PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

Worm.Win32.AutoTDSS.axe (Vir)

https://pc-help.cnews.cz/viewtopic.php?f=47&t=36031

Stránka 1 z 1

Worm.Win32.AutoTDSS.axe (Vir)  Vyřešeno

Napsal: 23 led 2009 22:15
od M.I.RASL
Dobrý večer,
F-Secure Internet Security 2008 8.00
Hlášení o kontrole: 22. leden 2009 18:18:06 - 20:34:06
Výsledek: Nalezený malware: 1 - Worm.Win32.AutoTDSS.axe (Vir)
C:\resycled\boot.0om

Prosím jak ho odstraním. Díky

Re: Worm.Win32.AutoTDSS.axe (Vir)

Napsal: 24 led 2009 09:46
od fredik
Stáhni si a spusť DDS (by sUBs) a ulož si ho na plochu.
- spusť ho, objeví se ti okno a tak do něho neklikej a počkej až program proběhne
- po ukončení své činnosti program vytvoří 2 logy a vyhodí ti informativní okno. To zavři přes OK
- vlož sem pak celý obsah logu z DDS (DDS.txt)

Re: Worm.Win32.AutoTDSS.axe (Vir)

Napsal: 24 led 2009 16:51
od M.I.RASL
DDS (Ver_09-01-19.01) - NTFSx86
Run by Miras at 16:21:20,53 on so 24.01.2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3070.1748 [GMT 1:00]

AV: F-Secure Internet Security 2008 8.00 *On-access scanning enabled* (Updated)
FW: F-Secure Internet Security 2008 8.00 *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Windows\system32\taskeng.exe
C:\ProgramData\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Users\Miras\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
mSearchAssistant =
BHO: Podpora odkazu pro Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: WebTransBHO Class: {2db66063-bb98-466a-aa0d-3e7acf5ed853} - c:\programdata\langsoft\WebIE.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Pomocník pro přihlášení ke službě Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: WebTranslator: {bfc32e1d-ee75-4a48-bc60-104e11ee2431} - c:\programdata\langsoft\WebIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [Skytel] Skytel.exe
mRun: [F-Secure Manager] "c:\program files\f-secure internet security\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\f-secure internet security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [<NO NAME>]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {BFC32E1D-EE75-4A48-BC60-104E11EE2431}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\langsoft\WebIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\langsoft\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\langsoft\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\langsoft\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\langsoft\WebIE.dll
Trusted Zone: mfcr.cz
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 1910436143
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 3721238433
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} - hxxp://adisepo.mfcr.cz/adistc/adis/idpr ... tsignx.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\miras\appdata\roaming\mozilla\firefox\profiles\cfpxescy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://cs.start2.mozilla.com/firefox?cl ... s:official
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresult ... default&q=
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.SOAPEncoding.schemaCollection", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("security.checkloaduri", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("bidi.characterset", 1);
c:\program files\mozilla firefox\defaults\pref\channel-prefs.js - pref("app.update.channel", "release");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");

============= SERVICES / DRIVERS ===============

R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-11-28 228376]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2008-7-25 212008]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-10-24 12800]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\f-secure internet security\hips\fshs.sys [2008-6-28 41184]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2008-6-28 34752]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-6-28 60064]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\f-secure internet security\anti-virus\minifilter\fsvista.sys [2008-6-28 12896]
R3 CEBFilter;CEBFilter;c:\program files\c&e\osd\osdservice\cebuffer.sys [2007-9-4 5120]
R3 CEIO;CEIO;c:\program files\c&e\osd\osdservice\ceio.sys [2007-8-31 4608]
R3 cKBFilter;cKBFilter;c:\program files\c&e\osd\osdservice\kbfiltr.sys [2007-8-31 7168]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure internet security\anti-virus\minifilter\fsgk.sys [2008-6-28 62048]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-3-18 46592]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-12-30 3668480]
R4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [2008-6-10 53032]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-30 603904]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure internet security\anti-virus\win2k\fsfilter.sys [2008-6-28 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure internet security\anti-virus\win2k\fsrec.sys [2008-6-28 25184]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2008-3-18 131616]
S4 OsdService;OsdService;c:\program files\c&e\osd\osdservice\OsdService.exe [2007-9-3 53248]

