PCTuning fórum

Zdar,
měl jsem po počítači rozlezlé tyto potvůrky. Včera jsem nainstaloval Avast a provedl komplet kontrolu. Bohužel, poté, co je Avast smazal z mých diskových particí - všechny ve složce recycled (na disku C infikovaný nebyl), nemůžu se jednoduše dvojklikem na disk dostat - hlásí to "přístup odepřen", musím dát pravé myšítko a "pozkoumat" nebo "přehrát automaticky", pak to normálně jde. Totéž u flash disků. Kdyby mi mohl někdo poradit, co s tím byl bych rád.

PS: mj. jsem při skenu zjistil, že jsem si při různých přesunech souborů vytvořil na disku asi 6 záloh testovaciho "viru" EICAR

21.11.2007 22:05:06 SYSTEM 1216 Virus "Win32:VB-DYC [Trj]" byl nalezen v souboru "L:\Recycled\ctfmon.exe".
21.11.2007 22:09:33 SYSTEM 1216 Virus "Win32:VB-DYC [Trj]" byl nalezen v souboru "J:\Recycled\ctfmon.exe".

Pouzite toto : http://www.viry.cz/forum/viewtopic.php?t=11121

Potom tu vlozte combofix

Toto co radil BUBINO - http://www.viry.cz/forum/viewtopic.php?t=11121
Je zbytečné používat důvod je takový že se jedná o úplně jiného šmejda.

Ale jinak ten log z ComboFixu je důležitý proto ho sem vložte.

zdar,
tak přes Proces Eplorer jsem žádné pochybné dll nenašel - avast to zjevně vymetl pěkně. Za ten tip na Combofix díky, fakt to pomohlo - zjevně smazal nějaké ty zbytky, takže na hadr se dostanu úplně normálně. Akorát na flash disky se přístup nezměnil a když jsem prohlédl ten log, tak koukám že tam zbylo tohle v registrech:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6342e308-8989-11dc-8f7f-c2422945b116}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

Což podle mne je ten důvod, proč to nejde normálně otevřít (te ctfmon už samozřejmě v tom umístění není). Pokud se tu někdo vyznáte v editaci registru, poraďte - nechci tam něco pokazit.

jinak díky moc

PS: jo, tady je kompletní log z combofixu

ComboFix 07-11-19.3 - Helios 2007-11-22 21:08:43.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.140 [GMT 1:00]
Running from: G:\temp\odvirovani\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-22 to 2007-11-22 )))))))))))))))))))))))))))))))
.

