Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Google přesměrování na jiné stránky
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Google přesměrování na jiné stránky
mám připojit sít a zkusit znovu chce připojení kvuli konzoli
Re: Google přesměrování na jiné stránky
druhý pokus to samé log nikde ani na c
Re: Google přesměrování na jiné stránky
A když se dokončoval, restartoval se pc?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Google přesměrování na jiné stránky
nerestartoval ale na další pokus to zamrzlo a porestartu log:
ComboFix 12-04-31.02 - UserXP . 04. 2012 15:09:58.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.759.301 [GMT 2:00]
Spuštěný z: c:\documents and settings\UserXP\Plocha\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-28 do 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 11:39 . 2012-04-30 11:39 -------- d-----w- C:\_OTL
2012-04-30 08:31 . 2012-04-30 08:31 512 ----a-w- C:\PhysicalMBR.bin
2012-04-29 19:21 . 2012-04-29 19:21 284 ----a-w- c:\documents and settings\UserXP\Data aplikací\3E.tmp
2012-04-29 13:31 . 2012-04-29 13:31 -------- d-----w- C:\rsit
2012-04-29 10:43 . 2012-04-29 10:43 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\Seznam.cz
2012-04-28 17:09 . 2012-04-28 17:09 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-28 09:53 . 2012-04-28 09:53 -------- d-----w- c:\documents and settings\NetworkService\IETldCache
2012-04-28 09:21 . 2012-04-28 09:21 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2012-04-28 09:20 . 2012-04-28 17:07 -------- d-----w- c:\program files\Microsoft Silverlight
2012-04-26 06:54 . 2012-04-26 06:54 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Ad-Aware Antivirus
2012-04-26 06:41 . 2012-04-28 17:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2012-04-26 06:39 . 2012-04-26 06:53 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\Ad-Aware Antivirus
2012-04-14 09:02 . 2011-03-02 11:43 175616 ----a-w- c:\windows\system32\unrar.dll
2012-04-14 09:02 . 2012-04-14 09:02 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-04-14 08:56 . 2012-04-14 08:56 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-13 08:50 . 2012-04-13 08:51 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\Moto assistant
2012-04-13 08:49 . 2012-04-13 08:50 -------- d-----w- c:\program files\Moto asistant
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-28 20:08 . 2010-01-05 21:05 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-28 20:08 . 2010-01-05 21:05 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-14 08:56 . 2011-05-20 03:48 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2010-01-05 19:49 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[-] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-04-29_15.10.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-30 12:59 . 2012-04-30 12:59 16384 c:\windows\temp\Perflib_Perfdata_3f4.dat
+ 2012-04-30 12:59 . 2012-04-30 12:59 16384 c:\windows\temp\Perflib_Perfdata_294.dat
- 2012-04-29 15:11 . 2012-04-29 15:11 16384 c:\windows\Temp\Perflib_Perfdata_294.dat
+ 2010-01-05 17:03 . 2012-04-29 23:27 83932 c:\windows\system32\perfc009.dat
- 2010-01-05 17:03 . 2012-04-28 09:57 83932 c:\windows\system32\perfc009.dat
+ 2010-01-05 17:03 . 2012-04-29 23:27 97754 c:\windows\system32\perfc005.dat
- 2010-01-05 17:03 . 2012-04-28 09:57 97754 c:\windows\system32\perfc005.dat
+ 2012-04-30 00:38 . 2011-07-06 19:44 310784 c:\windows\system32\WgaTray.exe
+ 2012-04-30 00:38 . 2011-07-06 19:44 183808 c:\windows\system32\WgaLogon.dll
+ 2010-01-05 17:04 . 2012-04-29 23:27 493388 c:\windows\system32\perfh009.dat
- 2010-01-05 17:04 . 2012-04-28 09:57 493388 c:\windows\system32\perfh009.dat
+ 2010-01-05 17:04 . 2012-04-29 23:27 488316 c:\windows\system32\perfh005.dat
- 2010-01-05 17:04 . 2012-04-28 09:57 488316 c:\windows\system32\perfh005.dat
+ 2010-01-05 17:06 . 2008-04-14 13:00 361344 c:\windows\system32\drivers\tcpip.sys
+ 2012-04-30 00:38 . 2011-07-06 19:44 1488688 c:\windows\system32\LegitCheckControl.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]
"iVolStartup"="c:\program files\iVol\iVol.exe" [2005-11-09 110592]
"Iconoid"="c:\program files\Iconoid\iconoid.exe" [2007-02-03 274432]