============== File Associations ===============

VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-01-23 21:48 <DIR> --d----- c:\program files\Microsoft
2009-01-23 21:15 <DIR> --d----- c:\program files\I.CA
2009-01-21 16:37 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2 SDK
2009-01-18 13:42 39,304 a------- c:\windows\system32\drivers\btcusb.sys
2009-01-17 21:16 <DIR> --d----- c:\program files\Microsoft Kalkulačka+
2009-01-16 19:16 <DIR> --d----- C:\PostSignum
2009-01-14 16:05 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-01-13 17:18 <DIR> --d----- C:\KLÍČE
2009-01-12 19:57 138,240 a------- c:\windows\system32\drivers\Rtlh86.sys
2009-01-12 19:57 10,240 a------- c:\windows\system32\RtNicProp32.dll
2009-01-12 19:52 83,808 a------- c:\windows\system32\drivers\jraid.sys
2009-01-12 19:48 176,128 a------- c:\windows\system32\BisonRem.dll
2009-01-12 19:48 753,328 a------- c:\windows\system32\drivers\BisonCam.sys
2009-01-10 18:34 <DIR> --d----- c:\program files\Passware
2009-01-09 23:15 21,204 a------- c:\windows\system32\TUProgSt_20090109-221504.dmp
2009-01-07 18:53 <DIR> --d-h--- c:\program files\Zero G Registry
2009-01-07 18:53 <DIR> --d----- c:\program files\PostSignumTool
2009-01-07 18:53 <DIR> --d-h--- c:\users\miras\InstallAnywhere
2009-01-04 14:39 <DIR> --d----- c:\program files\common files\xing shared
2009-01-04 14:39 499,712 a------- c:\windows\system32\msvcp71.dll
2009-01-04 14:39 348,160 a------- c:\windows\system32\msvcr71.dll
2009-01-04 12:21 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-01-04 11:37 <DIR> --d----- c:\programdata\SpeedBit
2009-01-04 11:37 <DIR> --d----- c:\progra~2\SpeedBit
2009-01-04 11:37 172,032 a------- c:\windows\system32\AniGIF.ocx
2009-01-04 00:39 69 a------- c:\windows\NeroDigital.ini
2009-01-04 00:28 <DIR> --d----- c:\windows\Freecorder Toolbar
2009-01-04 00:27 2,788,800 a------- c:\program files\FLV PlayerFCSetup.exe
2009-01-04 00:26 <DIR> --d----- c:\windows\Applian FLV Player
2009-01-03 23:48 <DIR> --d----- c:\users\miras\appdata\roaming\Uniblue
2009-01-03 23:48 <DIR> --d----- c:\programdata\DriverScanner
2009-01-03 23:48 <DIR> --d----- c:\progra~2\DriverScanner
2009-01-03 23:16 185 a------- c:\windows\DVDCreator.INI
2009-01-03 23:00 <DIR> --d----- c:\users\miras\dwhelper
2009-01-03 22:01 39,488 a------- c:\windows\system32\drivers\Pcouffin.sys
2009-01-03 15:08 <DIR> --d----- c:\windows\Downloaded Installations
2009-01-02 20:21 <DIR> --d----- c:\users\miras\appdata\roaming\365dni
2009-01-02 20:21 <DIR> --d----- c:\windows\365dní
2009-01-02 20:21 <DIR> --d----- c:\program files\365dníNET
2008-12-31 19:45 219 a------- c:\windows\win.mm~
2008-12-30 21:19 <DIR> --d----- c:\program files\Classic Menu for Office
2008-12-30 19:50 <DIR> --d----- C:\Zalohy
2008-12-30 19:44 <DIR> --d----- C:\FORM studio 2009
2008-12-30 19:14 <DIR> --d----- c:\users\miras\appdata\roaming\Hyperz
2008-12-30 19:11 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-30 14:01 3,668,480 a------- c:\windows\system32\drivers\NETw5v32.sys
2008-12-30 12:44 603,904 a------- c:\windows\system32\TUProgSt.exe
2008-12-30 12:44 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2008-12-30 12:44 27,904 a------- c:\windows\system32\uxtuneup.dll
2008-12-30 12:44 17,152 a------- c:\windows\system32\authuitu.dll
2008-12-30 12:38 <DIR> --d----- c:\programdata\Seznam DVD 2008
2008-12-30 12:38 <DIR> --d----- c:\progra~2\Seznam DVD 2008
2008-12-30 12:38 <DIR> --d----- c:\program files\Seznam DVD 2008
2008-12-27 23:31 <DIR> --dshr-- C:\resycled
2008-12-27 23:31 255 ---shr-- C:\autorun.inf
2008-12-27 20:07 <DIR> --d----- c:\program files\007DVD
2008-12-27 16:43 <DIR> --d----- c:\programdata\DVDXStudio
2008-12-27 16:43 <DIR> --d----- c:\program files\CloneDVD
2008-12-27 16:43 <DIR> --d----- c:\progra~2\DVDXStudio

