Zdravím všechny, prosím o radu ohledně viru z facebooku. Vymazal mi antiviry, nepomáhá ani léčení disku z jiného pc. Koukal jsem na diskuze že už to řešíte ale každý má mít své téma. Posilam log. Moc děkuji za rady...
Malwarebytes' Anti-Malware
www.malwarebytes.org
Verze databáze:
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
24.9.2011 11:29:44
mbam-log-2011-09-24 (11-29-38).txt
Typ: Rychlá kontrola
Kontrolované objekty: 229124
Uplynulý čas: 6 minut, 15 sekund
Infikované procesy v paměti: 11
Infikované moduly v paměti: 0
Infikované klíče v registru: 13
Infikované hodnoty v registru: 9
Infikované datové položky v registru: 3
Infikované složky: 7
Infikované soubory: 100
Infikované procesy v paměti:
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> 1748 -> No action taken.
c:\WINDOWS\update.tray-10-0\svchost.exe (Trojan.Dropper) -> 3972 -> No action taken.
c:\WINDOWS\update.tray-3-0\svchost.exe (Trojan.Dropper) -> 3980 -> No action taken.
c:\WINDOWS\update.tray-2-0\svchost.exe (Trojan.Dropper) -> 3988 -> No action taken.
c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Dropper) -> 4000 -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.FakeAlert) -> 208 -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> 1660 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 780 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 2140 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 596 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 844 -> No action taken.
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{AC5AB953-ED25-4F9C-87F0-B086B0178FFA} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160F76A-1992-4B17-A32D-0C706D159105} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35B8D58C-B0CB-46B0-BA64-05B3804E4E86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CDBFB47B-58A8-4111-BF95-06178DCE326D} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> No action taken.
Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico2 (Trojan.Dropper) -> Value: tray_ico2 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico3 (Trojan.Dropper) -> Value: tray_ico3 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.FakeAlert) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Delf) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Delf) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.
Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\Data (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Cache (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Skins (Adware.DoubleD) -> No action taken.
Infikované soubory:
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-10-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-3-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-2-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\services32.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\6137380.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\Setup.exe (Adware.DoubleD) -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.FakeAlert) -> No action taken.
c:\WINDOWS\Temp\339451128.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\WINDOWS\Temp\973031621.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> No action taken.
c:\WINDOWS\sysdriver32_.exe (Trojan.Delf) -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\bg.jpg (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\currentversion.xml (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\extractzipfile.zip (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\icon.ico (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\tdf.dat (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\Data\productinfo.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Cache\248d6576afce4ee94af42d7350131106.gif (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Cache\24a70fb875fab686b6b3c217612bc07c.gif (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Cache\default1.dat (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Cache\loading.dat (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Cache\loading.gif (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\module_screensaver.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\module_cursor.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\module_dailyvideo.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\module_game.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\module_glitter.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\module_logo.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\module_option.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\module_recipe.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\module_ringtone.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\module_search.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\module_smiley.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\module_smiley_config.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\module_smiley_tellafriend.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\module_wallpaper.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\module_web.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\pixel.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\productinfo.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\profile.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\searchenginelist.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\tbcore.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\toolbarlayout.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\updatecentre.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\updatecentrebk.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\urldynamic.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Data\urlstatic.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\module_recipe.mg (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\About.mg (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\component_combobox.mg (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\module_cursor.mg (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\module_cursor.png (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\module_dailyvideo.mg (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\module_game.mg (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\module_glitter.mg (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\module_glitter.png (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\module_logo.mg (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\module_option.mg (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\module_ringtone.mg (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\module_screensaver.mg (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\module_search.mg (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\module_smiley.mg (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\module_smiley.png (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\module_wallpaper.mg (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\module_web.mg (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtndefault.png (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtndisplay.bmp (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtndisplay.png (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtndisplay18.bmp (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtndisplay20.bmp (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtnglitters.bmp (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtnglitters.png (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtnglitters18.bmp (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtnglitters20.bmp (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtnoption.png (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtnsmiley.bmp (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtnsmiley.png (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtnsmiley18.bmp (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtnsmiley20.bmp (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtntellfd.bmp (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtntellfd.png (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtntellfd18.bmp (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtntellfd20.bmp (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtnwink.bmp (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtnwink.png (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtnwink18.bmp (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Icons\tbbtnwink20.bmp (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Skins\myskin1.skf (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Skins\myskin2.skf (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Skins\myskin3.skf (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Skins\myskin4.skf (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Skins\tellafriendskin.skf (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Skins\tellafriendskin_s.skf (Adware.DoubleD) -> No action taken.
