Files\JAM Software\SpamAware\SpamAwareOELauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spamihilator]
"C:\Program Files\Spamihilator\spamihilator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

R0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);C:\WINDOWS\system32\drivers\pe3ah4nb.sys
R0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);C:\WINDOWS\system32\drivers\ps6ah4nb.sys
R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 BT848;WinFast VC100 WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys
R2 Tv2kXbar;WinFast VC100 WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);C:\WINDOWS\system32\pr2ah4nb.exe svc
S3 ASFWHide;ASFWHide;\??\C:\DOCUME~1\ONDRA\LOCALS~1\Temp\ASFWHide
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Síť rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Protokol PNRP;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2EAB8566-3B11-5A99-0502-030301000108}]
C:\WINDOWS\system32\sysinfo.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 20:42:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-26 20:43:29 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-26 20:43

--- E O F ---

Napsal: 27 srp 2007 08:40
od sakiri
Při této akci je nutné mít ComboFix na ploše již by jsi ho tam měl mít stažený.

1. Spusť Poznámkový blok (Notepad) přes Start - Programy - Příslušenství a zkopíruj do něj celý text z toho bílého políčka:

Kód: Vybrat vše

Driver::
oreans32

File::
C:\WINDOWS\system32\sysinfo.exe
C:\WINDOWS\system32\drivers\oreans32.sys

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2EAB8566-3B11-5A99-0502-030301000108}]


Pak dej Soubor (File) -> Uložit jako (Save As) -> jak je Název souboru (File name) tak do toho řádku napiš: CFScript.txt
Typ souboru (Save as type) tak tam vyber *všechny soubory (*all files)
A ulož ho na plochu.

2. Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení čistícího procesu a případném restartu počítače by se ti měl zobrazit log. Jinak umístěný C:\ComboFix.txt
- Tak sem zkopíruj celý jeho obsah

3. tyto soubory nechej otestovat na Virustotalu:
C:\WINDOWS\inf\SET.EXE
C:\WINDOWS\inf\Tse.exe

A zkopíruj sem výsledky.

Napsal: 27 srp 2007 09:11
od Marfy
Nový log

ComboFix 07-08-25.2 - "ONDRA" 2007-08-27 9:03:53.2 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.679 [GMT 2:00]


((((((((((((((((((((((((( Files Created from 2007-07-27 to 2007-08-27 )))))))))))))))))))))))))))))))


2007-08-26 20:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 17:05 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2007-08-10 19:42 <DIR> d-------- C:\Program Files\ATITool
2007-08-10 17:23 <DIR> d-------- C:\Program Files\Mojzˇk
2007-08-05 20:47 <DIR> d-------- C:\Program Files\Ashampoo
2007-08-05 15:07 <DIR> d-------- C:\DOCUME~1\ONDRA\AppData
2007-08-03 10:32 <DIR> d-------- C:\Program Files\Valve
2007-08-01 16:32 <DIR> d-------- C:\Program Files\THQ


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-26 11:45 --------- d-------- C:\DOCUME~1\ONDRA\DATAAP~1\Vso
2007-08-23 12:54 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-23 08:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\DVD Shrink
2007-08-21 18:26 --------- d-------- C:\Program Files\DC++
2007-08-19 11:03 --------- d-------- C:\Program Files\SpeedFan
2007-08-18 16:31 --------- d-------- C:\Program Files\GamePark
2007-08-12 17:17 --------- d-------- C:\DOCUME~1\ONDRA\DATAAP~1\Skype
2007-08-12 17:06 --------- d-------- C:\Program Files\ICQLite
2007-08-05 15:04 --------- d-------- C:\Program Files\Microsoft Games
2007-07-22 20:14 --------- d-a------ C:\DOCUME~1\ALLUSE~1\DATAAP~1\TEMP
2007-07-22 14:05 --------- d-------- C:\DOCUME~1\ONDRA\DATAAP~1\Disney Interactive Studios
2007-07-22 14:04 --------- d-------- C:\Program Files\Disney Interactive Studios
2007-07-22 14:04 --------- d-------- C:\DOCUME~1\ONDRA\DATAAP~1\InstallShield
2007-07-15 16:13 --------- d-------- C:\Program Files\SensorsView
2007-07-14 08:17 7952 --a------ C:\WINDOWS\system32\OODDRMBS.EXE
2007-07-14 08:17 --------- d-------- C:\Program Files\OOD2KFRE
2007-07-10 17:40 --------- d-------- C:\Program Files\Tropico
2007-07-05 09:44 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-06-17 22:46 407152 --a------ C:\WINDOWS\system32\pr2ah4nb.exe
2007-03-11 19:57 14427 --a--c--- C:\WINDOWS\inf\SET.EXE
2007-03-11 19:57 1216512 --a--c--- C:\WINDOWS\inf\Tse.exe
2004-10-01 16:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe
--------- C:\Program Files\Mojzík