==================== Find3M ====================

2009-01-21 18:06 652,236 a------- c:\windows\system32\perfh005.dat
2009-01-21 18:06 135,640 a------- c:\windows\system32\perfc005.dat
2009-01-18 13:43 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-18 13:43 86,016 a------- c:\windows\inf\infpub.dat
2009-01-18 13:43 86,016 a------- c:\windows\inf\infstor.dat
2009-01-16 23:15 31,871 a------- c:\programdata\nvModes.dat
2009-01-16 23:15 31,871 a------- c:\progra~2\nvModes.dat
2009-01-10 23:40 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-16 17:01 823,296 a------- c:\windows\isRS-000.tmp
2008-11-01 22:14 356,352 a------- c:\windows\eSellerateEngine.dll
2008-11-01 04:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-11-01 04:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-11-01 04:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-11-01 04:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-11-01 04:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-11-01 04:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-11-01 02:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-10-29 07:29 2,927,104 a------- c:\windows\explorer.exe
2008-10-28 17:08 27,335 a------- c:\users\miras\appdata\roaming\nvModes.dat
2008-08-12 18:39 0 a------- c:\users\miras\appdata\roaming\wklnhst.dat
2008-07-21 10:45 56 a---h--- c:\programdata\ezsidmv.dat
2008-07-21 10:45 56 a---h--- c:\progra~2\ezsidmv.dat
2008-06-12 15:02 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-25 12:33 174 a--sh--- c:\program files\desktop.ini
2008-05-17 15:06 87,608 a------- c:\users\miras\appdata\roaming\inst.exe
2008-05-17 15:06 47,360 a------- c:\users\miras\appdata\roaming\pcouffin.sys
2008-05-17 12:41 81,920 a------- c:\users\miras\appdata\roaming\ezpinst.exe
2008-05-17 09:53 32 a------- c:\programdata\ezsid.dat
2008-05-17 09:53 32 a------- c:\progra~2\ezsid.dat
2007-01-08 22:06 286,912 a------- c:\windows\inf\perflib\0405\perfi.dat
2007-01-08 22:06 286,912 a------- c:\windows\inf\perflib\0405\perfh.dat
2007-01-08 22:06 34,724 a------- c:\windows\inf\perflib\0405\perfd.dat
2007-01-08 22:06 34,724 a------- c:\windows\inf\perflib\0405\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 16:22:12,75 ===============

Re: Worm.Win32.AutoTDSS.axe (Vir)

Napsal: 24 led 2009 19:20
od fredik
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna, vypni rezidentní ochranu u antiviru/antispyware a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Pokud budeš vyzván k nainstalování Konzole pro zotavení tak zvol Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- Pak si rezidentní ochranu zapni zpět

Re: Worm.Win32.AutoTDSS.axe (Vir)

Napsal: 24 led 2009 19:54
od M.I.RASL
ComboFix 09-01-21.04 - Miras 2009-01-24 19:41:01.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1029.18.3070.2022 [GMT 1:00]
Spuštěný z: c:\users\Miras\Desktop\ComboFix.exe
AV: F-Secure Internet Security 2008 8.00 *On-access scanning disabled* (Updated)
FW: F-Secure Internet Security 2008 8.00 *enabled*
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\resycled
c:\resycled\boot.0om
c:\users\Miras\AppData\Roaming\inst.exe
D:\Autorun.inf
D:\resycled
d:\resycled\boot.0om
E:\Autorun.inf
E:\resycled
e:\resycled\boot.0om

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-24 do 2009-01-24 )))))))))))))))))))))))))))))))
.

