//téma odděleno od druhého
Dobrý den,
ma residentni ochrana mi dnes detekovala virus vbs:malware-gen.
nelze se ho zbavit..... Zkousela jsem dle rad stahnout ComboFiX, ale ani jeden z odkazu na nej mi nefunguje...
Prosim moc o pomoc!!! Dekuji
Tady je muj HTJ log.....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:13:57, on 25.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Applications\wcs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\tempo-2C9.tmp
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\misskhoma\Plocha\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [1d20125b] rundll32.exe "C:\WINDOWS\system32\hhmnodkr.dll",b
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdxeb.exe] C:\WINDOWS\system32\kdxeb.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKLM\..\Policies\Explorer\Run: [QuickTimeTask] C:\Program Files\Applications\wcs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://flppy2007.spaces.live.com/PhotoU ... nPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BC6E90E-B386-44FC-A1C3-852F88E430E5}: NameServer = 85.255.115.110,85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\..\{F05FEC3A-7AAD-4858-A82E-F10F7F4A00A5}: NameServer = 85.255.115.110,85.255.112.175
O17 - HKLM\System\CS1\Services\Tcpip\..\{2BC6E90E-B386-44FC-A1C3-852F88E430E5}: NameServer = 85.255.115.110,85.255.112.175
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
--
End of file - 10757 bytes
VBS:Malware-gen - prosím o pomoc s tímto otravným červem
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: VBS:Malware-gen - prosím o pomoc s tímto otravným červem
Vítej na fóru
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Použij Fixwareout podle návodu a vlož sem z něho log
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
PS: příště si založ vlastní téma, i kdyby jsi měl stejný problém jako se zde řešil.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Použij Fixwareout podle návodu a vlož sem z něho log
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
PS: příště si založ vlastní téma, i kdyby jsi měl stejný problém jako se zde řešil.
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: VBS:Malware-gen - prosím o pomoc s tímto otravným červem
Dekuji moc a moc za radu!!!! A omlouvam se, jsem tu poprve a priste uz se napravim...
Tady je report z SDFixu:
SDFix: Version 1.237
Run by misskhoma on źt 23.10.2008 at 15:45
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
DNSChanger Trojan Found!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdxeb.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\system32\\kdxeb.exe"
Restoring Default System value
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\iifdDwvU.dll - Deleted
C:\WINDOWS\system32\kdxeb.exe - Deleted
C:\WINDOWS\LOGON.EXE - Deleted
C:\autorun.inf - Deleted
C:\resycled\boot.com - Deleted
C:\Program Files\Antivirus 2009\av2009.exe - Deleted
C:\DOCUME~1\MISSKH~1\LOCALS~1\Temp\tmp4.tmp - Deleted
C:\DOCUME~1\MISSKH~1\LOCALS~1\Temp\tmp5.tmp - Deleted
C:\DOCUME~1\MISSKH~1\LOCALS~1\Temp\tmp59.tmp - Deleted
C:\DOCUME~1\MISSKH~1\LOCALS~1\Temp\tmp8.tmp - Deleted
C:\DOCUME~1\MISSKH~1\LOCALS~1\Temp\tmp6.tmp - Deleted
C:\DOCUME~1\MISSKH~1\LOCALS~1\Temp\tmp7.tmp - Deleted
C:\DOCUME~1\MISSKH~1\LOCALS~1\Temp\tmpA.tmp - Deleted
C:\Documents and Settings\misskhoma\Data aplikacˇ\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk - Deleted
C:\Documents and Settings\misskhoma\Plocha\Antivirus 2009.lnk - Deleted
C:\DOCUME~1\MISSKH~1\LOCALS~1\Temp\removalfile.bat - Deleted
C:\WINDOWS\system32\autorun.ini - Deleted
C:\WINDOWS\system32\ieexplorer32.exe - Deleted
C:\WINDOWS\system32\ieupdates.exe - Deleted
C:\WINDOWS\system32\scui.cpl - Deleted
C:\WINDOWS\system32\winsrc.dll - Deleted
Folder C:\Program Files\Antivirus 2009 - Removed
Folder C:\resycled - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 15:58:36