c:\documents and settings\ladislav hoffmann\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\TDF\Skins\toastskin.skf (Adware.DoubleD) -> No action taken.
Vir z Facebooku mazec
Re: Vir z Facebooku mazec
Vím, že to sem tak úplně nepatří, ale přesto bych se chtěl zaptat, jestli nevíte o nějakém článku, který by se těm virů co se teď šíří po facebooku? Já jsem našel jen samé staré 2010...
Děkuji.
Děkuji.
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Vir z Facebooku mazec
Peťa: Když víš, že to tu nepatří, tak proč to děláš? 
Zas abychom to potom moderovali...
- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
Zas abychom to potom moderovali...- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: Vir z Facebooku mazec
Malwarebytes' Anti-Malware
www.malwarebytes.org
Verze databáze:
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
24.9.2011 16:14:44
mbam-log-2011-09-24 (16-14-44).txt
Typ: Rychlá kontrola
Kontrolované objekty: 228870
Uplynulý čas: 6 minut, 32 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
www.malwarebytes.org
Verze databáze:
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
24.9.2011 16:14:44
mbam-log-2011-09-24 (16-14-44).txt
Typ: Rychlá kontrola
Kontrolované objekty: 228870
Uplynulý čas: 6 minut, 32 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Re: Vir z Facebooku mazec
Ale ten Combo Fix nikde nemůžu nalézt,,,googlí se mi samé pochybné odkazy....
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Vir z Facebooku mazec
Promiň, moje chyba, z návodu mi vypadly tagy. Už je to opraveno
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: Vir z Facebooku mazec
Jinak jsem po restartu zkusil Avasta a normálně se mi nainstaloval, našel dva problemy... Trojáka a nějaký robot. vše vymazal.....
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Vir z Facebooku mazec
Dělej to co radíme a ne nic na vlastní pěst. Pak se nám to bude křížit a maximálně ten počítač dodrbem
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: Vir z Facebooku mazec
Tak tady to je:
ComboFix 11-08-24.02 - Ladislav Hoffmann 24.09.2011 16:46:12.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3062.2231 [GMT 2:00]
Spuštěný z: c:\documents and settings\TEMP\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Eset NOD32 Antivirus 2.50 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ladislav Hoffmann\Local Settings\Temporary Internet Files\_tm21.tmp
c:\documents and settings\Ladislav Hoffmann\Local Settings\Temporary Internet Files\stb06759.tmp
c:\documents and settings\Ladislav Hoffmann\WINDOWS
c:\documents and settings\TEMP\WINDOWS
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\iun6002.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DDSERVICE
-------\Service_ddservice
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-24 do 2011-09-24 )))))))))))))))))))))))))))))))
.
.