2009-01-23 21:48 . 2009-01-23 21:48 <DIR> d-------- c:\program files\Microsoft
2009-01-23 21:15 . 2009-01-23 21:15 <DIR> d-------- c:\program files\I.CA
2009-01-21 16:37 . 2009-01-21 16:37 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2 SDK
2009-01-18 13:42 . 2009-01-03 16:40 39,304 --a------ c:\windows\System32\drivers\btcusb.sys
2009-01-17 21:16 . 2009-01-17 21:16 <DIR> d-------- c:\program files\Microsoft Kalkulačka+
2009-01-16 19:16 . 2009-01-16 19:16 <DIR> d-------- C:\PostSignum
2009-01-14 16:05 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-13 17:18 . 2009-01-16 20:11 <DIR> d-------- C:\KLÍČE
2009-01-12 19:57 . 2008-12-23 03:47 138,240 --a------ c:\windows\System32\drivers\Rtlh86.sys
2009-01-12 19:57 . 2008-12-23 03:47 10,240 --a------ c:\windows\System32\RtNicProp32.dll
2009-01-12 19:52 . 2008-12-29 10:53 83,808 --a------ c:\windows\System32\drivers\jraid.sys
2009-01-12 19:48 . 2007-05-25 11:33 753,328 --a------ c:\windows\System32\drivers\BisonCam.sys
2009-01-12 19:48 . 2006-11-28 21:02 176,128 --a------ c:\windows\System32\BisonRem.dll
2009-01-10 18:34 . 2009-01-10 18:34 <DIR> d-------- c:\program files\Passware
2009-01-09 23:15 . 2009-01-09 23:15 21,204 --a------ c:\windows\System32\TUProgSt_20090109-221504.dmp
2009-01-07 18:53 . 2009-01-07 18:53 <DIR> d--h----- c:\users\Miras\InstallAnywhere
2009-01-07 18:53 . 2009-01-07 18:53 <DIR> d--h----- c:\program files\Zero G Registry
2009-01-07 18:53 . 2009-01-12 17:03 <DIR> d-------- c:\program files\PostSignumTool
2009-01-04 14:39 . 2009-01-04 14:39 <DIR> d-------- c:\program files\Real
2009-01-04 14:39 . 2009-01-04 14:39 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-04 14:39 . 2009-01-04 14:39 499,712 --a------ c:\windows\System32\msvcp71.dll
2009-01-04 14:39 . 2009-01-04 14:39 348,160 --a------ c:\windows\System32\msvcr71.dll
2009-01-04 12:21 . 2009-01-04 12:21 2,560 --a------ c:\windows\_MSRSTRT.EXE
2009-01-04 11:37 . 2009-01-04 12:21 <DIR> d-------- c:\users\All Users\SpeedBit
2009-01-04 11:37 . 2009-01-04 12:21 <DIR> d-------- c:\programdata\SpeedBit
2009-01-04 11:37 . 2009-01-04 11:37 172,032 --a------ c:\windows\System32\AniGIF.ocx
2009-01-04 00:39 . 2009-01-04 10:30 69 --a------ c:\windows\NeroDigital.ini
2009-01-04 00:28 . 2009-01-04 00:28 <DIR> d-------- c:\windows\Freecorder Toolbar
2009-01-04 00:27 . 2009-01-04 00:27 2,788,800 --a------ c:\program files\FLV PlayerFCSetup.exe
2009-01-04 00:26 . 2009-01-04 00:26 <DIR> d-------- c:\windows\Applian FLV Player
2009-01-03 23:48 . 2009-01-03 23:57 <DIR> d-------- c:\users\Miras\AppData\Roaming\Uniblue
2009-01-03 23:48 . 2009-01-03 23:57 <DIR> d-------- c:\users\All Users\DriverScanner
2009-01-03 23:48 . 2009-01-03 23:57 <DIR> d-------- c:\programdata\DriverScanner
2009-01-03 23:16 . 2009-01-03 23:16 185 --a------ c:\windows\DVDCreator.INI
2009-01-03 23:00 . 2009-01-03 23:43 <DIR> d-------- c:\users\Miras\dwhelper
2009-01-03 22:01 . 2009-01-03 22:01 39,488 --a------ c:\windows\System32\drivers\Pcouffin.sys
2009-01-03 15:08 . 2009-01-03 15:08 <DIR> d-------- c:\windows\Downloaded Installations
2009-01-02 20:21 . 2009-01-02 20:21 <DIR> d-------- c:\windows\365dní
2009-01-02 20:21 . 2009-01-16 21:55 <DIR> d-------- c:\users\Miras\AppData\Roaming\365dni
2009-01-02 20:21 . 2009-01-02 20:21 <DIR> d-------- c:\program files\365dníNET
2008-12-31 19:45 . 2008-12-31 19:45 219 --a------ c:\windows\win.mm~
2008-12-30 21:19 . 2009-01-01 15:31 <DIR> d-------- c:\program files\Classic Menu for Office
2008-12-30 19:50 . 2009-01-17 17:44 <DIR> d-------- C:\Zalohy
2008-12-30 19:44 . 2009-01-09 19:49 <DIR> d-------- C:\FORM studio 2009
2008-12-30 19:14 . 2008-12-30 19:14 <DIR> d-------- c:\users\Miras\AppData\Roaming\Hyperz
2008-12-30 19:11 . 2008-12-30 19:11 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-30 14:01 . 2008-11-17 15:40 3,668,480 --a------ c:\windows\System32\drivers\NETw5v32.sys
2008-12-30 12:44 . 2008-12-30 12:44 603,904 --a------ c:\windows\System32\TUProgSt.exe
2008-12-30 12:44 . 2008-12-30 12:44 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2008-12-30 12:44 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2008-12-30 12:44 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
2008-12-30 12:38 . 2008-12-31 12:23 <DIR> d-------- c:\users\All Users\Seznam DVD 2008
2008-12-30 12:38 . 2008-12-31 12:23 <DIR> d-------- c:\programdata\Seznam DVD 2008
2008-12-30 12:38 . 2008-12-30 12:38 <DIR> d-------- c:\program files\Seznam DVD 2008
2008-12-27 20:07 . 2009-01-03 22:01 <DIR> d-------- c:\program files\007DVD
2008-12-27 16:43 . 2008-12-27 16:43 <DIR> d-------- c:\users\All Users\DVDXStudio
2008-12-27 16:43 . 2008-12-27 16:43 <DIR> d-------- c:\programdata\DVDXStudio
2008-12-27 16:43 . 2008-12-27 16:43 <DIR> d-------- c:\program files\CloneDVD