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe:*:Enabled:Vzd len pomoc - Windows Messenger a pýenos hlasu"
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sat 11 Feb 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Sat 11 Feb 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Sat 11 Feb 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Sat 11 Feb 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Sat 11 Feb 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Mon 26 Mar 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
Sat 9 Sep 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 30 Sep 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Sun 30 Dec 2007 227 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti10.tmp"
Fri 24 Oct 2008 32,256 A.SHR --- "C:\System Volume Information\_restore{3DEE47E7-7957-4548-84D4-67319AC0FA06}\RP463\A0036111.com"
Fri 24 Oct 2008 32,256 A.SHR --- "C:\System Volume Information\_restore{3DEE47E7-7957-4548-84D4-67319AC0FA06}\RP463\A0036129.COM"
Fri 24 Oct 2008 32,256 A.SHR --- "C:\System Volume Information\_restore{3DEE47E7-7957-4548-84D4-67319AC0FA06}\RP463\A0036145.com"
Fri 24 Oct 2008 32,256 A.SHR --- "C:\System Volume Information\_restore{3DEE47E7-7957-4548-84D4-67319AC0FA06}\RP463\A0036165.com"
Fri 24 Oct 2008 32,256 A.SHR --- "C:\System Volume Information\_restore{3DEE47E7-7957-4548-84D4-67319AC0FA06}\RP463\A0036186.com"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a5f16949630e8c407182e4928048db02\BIT4.tmp"
Finished!
Tady je report z SDFixu:
SDFix: Version 1.237
Run by misskhoma on źt 23.10.2008 at 15:45
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
DNSChanger Trojan Found!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdxeb.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\system32\\kdxeb.exe"
Restoring Default System value
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\iifdDwvU.dll - Deleted
C:\WINDOWS\system32\kdxeb.exe - Deleted
C:\WINDOWS\LOGON.EXE - Deleted
C:\autorun.inf - Deleted
C:\resycled\boot.com - Deleted
C:\Program Files\Antivirus 2009\av2009.exe - Deleted
C:\DOCUME~1\MISSKH~1\LOCALS~1\Temp\tmp4.tmp - Deleted
C:\DOCUME~1\MISSKH~1\LOCALS~1\Temp\tmp5.tmp - Deleted
C:\DOCUME~1\MISSKH~1\LOCALS~1\Temp\tmp59.tmp - Deleted
C:\DOCUME~1\MISSKH~1\LOCALS~1\Temp\tmp8.tmp - Deleted
C:\DOCUME~1\MISSKH~1\LOCALS~1\Temp\tmp6.tmp - Deleted
C:\DOCUME~1\MISSKH~1\LOCALS~1\Temp\tmp7.tmp - Deleted
C:\DOCUME~1\MISSKH~1\LOCALS~1\Temp\tmpA.tmp - Deleted
C:\Documents and Settings\misskhoma\Data aplikacˇ\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk - Deleted
C:\Documents and Settings\misskhoma\Plocha\Antivirus 2009.lnk - Deleted
C:\DOCUME~1\MISSKH~1\LOCALS~1\Temp\removalfile.bat - Deleted
C:\WINDOWS\system32\autorun.ini - Deleted
C:\WINDOWS\system32\ieexplorer32.exe - Deleted
C:\WINDOWS\system32\ieupdates.exe - Deleted
C:\WINDOWS\system32\scui.cpl - Deleted
C:\WINDOWS\system32\winsrc.dll - Deleted
Folder C:\Program Files\Antivirus 2009 - Removed
Folder C:\resycled - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 15:58:36
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe:*:Enabled:Vzd len pomoc - Windows Messenger a pýenos hlasu"
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sat 11 Feb 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Sat 11 Feb 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Sat 11 Feb 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Sat 11 Feb 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Sat 11 Feb 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Mon 26 Mar 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
Sat 9 Sep 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 30 Sep 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Sun 30 Dec 2007 227 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti10.tmp"
Fri 24 Oct 2008 32,256 A.SHR --- "C:\System Volume Information\_restore{3DEE47E7-7957-4548-84D4-67319AC0FA06}\RP463\A0036111.com"