2011-09-24 11:40 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-24 11:40 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-24 11:40 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-24 11:40 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-09-24 11:40 . 2011-09-24 11:40 -------- d-----w- c:\program files\AVAST Software
2011-09-24 11:40 . 2011-09-24 11:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-09-24 09:20 . 2011-09-24 09:20 -------- d-----w- c:\documents and settings\TEMP\Data aplikací\Malwarebytes
2011-09-24 09:20 . 2011-09-24 09:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-09-24 09:20 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-24 09:20 . 2011-09-24 09:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-24 09:20 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-23 20:17 . 2011-09-24 11:11 -------- d--h--w- c:\windows\update.tray-10-0
2011-09-23 20:17 . 2011-09-24 11:11 -------- d--h--w- c:\windows\update.tray-10-0-lnk
2011-09-23 20:11 . 2011-09-23 20:11 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-09-23 20:11 . 2011-09-23 20:11 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-09-23 20:11 . 2011-09-23 20:11 -------- d-----w- c:\program files\Symantec
2011-09-23 20:11 . 2011-09-23 20:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-09-23 20:11 . 2011-09-23 20:11 -------- d-----w- c:\windows\system32\drivers\NIS
2011-09-23 20:11 . 2011-09-23 20:11 -------- d-----w- c:\program files\Windows Sidebar
2011-09-23 20:05 . 2011-09-23 20:05 -------- d-----w- c:\program files\CCleaner
2011-09-23 17:20 . 2011-09-23 17:20 -------- d-----w- c:\windows\ufa
2011-09-23 17:01 . 2011-09-23 17:15 246272 ----a-w- c:\windows\unrar.exe
2011-09-23 16:37 . 2011-09-24 11:11 -------- d--h--w- c:\windows\update.tray-2-0
2011-09-23 16:37 . 2011-09-24 11:11 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-09-23 16:37 . 2011-09-24 11:11 -------- d--h--w- c:\windows\update.tray-3-0
2011-09-23 16:37 . 2011-09-24 11:11 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-09-23 16:09 . 2011-09-23 16:09 502208 ----a-w- c:\windows\system32\drivers\amon.sys
2011-09-23 16:09 . 2011-09-23 16:09 270336 ----a-w- c:\windows\system32\imon.dll
2011-09-23 16:06 . 2011-09-24 07:34 -------- d-----w- c:\windows\av_ico
2011-09-23 15:45 . 2011-09-24 11:11 -------- d--h--w- c:\windows\update.tray-7-0
2011-09-23 15:45 . 2011-09-24 11:11 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-09-23 15:35 . 2011-09-23 15:35 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-09-23 15:30 . 2011-09-23 15:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-22 20:49 . 2011-09-22 20:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2008-04-13 23:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-13 23:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-04 11:43 . 2010-11-24 05:59 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:35 . 2010-11-24 05:59 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2010-11-24 05:59 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2010-11-24 05:59 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2010-11-24 05:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-11-24 05:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-04 17:01 . 2009-09-04 17:01 525656 -c--a-w- c:\program files\DXSETUP.exe
2009-09-04 17:01 . 2009-09-04 17:01 94024 -c--a-w- c:\program files\DSETUP.dll
2009-09-04 17:01 . 2009-09-04 17:01 1691464 -c--a-w- c:\program files\dsetup32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-24 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 148888]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-12-11 417792]
"EPSON Stylus D68 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" [2005-01-25 98304]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\TEMP\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Registration Brothers In Arms.LNK - d:\support\Register\RegistrationReminder.exe [N/A]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
Wireless N-lite USB Adapter Utility.lnk - c:\program files\ZyXEL\NWD-270N\Common\NWD-270N.exe [2009-11-19 1806336]
.
c:\documents and settings\TEMP\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Registration Brothers In Arms.LNK - d:\support\Register\RegistrationReminder.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [24.4.2009 8:23 119808]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.6.2009 9:26 721904]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1201000.025\SymDS.sys [23.9.2011 22:11 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1201000.025\SymEFA.sys [23.9.2011 22:11 666672]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.9.2011 13:40 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.9.2011 13:40 309848]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [15.9.2009 11:51 19200]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.9.2011 13:40 19544]
S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys --> c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1201000.025\Ironx86.sys [23.9.2011 22:11 134704]
S2 gupdate1ca7e66463c2f16;Služba Google Update (gupdate1ca7e66463c2f16);c:\program files\Google\Update\GoogleUpdate.exe [16.12.2009 17:41 133104]
S2 NIS;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe" /s "NIS" /m "c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16.12.2009 17:41 133104]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [30.11.2010 20:31 24448]
S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSxpx86.sys --> c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSxpx86.sys [?]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [2.6.2009 16:28 51040]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-16 15:41]
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-16 15:41]
.