"chromium"="c:\documents and settings\UserXP\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe" [2011-09-03 1017912]
"Seznam Postak"="c:\documents and settings\UserXP\Local Settings\Data aplikací\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 88209]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-08 115560]
"BIH"="bih.dll" [2010-01-06 200704]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-11-29 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"SE-DesktopConstructor"="c:\program files\SE-SOFT.COM\SE-DesktopConstructor\SE-DesktopConstructor.exe" [2011-01-23 247296]
"Atomic.exe"="c:\program files\Atomic Clock Sync\Atomic.exe" [2004-09-18 524288]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-3-31 507965]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:16 203928 -c--a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2006-12-26 00:23 643072 ----a-w- c:\program files\Eraser\eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-09-01 11:39 966712 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-12-09 10:12 234856 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27. 1. 2010 4:09 50704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14. 4. 2012 7:10 106104]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5. 1. 2010 21:07 47360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10. 8. 2011 21:41 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29. 2. 2012 9:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14. 4. 2012 10:56 253088]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\UserXP\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\UserXP\LOCALS~1\Temp\CFcatchme.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [18. 11. 2008 19:17 23888]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10. 8. 2011 21:41 136176]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [13. 12. 2006 11:00 19072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 08:56]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-10 19:40]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-10 19:40]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-30 15:19
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1124)
c:\windows\system32\CLBCATQ.DLL
.
- - - - - - - > 'explorer.exe'(3064)
c:\program files\Iconoid\tr3dll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-04-30 15:22:01
ComboFix-quarantined-files.txt 2012-04-30 13:21
ComboFix2.txt 2012-04-29 21:58
ComboFix3.txt 2012-04-29 15:20
.
Před spuštěním: Volných bajtů: 10 625 953 792
Po spuštění: Volných bajtů: 10 606 194 688
.
- - End Of File - - 26FE9B9C149652EFC643F73ADFD2ECA1
ComboFix 12-04-31.02 - UserXP . 04. 2012 15:09:58.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.759.301 [GMT 2:00]
Spuštěný z: c:\documents and settings\UserXP\Plocha\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-28 do 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 11:39 . 2012-04-30 11:39 -------- d-----w- C:\_OTL
2012-04-30 08:31 . 2012-04-30 08:31 512 ----a-w- C:\PhysicalMBR.bin
2012-04-29 19:21 . 2012-04-29 19:21 284 ----a-w- c:\documents and settings\UserXP\Data aplikací\3E.tmp
2012-04-29 13:31 . 2012-04-29 13:31 -------- d-----w- C:\rsit
2012-04-29 10:43 . 2012-04-29 10:43 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\Seznam.cz
2012-04-28 17:09 . 2012-04-28 17:09 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-28 09:53 . 2012-04-28 09:53 -------- d-----w- c:\documents and settings\NetworkService\IETldCache
2012-04-28 09:21 . 2012-04-28 09:21 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2012-04-28 09:20 . 2012-04-28 17:07 -------- d-----w- c:\program files\Microsoft Silverlight
2012-04-26 06:54 . 2012-04-26 06:54 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Ad-Aware Antivirus
2012-04-26 06:41 . 2012-04-28 17:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2012-04-26 06:39 . 2012-04-26 06:53 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\Ad-Aware Antivirus
2012-04-14 09:02 . 2011-03-02 11:43 175616 ----a-w- c:\windows\system32\unrar.dll
2012-04-14 09:02 . 2012-04-14 09:02 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-04-14 08:56 . 2012-04-14 08:56 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-13 08:50 . 2012-04-13 08:51 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\Moto assistant