2007-11-21 19:38 <DIR> d-------- C:\Program Files\Alwil Software
2007-11-21 19:38 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-21 19:38 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-21 19:38 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-21 19:38 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-21 19:38 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-21 19:38 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-21 19:38 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-19 18:06 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-11-19 18:04 <DIR> d-------- C:\vodafon
2007-11-17 21:00 <DIR> d-------- C:\Program Files\Sonic Foundry
2007-11-17 20:59 <DIR> d-------- C:\Program Files\Sonic Foundry Setup
2007-11-17 20:54 193,296 --------- C:\WINDOWS\system32\MCI32.ocx
2007-11-15 19:23 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\ESBCalc
2007-11-15 19:23 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\ESBCalc
2007-11-15 19:23 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\ESBCalc
2007-11-15 18:34 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\Workrave
2007-11-15 18:34 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\Workrave
2007-11-15 18:34 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\Workrave
2007-11-14 21:29 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\InfraRecorder
2007-11-14 21:29 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\InfraRecorder
2007-11-14 21:29 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\InfraRecorder
2007-11-14 19:35 <DIR> d-------- C:\Program Files\CursorXP
2007-11-14 00:55 455 --a------ C:\Documents and Settings\Helios\Data aplikací\hexplorer.dat
2007-11-14 00:55 455 --a------ C:\Documents and Settings\Helios\Data aplikací\hexplorer.dat
2007-11-14 00:55 455 --a------ C:\Documents and Settings\Helios\Data aplikací\hexplorer.dat
2007-11-14 00:55 4 --a------ C:\Documents and Settings\Helios\Data aplikací\mclip.dat
2007-11-14 00:55 4 --a------ C:\Documents and Settings\Helios\Data aplikací\mclip.dat
2007-11-14 00:55 4 --a------ C:\Documents and Settings\Helios\Data aplikací\mclip.dat
2007-11-14 00:53 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\SteelBytes
2007-11-14 00:53 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\SteelBytes
2007-11-14 00:53 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\SteelBytes
2007-11-14 00:48 <DIR> d-------- C:\Documents and Settings\Helios\amaya
2007-11-14 00:29 <DIR> d-------- C:\Program Files\SaveSnap
2007-11-14 00:00 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\PDM
2007-11-14 00:00 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\PDM
2007-11-14 00:00 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\PDM
2007-11-13 23:37 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\Thunderbird
2007-11-13 23:37 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\Thunderbird
2007-11-13 23:37 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\Thunderbird
2007-11-13 22:20 <DIR> d-------- C:\lahev02
2007-11-13 22:15 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\freeCommander
2007-11-13 22:15 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\freeCommander
2007-11-13 22:15 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\freeCommander
2007-11-13 22:03 <DIR> d-------- C:\lahev01
2007-11-09 18:51 <DIR> d---s---- C:\Documents and Settings\Helios\UserData
2007-11-09 18:50 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\Hewlett-Packard
2007-11-09 18:50 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\Hewlett-Packard
2007-11-09 18:50 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\Hewlett-Packard
2007-11-08 23:27 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2007-11-08 23:27 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2007-11-08 22:08 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-11-08 22:08 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-11-08 22:08 19,584 --a--c--- C:\WINDOWS\system32\dllcache\rasirda.sys
2007-11-08 22:08 19,034 -ra------ C:\WINDOWS\system32\drivers\KS-959.sys
2007-11-08 22:08 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-11-08 15:13 1,979 --a------ C:\WINDOWS\system32\PDFSPO~1.ERR
2007-11-08 15:02 <DIR> d-------- C:\Program Files\PDFCreator
2007-11-08 15:02 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\PDFCreator
2007-11-08 15:02 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\PDFCreator
2007-11-08 15:02 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\PDFCreator
2007-11-08 15:01 5,248 --a-s---- C:\WINDOWS\system32\drivers\DigimHID.SYS
2007-11-08 15:00 <DIR> d-------- C:\Program Files\ACECAD
2007-11-06 21:14 <DIR> d-------- C:\Program Files\Aportis
2007-11-06 21:14 203,976 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2007-11-06 21:14 89,360 --------- C:\WINDOWS\system32\VB5DB.DLL
2007-11-04 00:03 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\vlc
2007-11-04 00:03 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\vlc
2007-11-04 00:03 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\vlc
2007-11-04 00:01 <DIR> d-------- C:\Program Files\VideoLAN
2007-11-03 23:59 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\BSplayer Pro
2007-11-03 23:59 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\BSplayer Pro
2007-11-03 23:59 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\BSplayer Pro
2007-11-03 23:58 <DIR> d-------- C:\Program Files\Webteh
2007-11-03 19:25 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\Teleca
2007-11-03 19:25 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\Teleca
2007-11-03 19:25 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\Teleca
2007-11-03 19:25 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\Sony Ericsson
2007-11-03 19:25 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\Sony Ericsson
2007-11-03 19:25 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\Sony Ericsson
2007-11-03 19:24 96,352 -ra------ C:\WINDOWS\system32\drivers\k310mdm.sys
2007-11-03 19:24 87,824 -ra------ C:\WINDOWS\system32\drivers\k310mgmt.sys
2007-11-03 19:24 85,696 -ra------ C:\WINDOWS\system32\drivers\k310obex.sys
2007-11-03 19:24 60,800 -ra------ C:\WINDOWS\system32\drivers\k310bus.sys
2007-11-03 19:24 9,264 -ra------ C:\WINDOWS\system32\drivers\k310mdfl.sys
2007-11-03 19:24 6,208 -ra------ C:\WINDOWS\system32\drivers\k310cmnt.sys
2007-11-03 19:24 6,208 -ra------ C:\WINDOWS\system32\drivers\k310cm.sys
2007-11-03 19:24 5,840 -ra------ C:\WINDOWS\system32\drivers\k310whnt.sys
2007-11-03 19:24 5,840 -ra------ C:\WINDOWS\system32\drivers\k310wh.sys
2007-11-03 19:23 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-11-03 19:23 <DIR> d-------- C:\Program Files\MyPhoneExplorer
2007-11-03 19:23 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-11-03 19:23 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\MyPhoneExplorer
2007-11-03 19:23 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\MyPhoneExplorer
2007-11-03 19:23 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\MyPhoneExplorer
2007-11-03 19:23 <DIR> d-------- C:\Documents and Settings\All Users\Documents
2007-11-03 19:23 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Teleca
2007-11-03 19:23 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
2007-11-03 19:22 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-11-02 23:27 <DIR> d-------- C:\Documents and Settings\Helios\Data aplikací\gtk-2.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 23:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-03 18:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-02 16:27 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-02 14:28 --------- d-----w C:\Program Files\IrfanView
2007-11-02 14:26 --------- d-----w C:\Documents and Settings\Helios\Data aplikací\Locate32
2007-11-02 14:26 --------- d-----w C:\Documents and Settings\Helios\Data aplikací\Locate32
2007-11-02 14:26 --------- d-----w C:\Documents and Settings\Helios\Data aplikací\Locate32
2007-11-02 13:41 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-11-02 13:40 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-02 13:40 --------- d-----w C:\Program Files\Ahead
2007-11-02 13:39 --------- d-----w C:\Program Files\CyberLink DVD Solution
2007-11-02 13:38 --------- d-----w C:\Program Files\CyberLink
2007-09-06 11:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-17 14:49 C:\WINDOWS\system32\rundll32.exe]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 10:26]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-17 14:49 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-06-13 05:31 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 09:31 C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 16:25]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2006-02-20 11:40]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 01:50]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-02 17:09]
"mouseElf"="C:\PROGRA~1\GAMING~1\MouseElf.EXE" [2005-12-16 09:55]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 11:12]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49]