2011-09-24 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
TCP: Interfaces\{FE19647B-F84E-4677-A339-543451B9CDE7}: NameServer = 194.228.110.17,90.183.231.251
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-TWAIN FieryScan - c:\program files\Electronics for Imaging
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-24 17:02
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(1220)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
- - - - - - - > 'explorer.exe'(2004)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\ZyXEL\NWD-270N\Common\RalinkRegistryWriter.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2011-09-24 17:08:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-24 15:08
.
Před spuštěním: Volných bajtů: 121 209 548 800
Po spuštění: Volných bajtů: 123 117 928 448
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect /usepmtimer
.
- - End Of File - - 251B91678C100769027BEA5F6656EA72
ComboFix 11-08-24.02 - Ladislav Hoffmann 24.09.2011 16:46:12.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3062.2231 [GMT 2:00]
Spuštěný z: c:\documents and settings\TEMP\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Eset NOD32 Antivirus 2.50 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ladislav Hoffmann\Local Settings\Temporary Internet Files\_tm21.tmp
c:\documents and settings\Ladislav Hoffmann\Local Settings\Temporary Internet Files\stb06759.tmp
c:\documents and settings\Ladislav Hoffmann\WINDOWS
c:\documents and settings\TEMP\WINDOWS
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\iun6002.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DDSERVICE
-------\Service_ddservice
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-24 do 2011-09-24 )))))))))))))))))))))))))))))))
.
.
2011-09-24 11:40 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-24 11:40 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-24 11:40 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-24 11:40 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-09-24 11:40 . 2011-09-24 11:40 -------- d-----w- c:\program files\AVAST Software
2011-09-24 11:40 . 2011-09-24 11:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-09-24 09:20 . 2011-09-24 09:20 -------- d-----w- c:\documents and settings\TEMP\Data aplikací\Malwarebytes
2011-09-24 09:20 . 2011-09-24 09:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-09-24 09:20 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-24 09:20 . 2011-09-24 09:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-24 09:20 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-23 20:17 . 2011-09-24 11:11 -------- d--h--w- c:\windows\update.tray-10-0
2011-09-23 20:17 . 2011-09-24 11:11 -------- d--h--w- c:\windows\update.tray-10-0-lnk
2011-09-23 20:11 . 2011-09-23 20:11 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-09-23 20:11 . 2011-09-23 20:11 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-09-23 20:11 . 2011-09-23 20:11 -------- d-----w- c:\program files\Symantec
2011-09-23 20:11 . 2011-09-23 20:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-09-23 20:11 . 2011-09-23 20:11 -------- d-----w- c:\windows\system32\drivers\NIS
2011-09-23 20:11 . 2011-09-23 20:11 -------- d-----w- c:\program files\Windows Sidebar
2011-09-23 20:05 . 2011-09-23 20:05 -------- d-----w- c:\program files\CCleaner
2011-09-23 17:20 . 2011-09-23 17:20 -------- d-----w- c:\windows\ufa
2011-09-23 17:01 . 2011-09-23 17:15 246272 ----a-w- c:\windows\unrar.exe
2011-09-23 16:37 . 2011-09-24 11:11 -------- d--h--w- c:\windows\update.tray-2-0
2011-09-23 16:37 . 2011-09-24 11:11 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-09-23 16:37 . 2011-09-24 11:11 -------- d--h--w- c:\windows\update.tray-3-0
2011-09-23 16:37 . 2011-09-24 11:11 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-09-23 16:09 . 2011-09-23 16:09 502208 ----a-w- c:\windows\system32\drivers\amon.sys
2011-09-23 16:09 . 2011-09-23 16:09 270336 ----a-w- c:\windows\system32\imon.dll
2011-09-23 16:06 . 2011-09-24 07:34 -------- d-----w- c:\windows\av_ico
2011-09-23 15:45 . 2011-09-24 11:11 -------- d--h--w- c:\windows\update.tray-7-0