2012-04-13 08:49 . 2012-04-13 08:50 -------- d-----w- c:\program files\Moto asistant
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-28 20:08 . 2010-01-05 21:05 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-28 20:08 . 2010-01-05 21:05 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-14 08:56 . 2011-05-20 03:48 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2010-01-05 19:49 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[-] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-04-29_15.10.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-30 12:59 . 2012-04-30 12:59 16384 c:\windows\temp\Perflib_Perfdata_3f4.dat
+ 2012-04-30 12:59 . 2012-04-30 12:59 16384 c:\windows\temp\Perflib_Perfdata_294.dat
- 2012-04-29 15:11 . 2012-04-29 15:11 16384 c:\windows\Temp\Perflib_Perfdata_294.dat
+ 2010-01-05 17:03 . 2012-04-29 23:27 83932 c:\windows\system32\perfc009.dat
- 2010-01-05 17:03 . 2012-04-28 09:57 83932 c:\windows\system32\perfc009.dat
+ 2010-01-05 17:03 . 2012-04-29 23:27 97754 c:\windows\system32\perfc005.dat
- 2010-01-05 17:03 . 2012-04-28 09:57 97754 c:\windows\system32\perfc005.dat
+ 2012-04-30 00:38 . 2011-07-06 19:44 310784 c:\windows\system32\WgaTray.exe
+ 2012-04-30 00:38 . 2011-07-06 19:44 183808 c:\windows\system32\WgaLogon.dll
+ 2010-01-05 17:04 . 2012-04-29 23:27 493388 c:\windows\system32\perfh009.dat
- 2010-01-05 17:04 . 2012-04-28 09:57 493388 c:\windows\system32\perfh009.dat
+ 2010-01-05 17:04 . 2012-04-29 23:27 488316 c:\windows\system32\perfh005.dat
- 2010-01-05 17:04 . 2012-04-28 09:57 488316 c:\windows\system32\perfh005.dat
+ 2010-01-05 17:06 . 2008-04-14 13:00 361344 c:\windows\system32\drivers\tcpip.sys
+ 2012-04-30 00:38 . 2011-07-06 19:44 1488688 c:\windows\system32\LegitCheckControl.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]
"iVolStartup"="c:\program files\iVol\iVol.exe" [2005-11-09 110592]
"Iconoid"="c:\program files\Iconoid\iconoid.exe" [2007-02-03 274432]
"chromium"="c:\documents and settings\UserXP\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe" [2011-09-03 1017912]
"Seznam Postak"="c:\documents and settings\UserXP\Local Settings\Data aplikací\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 88209]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-08 115560]
"BIH"="bih.dll" [2010-01-06 200704]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-11-29 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"SE-DesktopConstructor"="c:\program files\SE-SOFT.COM\SE-DesktopConstructor\SE-DesktopConstructor.exe" [2011-01-23 247296]
"Atomic.exe"="c:\program files\Atomic Clock Sync\Atomic.exe" [2004-09-18 524288]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-3-31 507965]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:16 203928 -c--a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2006-12-26 00:23 643072 ----a-w- c:\program files\Eraser\eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-09-01 11:39 966712 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-12-09 10:12 234856 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27. 1. 2010 4:09 50704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14. 4. 2012 7:10 106104]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5. 1. 2010 21:07 47360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10. 8. 2011 21:41 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29. 2. 2012 9:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14. 4. 2012 10:56 253088]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\UserXP\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\UserXP\LOCALS~1\Temp\CFcatchme.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [18. 11. 2008 19:17 23888]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10. 8. 2011 21:41 136176]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [13. 12. 2006 11:00 19072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 08:56]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-10 19:40]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-10 19:40]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-30 15:19
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1124)
c:\windows\system32\CLBCATQ.DLL
.