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 18:37 --------- d-----w c:\users\Miras\AppData\Roaming\Skype
2009-01-24 18:09 --------- d---a-w c:\programdata\TEMP
2009-01-24 16:21 --------- d-----w c:\users\Miras\AppData\Roaming\skypePM
2009-01-17 20:16 --------- d-----w c:\program files\Microsoft Kalkulačka+
2009-01-16 22:15 31,871 ----a-w c:\users\All Users\nvModes.dat
2009-01-16 22:15 31,871 ----a-w c:\programdata\nvModes.dat
2009-01-14 18:05 --------- d-----w c:\programdata\Microsoft Help
2009-01-14 18:05 --------- d-----w c:\program files\Windows Mail
2009-01-11 00:11 --------- d-----w c:\program files\IEPro
2009-01-11 00:10 --------- d-----w c:\program files\Java
2009-01-10 22:40 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-01-10 16:49 --------- d-----w c:\program files\KeePass Password Safe
2009-01-10 00:13 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-05 16:33 --------- d-----w c:\programdata\NVIDIA
2009-01-04 13:39 --------- d-----w c:\program files\Common Files\Real
2009-01-04 12:17 --------- d-----w c:\program files\MozBackup
2009-01-04 11:47 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-04 11:47 --------- d-----w c:\program files\CyberLink
2009-01-04 11:46 --------- d-----w c:\programdata\CyberLink
2009-01-04 11:42 --------- d-----w c:\program files\Innovative Solutions
2009-01-04 09:53 --------- d-----w c:\users\Miras\AppData\Roaming\Vso
2009-01-02 19:21 --------- d-----w c:\program files\365dníNET
2008-12-30 13:53 --------- d-----w c:\program files\7-Zip
2008-12-30 13:27 --------- d-----w c:\program files\CCleaner
2008-12-30 11:44 --------- d-----w c:\program files\TuneUp Utilities 2009
2008-12-27 16:07 --------- d-----w c:\program files\Standard MPEG Encoder
2008-12-23 20:24 --------- d-----w c:\program files\WinAVIVideoConverter
2008-12-13 15:46 --------- d-----w c:\users\Miras\AppData\Roaming\RaimaRadioPro
2008-12-13 15:45 --------- d-----w c:\program files\RaimaRadioPro
2008-12-13 13:32 --------- d-----w c:\users\Miras\AppData\Roaming\ABBYY
2008-12-13 13:22 --------- d-----w c:\programdata\ABBYY
2008-12-10 18:32 --------- d-sh--w c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2008-12-10 17:01 --------- d-----w c:\programdata\HP
2008-11-30 15:24 --------- d-----w c:\program files\NO1 Video Converter
2008-11-29 16:23 --------- d-----w c:\program files\HP
2008-11-24 16:03 --------- d-----w c:\programdata\NOS
2008-11-24 15:40 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-16 16:01 823,296 ----a-w c:\windows\isRS-000.tmp
2008-11-01 21:14 356,352 ----a-w c:\windows\eSellerateEngine.dll
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-28 16:08 27,335 ----a-w c:\users\Miras\AppData\Roaming\nvModes.dat
2008-10-24 09:55 74,703 ----a-w c:\windows\System32\mfc45.dll
2008-08-12 17:39 0 ----a-w c:\users\Miras\AppData\Roaming\wklnhst.dat
2008-07-21 09:45 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-07-21 09:45 56 ---ha-w c:\programdata\ezsidmv.dat
2008-05-25 11:33 174 --sha-w c:\program files\desktop.ini
2008-05-17 14:06 47,360 ----a-w c:\users\Miras\AppData\Roaming\pcouffin.sys
2008-05-17 11:41 81,920 ----a-w c:\users\Miras\AppData\Roaming\ezpinst.exe
2008-05-17 08:53 32 ----a-w c:\users\All Users\ezsid.dat
2008-05-17 08:53 32 ----a-w c:\programdata\ezsid.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2008-06-10 11:29 97064 --a------ c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 174616]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-24 33304]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"F-Secure Manager"="c:\program files\F-Secure Internet Security\Common\FSM32.EXE" [2008-04-04 182936]
"F-Secure TNB"="c:\program files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2008-04-04 739936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-08 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-08 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-07 c:\windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mjpg"= pvmjpg30.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe"
"AdobeUpdater"=c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" -agent
"ehTray.exe"=c:\windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
"recinfo956"=c:\recinfo\RecInfo.exe
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"SecurDisc"=c:\program files\Nero\Nero8\InCD\NBHGui.exe