C:\Documents and Settings\Helios\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HotSync Manager.lnk - C:\Program Files\Handspring\HOTSYNC.EXE [2007-11-02 17:39:23]
MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe [2002-10-11 16:35:57]
MRU-Blaster Silent Clean.lnk - C:\Program Files\MRU-Blaster\mrublaster.exe [2003-02-14 20:51:12]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2007-09-28 15:26:28]
SaveSnap.lnk - C:\Program Files\SaveSnap\SaveSnap.exe [2007-11-14 00:29:54]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2007-11-02 17:54:28]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-02 17:42:42]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R2 PDRJNDL;PDRJNDL;\??\C:\lahev01\winPenPack\Bin\Private Disk Light\PDRJNDL.SYS
R2 PRVDISK;PRVDISK;\??\C:\lahev01\winPenPack\Bin\Private Disk Light\PRVDISK.SYS
R3 genmcmn;Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gmfiltr.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 DigimHID;DigimHID;C:\WINDOWS\system32\DRIVERS\DigimHID.sys
S3 k310bus;Sony Ericsson K310 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k310bus.sys
S3 k310mdfl;Sony Ericsson K310 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k310mdfl.sys
S3 k310mdm;Sony Ericsson K310 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k310mdm.sys
S3 k310mgmt;Sony Ericsson K310 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k310mgmt.sys
S3 k310obex;Sony Ericsson K310 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k310obex.sys
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\H:\NTGLM7X.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6342e308-8989-11dc-8f7f-c2422945b116}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-22 21:09:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-22 21:10:07
.
--- E O F ---

Aj ja som prave riesil tohoto ctfmona.

Stiahnite si Avenger , na plochu : http://www.viry.cz/forum/viewtopic.php?t=19832
Podla navoda sa dopracujte ku tomu bielemu okne a do neho skopirujte nasledovny , cely zeleny text.

Files to delete:
L:\Recycled\ctfmon.exe
J:\Recycled\ctfmon.exe

Folders to delete:
L:\Recycled
J:\Recycled

Ja som vychadzal z toho , ze virusy sa vam ulozili na L:\ a J:\ ako ste uviedol uplne hore. Pokial su na inych diskovych jednotkach , tak namiesto L a J dajte aktualne jednotky.

Otvorte poznamkovy blok (notepad) a skopirujte donho toto:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6342e308-8989-11dc-8f7f-c2422945b116}]

- ulozte pod nazvom CFScript tak, aby mal koncovku txt a podla spodneho obrazku ho pretiahni nad combofix - automaticky sa spusti combofix - log vlozte potom sem + log z avengera[/quote]

tak, nejdřív musím říct, že avenger nebyl nutný. Všechny ty složky Recycled mi totiž smazal brácha pod linuxem, kde to normálně jde. Ty exe smazal už Avast. Výpis z combofixu je tu:

Kód: Vybrat vše

ComboFix 07-11-19.3 - Helios 2007-11-23 19:50:27.4 - NTFSx86
Systém Microsoft Windows XP Professional  5.1.2600.2.1250.1.1029.18.117 [GMT 1:00]
Running from: G:\temp\odvirovani\combofix\ComboFix.exe
Command switches used :: G:\temp\odvirovani\combofix\CFScript.txt
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2007-10-23 to 2007-11-23  )))))))))))))))))))))))))))))))
.