- - - - - - - > 'explorer.exe'(3064)
c:\program files\Iconoid\tr3dll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-04-30 15:22:01
ComboFix-quarantined-files.txt 2012-04-30 13:21
ComboFix2.txt 2012-04-29 21:58
ComboFix3.txt 2012-04-29 15:20
.
Před spuštěním: Volných bajtů: 10 625 953 792
Po spuštění: Volných bajtů: 10 606 194 688
.
- - End Of File - - 26FE9B9C149652EFC643F73ADFD2ECA1
Re: Google přesměrování na jiné stránky
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
Fcopy::
c:\windows\ERDNT\cache\winlogon.exe | c:\windows\system32\winlogon.exe
File::
c:\documents and settings\UserXP\Data aplikací\3E.tmp
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Google přesměrování na jiné stránky
ComboFix 12-04-31.02 - UserXP . 04. 2012 22:36:20.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.759.262 [GMT 2:00]
Spuštěný z: c:\documents and settings\UserXP\Plocha\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\UserXP\Data aplikací\10.tmp
c:\documents and settings\UserXP\Data aplikací\16.tmp
c:\documents and settings\UserXP\Data aplikací\6.tmp
c:\documents and settings\UserXP\Data aplikací\7.tmp
c:\documents and settings\UserXP\t.exe
c:\recycler\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe
c:\windows\csdrive32.exe
c:\windows\system32\15.exe
c:\windows\system32\27.exe
c:\windows\system32\51.exe
c:\windows\system32\56.exe
c:\windows\system32\65.exe
c:\windows\system32\67.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-28 do 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 17:23 . 2012-04-30 17:23 284 ----a-w- c:\documents and settings\UserXP\Data aplikací\11.tmp
2012-04-30 14:57 . 2012-04-30 14:57 284 ----a-w- c:\documents and settings\UserXP\Data aplikací\17.tmp
2012-04-30 11:39 . 2012-04-30 11:39 -------- d-----w- C:\_OTL
2012-04-30 08:31 . 2012-04-30 08:31 512 ----a-w- C:\PhysicalMBR.bin
2012-04-29 19:21 . 2012-04-29 19:21 284 ----a-w- c:\documents and settings\UserXP\Data aplikací\3E.tmp
2012-04-29 13:31 . 2012-04-29 13:31 -------- d-----w- C:\rsit
2012-04-29 10:43 . 2012-04-29 10:43 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\Seznam.cz
2012-04-28 17:09 . 2012-04-28 17:09 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-28 09:53 . 2012-04-28 09:53 -------- d-----w- c:\documents and settings\NetworkService\IETldCache
2012-04-28 09:21 . 2012-04-28 09:21 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2012-04-28 09:20 . 2012-04-28 17:07 -------- d-----w- c:\program files\Microsoft Silverlight
2012-04-26 06:54 . 2012-04-26 06:54 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Ad-Aware Antivirus
2012-04-26 06:41 . 2012-04-28 17:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2012-04-26 06:39 . 2012-04-26 06:53 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\Ad-Aware Antivirus
2012-04-14 09:02 . 2011-03-02 11:43 175616 ----a-w- c:\windows\system32\unrar.dll
2012-04-14 09:02 . 2012-04-14 09:02 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-04-14 08:56 . 2012-04-14 08:56 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-13 08:50 . 2012-04-13 08:51 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\Moto assistant
2012-04-13 08:49 . 2012-04-13 08:50 -------- d-----w- c:\program files\Moto asistant
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-28 20:08 . 2010-01-05 21:05 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-28 20:08 . 2010-01-05 21:05 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-14 08:56 . 2011-05-20 03:48 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2010-01-05 19:49 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[-] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-04-29_15.10.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-30 20:21 . 2012-04-30 20:21 16384 c:\windows\temp\Perflib_Perfdata_a80.dat