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{A92C1033-A04B-4ACB-AF5B-571C8B58D65D}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{DCE48DE8-9F67-437D-BBE4-F5309885483B}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{DD63E8C2-9375-464A-ACCC-5BAA023F6144}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{BDEEE33C-6B44-44B3-9B84-8AA5CC71FC9F}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{BA3339C9-AF26-4BEF-886E-59B2295A2D05}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{525FE860-369D-4266-A811-1CEE60EC8B90}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{444354A3-0FF9-4BE3-AE0E-5186CB819338}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{1E6E771E-8D8E-49C2-9612-60139648C3EB}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"{44F02227-1329-44B5-9C18-27A9EE9C6EC1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{6E9BC8C3-05DC-4A20-B80A-3071BD994E1B}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{45BF422D-8BD8-49C5-9486-D5EBE017C421}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{A631E01A-BA1A-428E-9F0C-BF3AD5995729}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{96CEC4B5-F8A3-4366-BC54-AF2C18B89A92}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"{3C42A489-E069-4F38-AC42-DD342F1583F2}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{3993A08F-F39F-40AE-A725-278B0F1DB625}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{99A19FC6-A3D5-48C8-966E-931D3DD42A86}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C3944E6D-1345-400B-ABFE-6B1A3BE38EBF}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D574DB68-0EE1-4CFE-9086-16A652358971}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5AE958C0-347C-4D79-8319-5D7790041E33}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{064E3285-03A8-4380-B90F-1003485DF045}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"TCP Query User{FBE88B33-696D-4CF8-B988-89FBF7919379}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{5412A09A-B490-46A3-AE40-E920E43562C5}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{7612E641-EC9A-4B97-8FC1-41F80678A544}c:\\program files\\adobe\\acrobat 8.0\\acrobat\\acrobat.exe"= UDP:c:\program files\adobe\acrobat 8.0\acrobat\acrobat.exe:Adobe Acrobat 8.1
"UDP Query User{108CDE0E-FA54-44DF-81C5-A5F04EA48116}c:\\program files\\adobe\\acrobat 8.0\\acrobat\\acrobat.exe"= TCP:c:\program files\adobe\acrobat 8.0\acrobat\acrobat.exe:Adobe Acrobat 8.1
"TCP Query User{0F8F7228-6CAE-4A2D-938C-38588DFC00C3}c:\\program files\\streamripper32\\streamripper32.exe"= UDP:c:\program files\streamripper32\streamripper32.exe:SRipper
"UDP Query User{3A2BD25C-9848-4836-9F78-4DCFBA73F0A6}c:\\program files\\streamripper32\\streamripper32.exe"= TCP:c:\program files\streamripper32\streamripper32.exe:SRipper
"{E3A2A2D0-C525-4E90-9948-9EF9EA085035}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{2ED3B964-6575-43B4-8C4F-E9E59AF6B6EC}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{2CCE5BD4-926F-4718-A24E-FA3E15A0C5C1}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{5D94C3EA-C64B-4DD5-9A92-AAA009B3DDF5}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"TCP Query User{B7934AF6-CF03-4D3A-AE46-11753C22D10E}c:\\windows\\ehome\\ehexthost.exe"= UDP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"UDP Query User{E5B603DF-2D9A-494C-A1CD-93AA3D458CAB}c:\\windows\\ehome\\ehexthost.exe"= TCP:c:\windows\ehome\ehexthost.exe:Media Center Extensibility Host
"TCP Query User{87CD5652-BA54-4D01-9B67-05EBF9A13438}c:\\program files\\raimaradiopro\\raimaradio.exe"= UDP:c:\program files\raimaradiopro\raimaradio.exe:RaimaRadioPro
"UDP Query User{57AF0924-1E90-4648-A36D-10F9FCD46EEC}c:\\program files\\raimaradiopro\\raimaradio.exe"= TCP:c:\program files\raimaradiopro\raimaradio.exe:RaimaRadioPro
"TCP Query User{BE03EC01-B94D-4BE4-9E33-EA4C990EA8EB}c:\\program files\\k-lite codec pack\\media player classic\\mplayerc.exe"= UDP:c:\program files\k-lite codec pack\media player classic\mplayerc.exe:Media Player Classic
"UDP Query User{39863769-0E67-4C3E-9791-7CD4437713AB}c:\\program files\\k-lite codec pack\\media player classic\\mplayerc.exe"= TCP:c:\program files\k-lite codec pack\media player classic\mplayerc.exe:Media Player Classic
"TCP Query User{12239235-9725-4826-8AA4-D134351BCC03}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{60746509-E30B-445D-A20D-125A41B38FC0}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{1D75881C-E9F5-4318-A916-446F9B364FD6}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{2DE6B2A6-8785-4380-B7E3-9289627128A5}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{AD37C243-1568-4393-B688-57E7B2C836C6}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{17BAA47C-90A5-446F-B5ED-62E72C146A82}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{284A2B87-1818-4683-92CE-AF6DA032F2D1}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{402B6AE6-5AE1-4AD8-8B69-EE7714574AC1}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{A10C6211-21BB-4052-AEB3-DD685D05DC10}"= UDP:c:\windows\System32\wercon.exe:Hlášení a řešení problémů
"{1CEB2C04-5630-456D-AA41-7239EB84E775}"= TCP:c:\windows\System32\wercon.exe:Hlášení a řešení problémů