Fri 24 Oct 2008 32,256 A.SHR --- "C:\System Volume Information\_restore{3DEE47E7-7957-4548-84D4-67319AC0FA06}\RP463\A0036129.COM"
Fri 24 Oct 2008 32,256 A.SHR --- "C:\System Volume Information\_restore{3DEE47E7-7957-4548-84D4-67319AC0FA06}\RP463\A0036145.com"
Fri 24 Oct 2008 32,256 A.SHR --- "C:\System Volume Information\_restore{3DEE47E7-7957-4548-84D4-67319AC0FA06}\RP463\A0036165.com"
Fri 24 Oct 2008 32,256 A.SHR --- "C:\System Volume Information\_restore{3DEE47E7-7957-4548-84D4-67319AC0FA06}\RP463\A0036186.com"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a5f16949630e8c407182e4928048db02\BIT4.tmp"
Finished!
Re: VBS:Malware-gen - prosím o pomoc s tímto otravným červem
A tady je vysledek z Malwarebyte AntiMalware...
Malwarebytes' Anti-Malware 1.30
Verze databáze: 1319
Windows 5.1.2600 Service Pack 2
23.10.2008 17:28:50
mbam-log-2008-10-23 (17-28-33).txt
Typ skenu: Rychlý sken
Objektu skenováno: 49448
Uplynulý cas: 4 minute(s), 28 second(s)
Infikované procesy pameti: 1
Infikované pametové moduly: 1
Infikované klíce registru: 50
Infikované hodnoty registru: 6
Infikované položky dat registru: 12
Infikované složky: 11
Infikované soubory: 28
Infikované procesy pameti:
C:\WINDOWS\Temp\tempo-3D1.tmp (Trojan.FakeAlert) -> No action taken.
Infikované pametové moduly:
C:\WINDOWS\system32\opnkkllM.dll (Trojan.Vundo.H) -> No action taken.
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebeac64f-cb4d-4f65-99f6-ac3ca275090d} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ebeac64f-cb4d-4f65-99f6-ac3ca275090d} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\toolband.xttbpos00 (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77d6ddfa-7834-4541-b2b3-a8b0fb0e3924} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7558e739-8e7c-44bb-bce7-1bf0d72b7026} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4bd2d6c3-31dc-b947-23d0-dc52ec4f0c4c} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\toolband.xttbpos00.1 (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037C7B8A-151A-49E6-BAED-CC05FCB50328} (Adware.Search Toolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ebeac64f-cb4d-4f65-99f6-ac3ca275090d} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnkkllm -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdqmg.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnkkllm -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2bc6e90e-b386-44fc-a1c3-852f88e430e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.40,85.255.112.101 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f05fec3a-7aad-4858-a82e-f10f7f4a00a5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.40,85.255.112.101 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f05fec3a-7aad-4858-a82e-f10f7f4a00a5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.40,85.255.112.101 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2bc6e90e-b386-44fc-a1c3-852f88e430e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.40,85.255.112.101 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f05fec3a-7aad-4858-a82e-f10f7f4a00a5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.40,85.255.112.101 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f05fec3a-7aad-4858-a82e-f10f7f4a00a5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.40,85.255.112.101 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2bc6e90e-b386-44fc-a1c3-852f88e430e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.110,85.255.112.175 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f05fec3a-7aad-4858-a82e-f10f7f4a00a5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.110,85.255.112.175 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f05fec3a-7aad-4858-a82e-f10f7f4a00a5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.110,85.255.112.175 -> No action taken.
Infikované složky:
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> No action taken.