+ 2012-04-30 20:21 . 2012-04-30 20:21 16384 c:\windows\temp\Perflib_Perfdata_604.dat
+ 2010-01-05 17:03 . 2012-04-29 23:27 83932 c:\windows\system32\perfc009.dat
- 2010-01-05 17:03 . 2012-04-28 09:57 83932 c:\windows\system32\perfc009.dat
+ 2010-01-05 17:03 . 2012-04-29 23:27 97754 c:\windows\system32\perfc005.dat
- 2010-01-05 17:03 . 2012-04-28 09:57 97754 c:\windows\system32\perfc005.dat
+ 2012-04-30 00:38 . 2011-07-06 19:44 310784 c:\windows\system32\WgaTray.exe
+ 2012-04-30 00:38 . 2011-07-06 19:44 183808 c:\windows\system32\WgaLogon.dll
+ 2010-01-05 17:04 . 2012-04-29 23:27 493388 c:\windows\system32\perfh009.dat
- 2010-01-05 17:04 . 2012-04-28 09:57 493388 c:\windows\system32\perfh009.dat
- 2010-01-05 17:04 . 2012-04-28 09:57 488316 c:\windows\system32\perfh005.dat
+ 2010-01-05 17:04 . 2012-04-29 23:27 488316 c:\windows\system32\perfh005.dat
+ 2010-01-05 17:06 . 2008-04-14 13:00 361344 c:\windows\system32\drivers\tcpip.sys
+ 2012-04-30 00:38 . 2011-07-06 19:44 1488688 c:\windows\system32\LegitCheckControl.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]
"iVolStartup"="c:\program files\iVol\iVol.exe" [2005-11-09 110592]
"chromium"="c:\documents and settings\UserXP\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe" [2011-09-03 1017912]
"Seznam Postak"="c:\documents and settings\UserXP\Local Settings\Data aplikací\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
"Iconoid"="c:\program files\Iconoid\iconoid.exe" [2007-02-03 274432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 88209]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-08 115560]
"BIH"="bih.dll" [2010-01-06 200704]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-11-29 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"SE-DesktopConstructor"="c:\program files\SE-SOFT.COM\SE-DesktopConstructor\SE-DesktopConstructor.exe" [2011-01-23 247296]
"Atomic.exe"="c:\program files\Atomic Clock Sync\Atomic.exe" [2004-09-18 524288]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-3-31 507965]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:16 203928 -c--a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2006-12-26 00:23 643072 ----a-w- c:\program files\Eraser\eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-09-01 11:39 966712 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-12-09 10:12 234856 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27. 1. 2010 4:09 50704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14. 4. 2012 7:10 106104]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5. 1. 2010 21:07 47360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10. 8. 2011 21:41 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29. 2. 2012 9:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14. 4. 2012 10:56 253088]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\UserXP\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\UserXP\LOCALS~1\Temp\CFcatchme.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [18. 11. 2008 19:17 23888]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10. 8. 2011 21:41 136176]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [13. 12. 2006 11:00 19072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 08:56]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-10 19:40]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-10 19:40]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Ygsisg - c:\documents and settings\UserXP\Data aplikací\Ygsisg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-30 22:50
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-04-30 22:54:33
ComboFix-quarantined-files.txt 2012-04-30 20:54
ComboFix2.txt 2012-04-30 13:22
ComboFix3.txt 2012-04-29 21:58
ComboFix4.txt 2012-04-29 15:20
.
Před spuštěním: Volných bajtů: 10 588 958 720
Po spuštění: Volných bajtů: 10 571 804 672
.