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 12:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]
"C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpamAwareOELauncher]
C:\Program Files\JAM Software\SpamAware\SpamAwareOELauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spamihilator]
"C:\Program Files\Spamihilator\spamihilator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

R0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);C:\WINDOWS\system32\drivers\pe3ah4nb.sys
R0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);C:\WINDOWS\system32\drivers\ps6ah4nb.sys
R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys
R2 BT848;WinFast VC100 WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys
R2 Tv2kXbar;WinFast VC100 WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);C:\WINDOWS\system32\pr2ah4nb.exe svc
S3 ASFWHide;ASFWHide;\??\C:\DOCUME~1\ONDRA\LOCALS~1\Temp\ASFWHide
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Síť rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Protokol PNRP;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2EAB8566-3B11-5A99-0502-030301000108}]
C:\WINDOWS\system32\sysinfo.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-27 09:06:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-27 9:06:41
C:\ComboFix-quarantined-files.txt ... 2007-08-27 09:06
C:\ComboFix2.txt ... 2007-08-26 20:43

--- E O F ---

Napsal: 27 srp 2007 09:59
od sakiri
No nepostupoval jsi dle návodu je nutné udělat vše co jsem psal v mém předchozím příspěvku.

Napsal: 27 srp 2007 13:48
od Marfy
Teď jsem to tak udělal-a háže to tuto chybu:
Nemůžu totiž ten texťák uložit jako Všechny soubory,ale jen jako RTF apod.což je podle hlášky nepřijatelný formát.

Napsal: 27 srp 2007 14:16
od sakiri
A jo tak jdeme použít jiný nástroj.

Stáhni si Avenger a spusť ho pod účtem administrátora.
Zaškrtni volbu - Input script manually a klikni na ikonku lupy vyskočí prázdné okno kam zkopíruj ten tučně označený text:
Drivers to unload:
oreans32

Files to delete:
C:\WINDOWS\system32\sysinfo.exe
C:\WINDOWS\system32\drivers\oreans32.sys

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2EAB8566-3B11-5A99-0502-030301000108}

A klikni na Done.
Poté klikni na ikonku Semafory.

Vyskočí hláška kde odklikni Yes poté další hláška kde odklikni Yes.
PC se restartuje.Po restartu by ti měl "vyběhnout" log z Avengeru tak ho sem zkopíruj.

+ sem vlož nový log z ComboFixu + nechej otestovat ty soubory.

Napsal: 27 srp 2007 14:16
od Marfy
Už se mi to povedlo.Musel jsem texťák uložit na plochu jako txt. a teprve tam ho znovu otevřít a uložit jako všechny soubory(nabídka už byla k dispozici).Tady je výsledek:
ComboFix 07-08-25.2 - "ONDRA" 2007-08-27 14:08:55.3 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.688 [GMT 2:00]
Command switches used :: C:\Documents and Settings\ONDRA\Plocha\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\sysinfo.exe
C:\WINDOWS\system32\drivers\oreans32.sys


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\oreans32.sys
C:\WINDOWS\system32\sysinfo.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_OREANS32
-------\oreans32


((((((((((((((((((((((((( Files Created from 2007-07-27 to 2007-08-27 )))))))))))))))))))))))))))))))


2007-08-26 20:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 17:05 <DIR> d-------- C:\Program Files\Wolfenstein - Enemy Territory
2007-08-10 19:42 <DIR> d-------- C:\Program Files\ATITool
2007-08-10 17:23 <DIR> d-------- C:\Program Files\Mojzˇk
2007-08-05 20:47 <DIR> d-------- C:\Program Files\Ashampoo
2007-08-05 15:07 <DIR> d-------- C:\DOCUME~1\ONDRA\AppData
2007-08-03 10:32 <DIR> d-------- C:\Program Files\Valve
2007-08-01 16:32 <DIR> d-------- C:\Program Files\THQ