2007-11-23 19:03	<DIR>	d--------	C:\Program Files\Vodafone
2007-11-23 19:02	8,572,497	--a------	C:\WINDOWS\system32\Vodafone ScreenWasher.scr
2007-11-22 21:24	<DIR>	d--------	C:\Program Files\PDFCreator Toolbar
2007-11-22 21:24	137,000	--a------	C:\WINDOWS\system32\MSMAPI32.OCX
2007-11-22 21:24	116,224	--a------	C:\WINDOWS\system32\pdfcmnnt.dll
2007-11-22 21:23	<DIR>	d--------	C:\Program Files\PDFCreator
2007-11-21 19:38	<DIR>	d--------	C:\Program Files\Alwil Software
2007-11-21 19:38	801,144	--a------	C:\WINDOWS\system32\aswBoot.exe
2007-11-21 19:38	380,928	--a------	C:\WINDOWS\system32\actskin4.ocx
2007-11-21 19:38	94,416	--a------	C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-21 19:38	92,848	--a------	C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-21 19:38	42,912	--a------	C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-21 19:38	26,624	--a------	C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-21 19:38	23,152	--a------	C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-19 18:06	<DIR>	d--------	C:\Program Files\ReflexiveArcade
2007-11-19 18:04	<DIR>	d--------	C:\vodafon
2007-11-17 21:00	<DIR>	d--------	C:\Program Files\Sonic Foundry
2007-11-17 20:59	<DIR>	d--------	C:\Program Files\Sonic Foundry Setup
2007-11-17 20:54	193,296	---------	C:\WINDOWS\system32\MCI32.ocx
2007-11-15 19:23	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\ESBCalc
2007-11-15 19:23	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\ESBCalc
2007-11-15 19:23	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\ESBCalc
2007-11-15 18:34	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\Workrave
2007-11-15 18:34	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\Workrave
2007-11-15 18:34	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\Workrave
2007-11-14 21:29	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\InfraRecorder
2007-11-14 21:29	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\InfraRecorder
2007-11-14 21:29	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\InfraRecorder
2007-11-14 19:35	<DIR>	d--------	C:\Program Files\CursorXP
2007-11-14 00:55	455	--a------	C:\Documents and Settings\Helios\Data aplikací\hexplorer.dat
2007-11-14 00:55	455	--a------	C:\Documents and Settings\Helios\Data aplikací\hexplorer.dat
2007-11-14 00:55	455	--a------	C:\Documents and Settings\Helios\Data aplikací\hexplorer.dat
2007-11-14 00:55	4	--a------	C:\Documents and Settings\Helios\Data aplikací\mclip.dat
2007-11-14 00:55	4	--a------	C:\Documents and Settings\Helios\Data aplikací\mclip.dat
2007-11-14 00:55	4	--a------	C:\Documents and Settings\Helios\Data aplikací\mclip.dat
2007-11-14 00:53	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\SteelBytes
2007-11-14 00:53	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\SteelBytes
2007-11-14 00:53	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\SteelBytes
2007-11-14 00:48	<DIR>	d--------	C:\Documents and Settings\Helios\amaya
2007-11-14 00:29	<DIR>	d--------	C:\Program Files\SaveSnap
2007-11-14 00:00	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\PDM
2007-11-14 00:00	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\PDM
2007-11-14 00:00	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\PDM
2007-11-13 23:37	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\Thunderbird
2007-11-13 23:37	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\Thunderbird
2007-11-13 23:37	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\Thunderbird
2007-11-13 22:20	<DIR>	d--------	C:\lahev02
2007-11-13 22:15	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\freeCommander
2007-11-13 22:15	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\freeCommander
2007-11-13 22:15	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\freeCommander
2007-11-13 22:03	<DIR>	d--------	C:\lahev01
2007-11-09 18:51	<DIR>	d---s----	C:\Documents and Settings\Helios\UserData
2007-11-09 18:50	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\Hewlett-Packard
2007-11-09 18:50	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\Hewlett-Packard
2007-11-09 18:50	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\Hewlett-Packard
2007-11-08 23:27	22,016	--a------	C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2007-11-08 23:27	22,016	--a--c---	C:\WINDOWS\system32\dllcache\msircomm.sys
2007-11-08 22:08	87,424	--a------	C:\WINDOWS\system32\drivers\irda.sys
2007-11-08 22:08	19,584	--a------	C:\WINDOWS\system32\drivers\rasirda.sys
2007-11-08 22:08	19,584	--a--c---	C:\WINDOWS\system32\dllcache\rasirda.sys
2007-11-08 22:08	19,034	-ra------	C:\WINDOWS\system32\drivers\KS-959.sys
2007-11-08 22:08	8,192	--a------	C:\WINDOWS\system32\wshirda.dll
2007-11-08 15:13	1,979	--a------	C:\WINDOWS\system32\PDFSPO~1.ERR
2007-11-08 15:02	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\PDFCreator
2007-11-08 15:02	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\PDFCreator
2007-11-08 15:02	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\PDFCreator
2007-11-08 15:01	5,248	--a-s----	C:\WINDOWS\system32\drivers\DigimHID.SYS
2007-11-08 15:00	<DIR>	d--------	C:\Program Files\ACECAD
2007-11-06 21:14	<DIR>	d--------	C:\Program Files\Aportis
2007-11-06 21:14	203,976	--a------	C:\WINDOWS\system32\RICHTX32.OCX
2007-11-06 21:14	89,360	---------	C:\WINDOWS\system32\VB5DB.DLL
2007-11-04 00:03	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\vlc
2007-11-04 00:03	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\vlc
2007-11-04 00:03	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\vlc
2007-11-04 00:01	<DIR>	d--------	C:\Program Files\VideoLAN
2007-11-03 23:59	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\BSplayer Pro
2007-11-03 23:59	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\BSplayer Pro
2007-11-03 23:59	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\BSplayer Pro
2007-11-03 23:58	<DIR>	d--------	C:\Program Files\Webteh
2007-11-03 19:25	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\Teleca
2007-11-03 19:25	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\Teleca
2007-11-03 19:25	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\Teleca
2007-11-03 19:25	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\Sony Ericsson
2007-11-03 19:25	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\Sony Ericsson
2007-11-03 19:25	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\Sony Ericsson
2007-11-03 19:24	96,352	-ra------	C:\WINDOWS\system32\drivers\k310mdm.sys
2007-11-03 19:24	87,824	-ra------	C:\WINDOWS\system32\drivers\k310mgmt.sys
2007-11-03 19:24	85,696	-ra------	C:\WINDOWS\system32\drivers\k310obex.sys
2007-11-03 19:24	60,800	-ra------	C:\WINDOWS\system32\drivers\k310bus.sys
2007-11-03 19:24	9,264	-ra------	C:\WINDOWS\system32\drivers\k310mdfl.sys
2007-11-03 19:24	6,208	-ra------	C:\WINDOWS\system32\drivers\k310cmnt.sys
2007-11-03 19:24	6,208	-ra------	C:\WINDOWS\system32\drivers\k310cm.sys
2007-11-03 19:24	5,840	-ra------	C:\WINDOWS\system32\drivers\k310whnt.sys
2007-11-03 19:24	5,840	-ra------	C:\WINDOWS\system32\drivers\k310wh.sys
2007-11-03 19:23	<DIR>	d--------	C:\Program Files\Sony Ericsson
2007-11-03 19:23	<DIR>	d--------	C:\Program Files\MyPhoneExplorer
2007-11-03 19:23	<DIR>	d--------	C:\Program Files\Common Files\Teleca Shared
2007-11-03 19:23	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\MyPhoneExplorer
2007-11-03 19:23	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\MyPhoneExplorer
2007-11-03 19:23	<DIR>	d--------	C:\Documents and Settings\Helios\Data aplikací\MyPhoneExplorer