C:\resycled (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\report (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\db (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Nabídka Start\Antivirus 2009 (Rogue.Antivirus2008) -> No action taken.
Infikované soubory:
C:\WINDOWS\system32\opnkkllM.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\Mllkknpo.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\Mllkknpo.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\cnxnqrjs.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sjrqnxnc.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xcibwrpg.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gprwbicx.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kdqmg.exe (Rootkit.DNSChanger.H) -> No action taken.
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.
C:\WINDOWS\system32\uxdngqyx.exe (Trojan.LowZones) -> No action taken.
C:\WINDOWS\system32\saiyfdrk.exe (Trojan.LowZones) -> No action taken.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> No action taken.
C:\resycled\boot.com (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Nabídka Start\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\misskhoma\Nabídka Start\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\Default User\results.txt (Malware.Trace) -> No action taken.
C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> No action taken.
C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\misskhoma\results.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\Temp\tempo-3D1.tmp (Trojan.FakeAlert) -> No action taken.
Malwarebytes' Anti-Malware 1.30
Verze databáze: 1319
Windows 5.1.2600 Service Pack 2
23.10.2008 17:28:50
mbam-log-2008-10-23 (17-28-33).txt
Typ skenu: Rychlý sken
Objektu skenováno: 49448
Uplynulý cas: 4 minute(s), 28 second(s)
Infikované procesy pameti: 1
Infikované pametové moduly: 1
Infikované klíce registru: 50
Infikované hodnoty registru: 6
Infikované položky dat registru: 12
Infikované složky: 11
Infikované soubory: 28
Infikované procesy pameti:
C:\WINDOWS\Temp\tempo-3D1.tmp (Trojan.FakeAlert) -> No action taken.
Infikované pametové moduly:
C:\WINDOWS\system32\opnkkllM.dll (Trojan.Vundo.H) -> No action taken.
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebeac64f-cb4d-4f65-99f6-ac3ca275090d} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ebeac64f-cb4d-4f65-99f6-ac3ca275090d} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\toolband.xttbpos00 (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77d6ddfa-7834-4541-b2b3-a8b0fb0e3924} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7558e739-8e7c-44bb-bce7-1bf0d72b7026} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4bd2d6c3-31dc-b947-23d0-dc52ec4f0c4c} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\toolband.xttbpos00.1 (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037C7B8A-151A-49E6-BAED-CC05FCB50328} (Adware.Search Toolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ebeac64f-cb4d-4f65-99f6-ac3ca275090d} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{855f3b16-6d32-4fe6-8a56-bbb695989046} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnkkllm -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdqmg.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnkkllm -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2bc6e90e-b386-44fc-a1c3-852f88e430e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.40,85.255.112.101 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f05fec3a-7aad-4858-a82e-f10f7f4a00a5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.40,85.255.112.101 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f05fec3a-7aad-4858-a82e-f10f7f4a00a5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.40,85.255.112.101 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2bc6e90e-b386-44fc-a1c3-852f88e430e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.40,85.255.112.101 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f05fec3a-7aad-4858-a82e-f10f7f4a00a5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.40,85.255.112.101 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f05fec3a-7aad-4858-a82e-f10f7f4a00a5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.40,85.255.112.101 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2bc6e90e-b386-44fc-a1c3-852f88e430e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.110,85.255.112.175 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f05fec3a-7aad-4858-a82e-f10f7f4a00a5}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.110,85.255.112.175 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f05fec3a-7aad-4858-a82e-f10f7f4a00a5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.110,85.255.112.175 -> No action taken.
Infikované složky:
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> No action taken.
C:\resycled (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\report (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\db (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Nabídka Start\Antivirus 2009 (Rogue.Antivirus2008) -> No action taken.
Infikované soubory:
C:\WINDOWS\system32\opnkkllM.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\Mllkknpo.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\Mllkknpo.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\cnxnqrjs.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sjrqnxnc.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xcibwrpg.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gprwbicx.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kdqmg.exe (Rootkit.DNSChanger.H) -> No action taken.