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-26 11:45 --------- d-------- C:\DOCUME~1\ONDRA\DATAAP~1\Vso
2007-08-23 12:54 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-23 08:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\DVD Shrink
2007-08-21 18:26 --------- d-------- C:\Program Files\DC++
2007-08-19 11:03 --------- d-------- C:\Program Files\SpeedFan
2007-08-18 16:31 --------- d-------- C:\Program Files\GamePark
2007-08-12 17:17 --------- d-------- C:\DOCUME~1\ONDRA\DATAAP~1\Skype
2007-08-12 17:06 --------- d-------- C:\Program Files\ICQLite
2007-08-05 15:04 --------- d-------- C:\Program Files\Microsoft Games
2007-07-22 20:14 --------- d-a------ C:\DOCUME~1\ALLUSE~1\DATAAP~1\TEMP
2007-07-22 14:05 --------- d-------- C:\DOCUME~1\ONDRA\DATAAP~1\Disney Interactive Studios
2007-07-22 14:04 --------- d-------- C:\Program Files\Disney Interactive Studios
2007-07-22 14:04 --------- d-------- C:\DOCUME~1\ONDRA\DATAAP~1\InstallShield
2007-07-15 16:13 --------- d-------- C:\Program Files\SensorsView
2007-07-14 08:17 7952 --a------ C:\WINDOWS\system32\OODDRMBS.EXE
2007-07-14 08:17 --------- d-------- C:\Program Files\OOD2KFRE
2007-07-10 17:40 --------- d-------- C:\Program Files\Tropico
2007-07-05 09:44 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-06-17 22:46 407152 --a------ C:\WINDOWS\system32\pr2ah4nb.exe
2007-03-11 19:57 14427 --a--c--- C:\WINDOWS\inf\SET.EXE
2007-03-11 19:57 1216512 --a--c--- C:\WINDOWS\inf\Tse.exe
2004-10-01 16:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe
--------- C:\Program Files\Mojzík


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 12:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 16:49]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]
"C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpamAwareOELauncher]
C:\Program Files\JAM Software\SpamAware\SpamAwareOELauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spamihilator]
"C:\Program Files\Spamihilator\spamihilator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

R0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);C:\WINDOWS\system32\drivers\pe3ah4nb.sys
R0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);C:\WINDOWS\system32\drivers\ps6ah4nb.sys
R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R2 BT848;WinFast VC100 WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys
R2 Tv2kXbar;WinFast VC100 WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);C:\WINDOWS\system32\pr2ah4nb.exe svc
S3 ASFWHide;ASFWHide;\??\C:\DOCUME~1\ONDRA\LOCALS~1\Temp\ASFWHide
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Síť rovnocenných počítačů;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Protokol PNRP;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-27 14:12:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-27 14:13:58 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-27 14:13
C:\ComboFix2.txt ... 2007-08-27 09:06
C:\ComboFix3.txt ... 2007-08-26 20:43

--- E O F ---

Napsal: 27 srp 2007 14:20
od sakiri
Super tak tu akci s tím Avengerem nedělej.

Ale ještě nechej otestovat tyto soubory jak jsem psal na Virustotalu:
C:\WINDOWS\inf\SET.EXE
C:\WINDOWS\inf\Tse.exe

A vlož sem výsledky.