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-22 20:24	264,097	----a-w	C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_8343.exe
2007-11-13 23:30	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-11-03 18:22	---------	d-----w	C:\Program Files\Common Files\InstallShield
2007-11-02 16:27	---------	d-----w	C:\Program Files\microsoft frontpage
2007-11-02 14:28	---------	d-----w	C:\Program Files\IrfanView
2007-11-02 14:26	---------	d-----w	C:\Documents and Settings\Helios\Data aplikací\Locate32
2007-11-02 14:26	---------	d-----w	C:\Documents and Settings\Helios\Data aplikací\Locate32
2007-11-02 14:26	---------	d-----w	C:\Documents and Settings\Helios\Data aplikací\Locate32
2007-11-02 13:41	---------	d-----w	C:\Program Files\Common Files\LightScribe
2007-11-02 13:40	---------	d-----w	C:\Program Files\Common Files\Ahead
2007-11-02 13:40	---------	d-----w	C:\Program Files\Ahead
2007-11-02 13:39	---------	d-----w	C:\Program Files\CyberLink DVD Solution
2007-11-02 13:38	---------	d-----w	C:\Program Files\CyberLink
2007-09-06 11:00	95,608	----a-w	C:\WINDOWS\system32\AvastSS.scr
2004-10-01 14:00	40,960	----a-w	C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((   snapshot@2007-11-22_21.03.25,14   )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-08 14:03:55	65,536	----a-r	C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\PM_Designer.exe
+ 2007-11-22 20:31:56	65,536	----a-r	C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\PM_Designer.exe
- 2007-11-08 14:03:55	25,214	----a-r	C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe
+ 2007-11-22 20:31:56	25,214	----a-r	C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe
- 2007-11-08 14:03:55	25,214	----a-r	C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat_Standard.exe
+ 2007-11-22 20:31:56	25,214	----a-r	C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat_Standard.exe
- 2007-11-08 14:03:55	25,214	----a-r	C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Distiller.exe
+ 2007-11-22 20:31:57	25,214	----a-r	C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Distiller.exe
- 2007-11-08 14:03:55	7,278	----a-r	C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_ELEMENTS_DT.exe
+ 2007-11-22 20:31:56	7,278	----a-r	C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_ELEMENTS_DT.exe
- 2002-09-03 20:33:38	1,394,688	----a-w	C:\WINDOWS\system32\MSVBVM60.DLL
+ 2004-02-23 00:00:00	1,386,496	----a-w	C:\WINDOWS\system32\MSVBVM60.DLL
- 2002-10-07 01:11:48	129,024	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\Ps5ui.dll
+ 2005-06-25 13:16:48	138,240	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\PS5UI.DLL
- 2002-10-07 01:11:48	455,168	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
+ 2005-06-25 13:16:50	480,256	----a-w	C:\WINDOWS\system32\spool\drivers\w32x86\3\PSCRIPT5.DLL
- 2007-11-22 17:08:01	16,384	----atw	C:\WINDOWS\Temp\Perflib_Perfdata_4b8.dat
+ 2007-11-23 17:54:55	16,384	----atw	C:\WINDOWS\Temp\Perflib_Perfdata_4b8.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-17 14:49 C:\WINDOWS\system32\rundll32.exe]
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 10:26]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-17 14:49 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-06-13 05:31 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 09:31 C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 16:25]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2006-02-20 11:40]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 01:50]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-02 17:09]
"mouseElf"="C:\PROGRA~1\GAMING~1\MouseElf.EXE" [2005-12-16 09:55]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 11:12]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 14:49]