R0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [2008-11-28 228376]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2008-07-25 212008]
R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [2008-10-24 12800]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\F-Secure Internet Security\HIPS\fshs.sys [2008-06-28 41184]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2008-06-28 34752]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2008-06-28 60064]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsvista.sys [2008-06-28 12896]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-07-09 72192]
R3 CEBFilter;CEBFilter;c:\program files\C&E\OSD\OsdService\cebuffer.sys [2007-09-04 5120]
R3 CEIO;CEIO;c:\program files\C&E\OSD\OsdService\ceio.sys [2007-08-31 4608]
R3 cKBFilter;cKBFilter;c:\program files\C&E\OSD\OsdService\kbfiltr.sys [2007-08-31 7168]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2008-06-28 62048]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [2008-03-18 46592]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-12-30 3668480]
R4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2008-06-10 53032]
R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-30 603904]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys [2008-06-28 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys [2008-06-28 25184]
S4 OsdService;OsdService;c:\program files\C&E\OSD\OsdService\OsdService.exe [2007-09-03 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b4c9914-2816-11dd-8a33-001060d11ab6}]
\shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0df146a-1cee-11dd-ab13-001060d11ab6}]
\shell\AutoRun\command - G:\LaunchU3.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-01-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]

2009-01-24 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-SECU~1\ANTI-V~1\fsav.exe [2008-04-04 19:07]