- - End Of File - - 083C9809E83ADBB711515467CC84F439
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.759.262 [GMT 2:00]
Spuštěný z: c:\documents and settings\UserXP\Plocha\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\UserXP\Data aplikací\10.tmp
c:\documents and settings\UserXP\Data aplikací\16.tmp
c:\documents and settings\UserXP\Data aplikací\6.tmp
c:\documents and settings\UserXP\Data aplikací\7.tmp
c:\documents and settings\UserXP\t.exe
c:\recycler\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe
c:\windows\csdrive32.exe
c:\windows\system32\15.exe
c:\windows\system32\27.exe
c:\windows\system32\51.exe
c:\windows\system32\56.exe
c:\windows\system32\65.exe
c:\windows\system32\67.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-28 do 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 17:23 . 2012-04-30 17:23 284 ----a-w- c:\documents and settings\UserXP\Data aplikací\11.tmp
2012-04-30 14:57 . 2012-04-30 14:57 284 ----a-w- c:\documents and settings\UserXP\Data aplikací\17.tmp
2012-04-30 11:39 . 2012-04-30 11:39 -------- d-----w- C:\_OTL
2012-04-30 08:31 . 2012-04-30 08:31 512 ----a-w- C:\PhysicalMBR.bin
2012-04-29 19:21 . 2012-04-29 19:21 284 ----a-w- c:\documents and settings\UserXP\Data aplikací\3E.tmp
2012-04-29 13:31 . 2012-04-29 13:31 -------- d-----w- C:\rsit
2012-04-29 10:43 . 2012-04-29 10:43 -------- d-----w- c:\documents and settings\UserXP\Local Settings\Data aplikací\Seznam.cz
2012-04-28 17:09 . 2012-04-28 17:09 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-28 09:53 . 2012-04-28 09:53 -------- d-----w- c:\documents and settings\NetworkService\IETldCache
2012-04-28 09:21 . 2012-04-28 09:21 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2012-04-28 09:20 . 2012-04-28 17:07 -------- d-----w- c:\program files\Microsoft Silverlight
2012-04-26 06:54 . 2012-04-26 06:54 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Ad-Aware Antivirus
2012-04-26 06:41 . 2012-04-28 17:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Lavasoft
2012-04-26 06:39 . 2012-04-26 06:53 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\Ad-Aware Antivirus
2012-04-14 09:02 . 2011-03-02 11:43 175616 ----a-w- c:\windows\system32\unrar.dll
2012-04-14 09:02 . 2012-04-14 09:02 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-04-14 08:56 . 2012-04-14 08:56 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-13 08:50 . 2012-04-13 08:51 -------- d-----w- c:\documents and settings\UserXP\Data aplikací\Moto assistant
2012-04-13 08:49 . 2012-04-13 08:50 -------- d-----w- c:\program files\Moto asistant
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-28 20:08 . 2010-01-05 21:05 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-28 20:08 . 2010-01-05 21:05 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-14 08:56 . 2011-05-20 03:48 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2010-01-05 19:49 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe
[-] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-04-29_15.10.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-30 20:21 . 2012-04-30 20:21 16384 c:\windows\temp\Perflib_Perfdata_a80.dat
+ 2012-04-30 20:21 . 2012-04-30 20:21 16384 c:\windows\temp\Perflib_Perfdata_604.dat
+ 2010-01-05 17:03 . 2012-04-29 23:27 83932 c:\windows\system32\perfc009.dat
- 2010-01-05 17:03 . 2012-04-28 09:57 83932 c:\windows\system32\perfc009.dat
+ 2010-01-05 17:03 . 2012-04-29 23:27 97754 c:\windows\system32\perfc005.dat
- 2010-01-05 17:03 . 2012-04-28 09:57 97754 c:\windows\system32\perfc005.dat
+ 2012-04-30 00:38 . 2011-07-06 19:44 310784 c:\windows\system32\WgaTray.exe
+ 2012-04-30 00:38 . 2011-07-06 19:44 183808 c:\windows\system32\WgaLogon.dll
+ 2010-01-05 17:04 . 2012-04-29 23:27 493388 c:\windows\system32\perfh009.dat
- 2010-01-05 17:04 . 2012-04-28 09:57 493388 c:\windows\system32\perfh009.dat
- 2010-01-05 17:04 . 2012-04-28 09:57 488316 c:\windows\system32\perfh005.dat
+ 2010-01-05 17:04 . 2012-04-29 23:27 488316 c:\windows\system32\perfh005.dat
+ 2010-01-05 17:06 . 2008-04-14 13:00 361344 c:\windows\system32\drivers\tcpip.sys
+ 2012-04-30 00:38 . 2011-07-06 19:44 1488688 c:\windows\system32\LegitCheckControl.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]
"iVolStartup"="c:\program files\iVol\iVol.exe" [2005-11-09 110592]
"chromium"="c:\documents and settings\UserXP\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe" [2011-09-03 1017912]