Napsal: 27 srp 2007 14:49
od Marfy
Výsledky VIRUSTOTAL

Soubor SET.EXE přijatý 2007.08.27 14:45:11 (CET)
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2007.8.28.0 2007.08.27 -
AntiVir 7.4.1.63 2007.08.27 -
Authentium 4.93.8 2007.08.26 -
Avast 4.7.1029.0 2007.08.27 -
AVG 7.5.0.484 2007.08.27 -
BitDefender 7.2 2007.08.27 -
CAT-QuickHeal 9.00 2007.08.25 -
ClamAV 0.91 2007.08.27 -
DrWeb 4.33 2007.08.27 -
eSafe 7.0.15.0 2007.08.26 -
eTrust-Vet 31.1.5088 2007.08.27 -
Ewido 4.0 2007.08.27 -
FileAdvisor 1 2007.08.27 -
Fortinet 2.91.0.0 2007.08.27 -
F-Prot 4.3.2.48 2007.08.26 -
F-Secure 6.70.13030.0 2007.08.27 -
Ikarus T3.1.1.12 2007.08.27 -
Kaspersky 4.0.2.24 2007.08.27 -
McAfee 5105 2007.08.24 -
Microsoft 1.2803 2007.08.27 -
NOD32v2 2485 2007.08.26 -
Norman 5.80.02 2007.08.27 -
Panda 9.0.0.4 2007.08.27 -
Prevx1 V2 2007.08.27 -
Rising 19.38.02.00 2007.08.27 -
Sophos 4.21.0 2007.08.27 -
Sunbelt 2.2.907.0 2007.08.25 -
Symantec 10 2007.08.27 -
TheHacker 6.1.9.173 2007.08.27 -
VBA32 3.12.2.3 2007.08.27 -
VirusBuster 4.3.26:9 2007.08.26 -
Webwasher-Gateway 6.0.1 2007.08.27 -
Rozšiřující informace
File size: 14427 bytes
MD5: 45819ec1bab9e0820b17943b2251c6b7
SHA1: 7468d32061c82b5aef541d3ee735069e68584d78
packers: LZEXE
packers: LZEXE

A tady je ten druhý soubor:

Soubor Tse.exe přijatý 2007.08.27 14:50:32 (CET)
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2007.8.28.0 2007.08.27 Win-Trojan/Bifrose.1216512.E
AntiVir 7.4.1.63 2007.08.27 BDS/Bifrose.NU
Authentium 4.93.8 2007.08.26 -
Avast 4.7.1029.0 2007.08.27 -
AVG 7.5.0.484 2007.08.27 BackDoor.Generic7.BCR
BitDefender 7.2 2007.08.27 Backdoor.Bifrose.ACS
CAT-QuickHeal 9.00 2007.08.25 -
ClamAV 0.91 2007.08.27 Trojan.Pakes-248
DrWeb 4.33 2007.08.27 BackDoor.Bifrost
eSafe 7.0.15.0 2007.08.26 -
eTrust-Vet 31.1.5088 2007.08.27 -
Ewido 4.0 2007.08.27 Adware.DollarRvenue
FileAdvisor 1 2007.08.27 High threat detected
Fortinet 2.91.0.0 2007.08.27 -
F-Prot 4.3.2.48 2007.08.26 -
F-Secure 6.70.13030.0 2007.08.27 Backdoor.Win32.Bifrose.acs
Ikarus T3.1.1.12 2007.08.27 Backdoor.Win32.Bifrose.acs
Kaspersky 4.0.2.24 2007.08.27 Backdoor.Win32.Bifrose.acs
McAfee 5105 2007.08.24 -
Microsoft 1.2803 2007.08.27 Backdoor:Win32/Agent!4012
NOD32v2 2485 2007.08.26 probably a variant of Win32/Bifrose
Norman 5.80.02 2007.08.27 PoisonIvy.gen15
Panda 9.0.0.4 2007.08.27 W32/Gaobot.PIB.worm
Prevx1 V2 2007.08.27 -
Rising 19.38.02.00 2007.08.27 Backdoor.Win32.Bifrose.acs
Sophos 4.21.0 2007.08.27 -
Sunbelt 2.2.907.0 2007.08.25 VIPRE.Suspicious
Symantec 10 2007.08.27 -
TheHacker 6.1.9.173 2007.08.27 -
VBA32 3.12.2.3 2007.08.27 Backdoor.Win32.Bifrose.acs
VirusBuster 4.3.26:9 2007.08.26 -
Webwasher-Gateway 6.0.1 2007.08.27 Trojan.Bifrose.NU
Rozšiřující informace
File size: 1216512 bytes
MD5: 1240bc6be523efddaa56ec964ed4a071
SHA1: c91110002241bf886a34148eef671d36c0d90ecb
Bit9 info: http://fileadvisor.bit9.com/services/ex ... 964ed4a071
packers: Themida
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Napsal: 27 srp 2007 16:55
od sakiri
OK tento soubor smaž:
C:\WINDOWS\inf\Tse.exe

Pokud by nešel tak použij Avenger dle návodu co jsem dával s tímto scriptem:
Files to delete:
C:\WINDOWS\inf\Tse.exe

Kdyby jsi použil Avengera tak sem vlož jeho log co se ti zobrazí po startu.

A až smažeš ten soubor tak je to vše.
Časové pásmo: UTC+02:00
Stránka 1 z 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/