C:\Documents and Settings\Helios\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HotSync Manager.lnk - C:\Program Files\Handspring\HOTSYNC.EXE [2007-11-02 17:39:23]
MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe [2002-10-11 16:35:57]
MRU-Blaster Silent Clean.lnk - C:\Program Files\MRU-Blaster\mrublaster.exe [2003-02-14 20:51:12]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2007-09-28 15:26:28]
SaveSnap.lnk - C:\Program Files\SaveSnap\SaveSnap.exe [2007-11-14 00:29:54]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2007-11-02 17:54:28]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-02 17:42:42]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R2 PDRJNDL;PDRJNDL;\??\C:\lahev01\winPenPack\Bin\Private Disk Light\PDRJNDL.SYS
R2 PRVDISK;PRVDISK;\??\C:\lahev01\winPenPack\Bin\Private Disk Light\PRVDISK.SYS
R3 genmcmn;Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gmfiltr.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
S3 DigimHID;DigimHID;C:\WINDOWS\system32\DRIVERS\DigimHID.sys
S3 k310bus;Sony Ericsson K310 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k310bus.sys
S3 k310mdfl;Sony Ericsson K310 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k310mdfl.sys
S3 k310mdm;Sony Ericsson K310 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k310mdm.sys
S3 k310mgmt;Sony Ericsson K310 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k310mgmt.sys
S3 k310obex;Sony Ericsson K310 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k310obex.sys
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\H:\NTGLM7X.sys