2011-09-23 15:45 . 2011-09-24 11:11 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-09-23 15:35 . 2011-09-23 15:35 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-09-23 15:30 . 2011-09-23 15:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-22 20:49 . 2011-09-22 20:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2008-04-13 23:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-13 23:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-04 11:43 . 2010-11-24 05:59 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:35 . 2010-11-24 05:59 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2010-11-24 05:59 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2010-11-24 05:59 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2010-11-24 05:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-11-24 05:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-04 17:01 . 2009-09-04 17:01 525656 -c--a-w- c:\program files\DXSETUP.exe
2009-09-04 17:01 . 2009-09-04 17:01 94024 -c--a-w- c:\program files\DSETUP.dll
2009-09-04 17:01 . 2009-09-04 17:01 1691464 -c--a-w- c:\program files\dsetup32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-24 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 148888]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-12-11 417792]
"EPSON Stylus D68 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" [2005-01-25 98304]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\TEMP\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Registration Brothers In Arms.LNK - d:\support\Register\RegistrationReminder.exe [N/A]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
Wireless N-lite USB Adapter Utility.lnk - c:\program files\ZyXEL\NWD-270N\Common\NWD-270N.exe [2009-11-19 1806336]
.
c:\documents and settings\TEMP\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Registration Brothers In Arms.LNK - d:\support\Register\RegistrationReminder.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [24.4.2009 8:23 119808]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3.6.2009 9:26 721904]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1201000.025\SymDS.sys [23.9.2011 22:11 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1201000.025\SymEFA.sys [23.9.2011 22:11 666672]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.9.2011 13:40 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.9.2011 13:40 309848]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [15.9.2009 11:51 19200]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.9.2011 13:40 19544]
S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys --> c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1201000.025\Ironx86.sys [23.9.2011 22:11 134704]
S2 gupdate1ca7e66463c2f16;Služba Google Update (gupdate1ca7e66463c2f16);c:\program files\Google\Update\GoogleUpdate.exe [16.12.2009 17:41 133104]
S2 NIS;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe" /s "NIS" /m "c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16.12.2009 17:41 133104]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [30.11.2010 20:31 24448]
S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSxpx86.sys --> c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSxpx86.sys [?]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [2.6.2009 16:28 51040]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-16 15:41]
.
2011-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-16 15:41]
.
2011-09-24 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
TCP: Interfaces\{FE19647B-F84E-4677-A339-543451B9CDE7}: NameServer = 194.228.110.17,90.183.231.251
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-TWAIN FieryScan - c:\program files\Electronics for Imaging
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-24 17:02
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\## aswSnx private storage
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(1220)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
- - - - - - - > 'explorer.exe'(2004)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\ZyXEL\NWD-270N\Common\RalinkRegistryWriter.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2011-09-24 17:08:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-24 15:08
.
Před spuštěním: Volných bajtů: 121 209 548 800
Po spuštění: Volných bajtů: 123 117 928 448
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect /usepmtimer
.
- - End Of File - - 251B91678C100769027BEA5F6656EA72
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Vir z Facebooku mazec
Máš Avast, norton a ESET - který chceš nechat
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: Vir z Facebooku mazec
Mám jen Avast ty ostatní mi mi hlásil ten program ale ten vir je smazal na disku je nemám ani v odstranění softwaru, nevím kde jsou zbytky. Jinak Avast mám už nainstalovaný, jestli je špatnej tak poradte,,, jinak bych si ho nechal. Líbí se mi rozhraní.
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 5 hostů