2009-01-24 c:\windows\Tasks\User_Feed_Synchronization-{D3D711D4-5288-4A51-8364-169F8A486EEA}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 22:33]

2009-01-24 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
.
.
------- Doplňkový sken -------
.
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
Trusted Zone: mfcr.cz
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} - hxxp://adisepo.mfcr.cz/adistc/adis/idpr ... tsignx.cab
FF - ProfilePath - c:\users\Miras\AppData\Roaming\Mozilla\Firefox\Profiles\cfpxescy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://cs.start2.mozilla.com/firefox?cl ... s:official
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresult ... default&q=
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 19:43:00
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-01-24 19:44:08
ComboFix-quarantined-files.txt 2009-01-24 18:44:06

Před spuštěním: Volných bajtů: 131 265 949 696
Po spuštění: Volných bajtů: 131,346,161,664

329 --- E O F --- 2009-01-23 20:48:54

Re: Worm.Win32.AutoTDSS.axe (Vir)

Napsal: 25 led 2009 15:16
od fredik
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře a dej Ok:
ComboFix /u
- mezi ComboFix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Stáhni si System Repair Engineer (SREng)
- Rozbal stažený archiv do vlastního adresáře
- Spusť ho a zvol možnost System Repair
- Na první záložce File Associations pokud bude zatrhnutý/vybraný některý čtvereček z výpisu, tak klikni dole na tlačítko Repair

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Vlož sem pak log z HJT.

Re: Worm.Win32.AutoTDSS.axe (Vir)

Napsal: 25 led 2009 15:55
od M.I.RASL
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:14, on 25.1.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\ProgramData\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mfcr.cz
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1910436143
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3721238433
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} (CryptSignX Control) - http://adisepo.mfcr.cz/adistc/adis/idpr ... tsignx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OsdService - Unknown owner - C:\Program Files\C&E\OSD\OsdService\OsdService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 9520 bytes

Re: Worm.Win32.AutoTDSS.axe (Vir)

Napsal: 25 led 2009 19:05
od fredik
V HTJ fixni tyto položky:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

Máš ještě nějaké problémy?

Re: Worm.Win32.AutoTDSS.axe (Vir)

Napsal: 26 led 2009 17:02
od M.I.RASL
Tak jsem V HTJ fixnul tyto položky:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

ale

R0 - se odstranil
O3 - zůstal
O9 - zůstal

je to tak v pořádku?

Re: Worm.Win32.AutoTDSS.axe (Vir)

Napsal: 26 led 2009 21:02
od fredik
Zkus spustit HJT s admin. právy. Klikni pravým tlačítkem myši na HJT a zvol možnost Spustit jako administrátor a pak zkus ty dvě zbývající položky fixnout.

Pokud by tam zůstaly, tak si s tím nemusíš dělat starosti, není to nic nebezpečného.

Re: Worm.Win32.AutoTDSS.axe (Vir)

Napsal: 27 led 2009 16:32
od M.I.RASL
Moc ti děkuji za pomoc,
projel jsem to antivirem s výsledkem bez virů.
Ještě jednou mnoho díků.

Re: Worm.Win32.AutoTDSS.axe (Vir)

Napsal: 27 led 2009 21:06
od fredik
Není zač Obrázek
Časové pásmo: UTC+02:00
Stránka 1 z 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/