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 19:51:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-11-23 19:52:44
C:\ComboFix2.txt ... 2007-11-23 19:11
C:\ComboFix3.txt ... 2007-11-22 21:10
.
	--- E O F ---

Ctfmona nevidim , ale uistite sa , ze ci su naozaj tieto cesty v registroch vymazane :
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2

Start --> Spustit --> Napiste REGEDIT .
Ctrl+F3 a do okna vlozte toto : mountpoints2 a vyhladajte.
Pokial hodnoty su , tak ich rucne zmazte (delete). Ak by sa branili tak ich najprv premenujte a az potom zmaznite.

Este vas upozornim , ze pokial zapojite USB , disketovku do infikovaneho pocitaca s tymto ctfmon , tak virus sa infiltruje na disketovku , alebo USB a pokial ich vlozite do ineho pocitaca , tak sa automaticky rozmnozi a pocitac hned nakazi. Nemusite nic otvarat , staci vlozit. Preto pozor ak ste mali v infikovanom pocitaci USB.

Toto otestujte na virustotal.com :
PDFCreator_Toolbar_Uninstaller_8343.exe
C:\WINDOWS\system32\PDFSPO~1.ERR
C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_8343.exe

Celu tuto zlozku C:\WINDOWS\Temp preverte ci sa v nej nenachadzaju smejdy.

Do avengeru napiste toto :

Files to delete:
C:\Program Files\Uninstall_CDS.exe
C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\PM_Designer.exe
C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\PM_Designer.exe
C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe
C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe
C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat_Standard.exe
C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat_Standard.exe
C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Distiller.exe
C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Distiller.exe
C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_ELEMENTS_DT.exe
C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_ELEMENTS_DT.exe

Folders to delete:
C:\WINDOWS\Installer

Pojde o bad subory.

Pocitac precistite este s Ccleanerom :
http://www.viry.cz/forum/viewtopic.php?t=7478

A plikujte MWAV :
http://www.viry.cz/forum/viewtopic.php?t=4097

Urobte novy log z HijackThis , log z avengera dajte sem , tak ako aj vysledky z virustotal.com, a po skene MWAV sem vlozte log z dolneho okna . Nie horneho ! Nezabudnite spravne nastavit parametre podla navoda a vypnut obnovu systemu.
Urobte aj log z HijackThis .

Zdravim chalani!!

Viem ze som asik blbby ale mohol by mi niekto este raz vysvetlit ako sa zdavym toho cerva .. preto ze mam ten isty problem ze sa mi nedaju dvojklikom otvarat disky... pls surne !!! DIKIMOC

Pro juri23: Ahoj, i když může jít o stejnou nákazu, řešení je většinou individuální. Prosím, založi si své vlastní Téma v sekci Viry, antiviry a bezpečnost a napiš do něho svj problém. A ktomu tam zrovna vlož log z HijackThis.

Stáhni si HijackThis např. odtud - http://www.stahuj.centrum.cz/internet_a ... ijackthis/

Použití
1. Spusť program a stiskněte tlačítko "Do a system scan and save a log"
2. Celý obsah textového dokumentu, který po chvilce sám "vyskočí" vlož normálně do příspěvku

PS: Jestli chceš, klidně Ti s tím mohu pomoci já, ale musíš to uvést ve svém novém Tématu.

nazdar jansv.. diki moc za ochotu ale medzi casom prisiel kamarat a urobil to sice neviem ako ale urobil ale cez combofix... docela sranda....ale aj tak diki moc.. a ako tak vidim toto forum si hned davam do zalozky lebo je tu dost mozgou... ktore sa mi zidu.. som rad ze take nieco je.. este raz diki za ochotu

Samozřejmě, není zač. Když někdy budeš potřebovat, určitě se na nás obrať. Hodně štěstí.

PCTuning fórum

Win32:VB-DYC - ctfmon.exe

Win32:VB-DYC - ctfmon.exe

Re: Win32:VB-DYC - ctfmon.exe

combofix

Re: combofix

výpis z combofixu

Re: výpis z combofixu

Re: Win32:VB-DYC - ctfmon.exe

Re: Win32:VB-DYC - ctfmon.exe

Re: Win32:VB-DYC - ctfmon.exe

Re: Win32:VB-DYC - ctfmon.exe