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.
C:\WINDOWS\system32\uxdngqyx.exe (Trojan.LowZones) -> No action taken.
C:\WINDOWS\system32\saiyfdrk.exe (Trojan.LowZones) -> No action taken.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> No action taken.
C:\resycled\boot.com (Trojan.DNSChanger) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Data aplikací\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\misskhoma\Nabídka Start\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\misskhoma\Nabídka Start\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\Default User\results.txt (Malware.Trace) -> No action taken.
C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> No action taken.
C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\misskhoma\results.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\Temp\tempo-3D1.tmp (Trojan.FakeAlert) -> No action taken.
Re: VBS:Malware-gen - prosím o pomoc s tímto otravným červem
Prosim prosim o radu... mam neco ze scanu Antimalware vymazat?? Obavam se, ze mi vir jeste vice zaneradi pocitac nez uz je ted.... :/
Dekuji!!!
Dekuji!!!
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: VBS:Malware-gen - prosím o pomoc s tímto otravným červem
Promiň za zpožděnou odpověď, ale nedošlo mi upozornění že už jsi odpověděl.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Vynechal jsi první krok s Fixwareout. Tak se mrkni na ten odkaz a dole je napsáno postup co pak dělat, pokud by ti nešel pak internet. Pokud by jsi nevěděl jak na to, tak si ho někam ulož aby sis to mohl pak nastavit.
Pokud by ti pak po jeho odstranění nešel internet a měl jsi nastaveno získávání adres DNS serverů automaticky, budeš si muset nastavit IP adresy serverů DNS podle tvého poskytovatele. Pokud by jsi je nevěděl, tak se zkus podívat na jeho stránky, nebo ho případně zkus kontaktovat. Dočasně si můžeš nastavit tyto IP 208.67.222.222 a 208.67.220.220 patřící k službě OpenDNS.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results (Zobrazit výsledky)
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected (Odstranit vybrané)
- když skončí odstraňování tak se ti zobrazí log, vlož ho sem
- pak zvol v programu OK a pak program ukonči přes Exit
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Zkus si pak stáhnout ComboFix a postupuj podle kroků o kterých tě bude informovat. Pokud by ti i nadále nešel stáhnout, tak sem vlož log z RSIT:
Stáhni si RSIT (by random/random)
- spusť ho, objeví se ti okno, tak pro pokračování klikni na Continue
- počkej až program proběhne a zobrazí se ti log jinak ho najdeš zde: C:\rsit\log.txt zkopíruj sem prosím celý jeho obsah
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Vynechal jsi první krok s Fixwareout. Tak se mrkni na ten odkaz a dole je napsáno postup co pak dělat, pokud by ti nešel pak internet. Pokud by jsi nevěděl jak na to, tak si ho někam ulož aby sis to mohl pak nastavit.
Pokud by ti pak po jeho odstranění nešel internet a měl jsi nastaveno získávání adres DNS serverů automaticky, budeš si muset nastavit IP adresy serverů DNS podle tvého poskytovatele. Pokud by jsi je nevěděl, tak se zkus podívat na jeho stránky, nebo ho případně zkus kontaktovat. Dočasně si můžeš nastavit tyto IP 208.67.222.222 a 208.67.220.220 patřící k službě OpenDNS.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results (Zobrazit výsledky)
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected (Odstranit vybrané)
- když skončí odstraňování tak se ti zobrazí log, vlož ho sem
- pak zvol v programu OK a pak program ukonči přes Exit
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Zkus si pak stáhnout ComboFix a postupuj podle kroků o kterých tě bude informovat. Pokud by ti i nadále nešel stáhnout, tak sem vlož log z RSIT:
Stáhni si RSIT (by random/random)
- spusť ho, objeví se ti okno, tak pro pokračování klikni na Continue
- počkej až program proběhne a zobrazí se ti log jinak ho najdeš zde: C:\rsit\log.txt zkopíruj sem prosím celý jeho obsah
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 1 host