"Seznam Postak"="c:\documents and settings\UserXP\Local Settings\Data aplikací\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
"Iconoid"="c:\program files\Iconoid\iconoid.exe" [2007-02-03 274432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"AGRSMMSG"="AGRSMMSG.exe" [2005-11-16 88209]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-08 115560]
"BIH"="bih.dll" [2010-01-06 200704]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-01-19 221184]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-11-29 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"SE-DesktopConstructor"="c:\program files\SE-SOFT.COM\SE-DesktopConstructor\SE-DesktopConstructor.exe" [2011-01-23 247296]
"Atomic.exe"="c:\program files\Atomic Clock Sync\Atomic.exe" [2004-09-18 524288]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
BTTray.lnk - c:\program files\MSI\Bluetooth Software\BTTray.exe [2004-3-31 507965]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:16 203928 -c--a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2006-12-26 00:23 643072 ----a-w- c:\program files\Eraser\eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-09-01 11:39 966712 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-12-09 10:12 234856 ----a-w- c:\program files\TomTom HOME 2\HOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27. 1. 2010 4:09 50704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14. 4. 2012 7:10 106104]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5. 1. 2010 21:07 47360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10. 8. 2011 21:41 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29. 2. 2012 9:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14. 4. 2012 10:56 253088]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\UserXP\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\UserXP\LOCALS~1\Temp\CFcatchme.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [18. 11. 2008 19:17 23888]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10. 8. 2011 21:41 136176]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [13. 12. 2006 11:00 19072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 08:56]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-10 19:40]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-10 19:40]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Send To &Bluetooth - c:\program files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Ygsisg - c:\documents and settings\UserXP\Data aplikací\Ygsisg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-30 22:50
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-04-30 22:54:33
ComboFix-quarantined-files.txt 2012-04-30 20:54
ComboFix2.txt 2012-04-30 13:22
ComboFix3.txt 2012-04-29 21:58
ComboFix4.txt 2012-04-29 15:20
.
Před spuštěním: Volných bajtů: 10 588 958 720
Po spuštění: Volných bajtů: 10 571 804 672
.
- - End Of File - - 083C9809E83ADBB711515467CC84F439
Re: Google přesměrování na jiné stránky
Připojil jste pc k netu a je to zpět 
.
Otestujte na www.virustotal.com
c:\windows\system32\winlogon.exe(dáte realnalyze)
Zapojte do pc všechny usb klíče, flashky...co používáte
Použijte USB fix
http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Před stažením vypněte rezidentní štít antiviru, má na Usbfix falešnou detekci
-spusťte
-klikněte na volbu research , potvrdte enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt
. Otestujte na www.virustotal.comc:\windows\system32\winlogon.exe(dáte realnalyze)
Zapojte do pc všechny usb klíče, flashky...co používátePoužijte USB fix
http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Před stažením vypněte rezidentní štít antiviru, má na Usbfix falešnou detekci-spusťte
-klikněte na volbu research , potvrdte enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Google přesměrování na jiné stránky
Jak mám otestovat na virus total když nejsem na tom kompu nanetu
Re: Google přesměrování na jiné stránky
M"žete ho překopírovat na flešku. Ale nejdřív prosím spustte usb fix.
Já už jdu spát, ráno mrknu
Já už jdu spát, ráno mrknu
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Google přesměrování na jiné stránky
SHA256: 70f824164fc862aaaf740dee7d6f77f78d51a27ee1caec344a203f58b7dddbaa
File name: winlogon.exe
Detection ratio: 1 / 42
Analysis date: 2012-04-30 21:49:24 UTC ( 1 minuta ago )
00
More details
Antivirus Result Update
AhnLab-V3 - 20120430
AntiVir - 20120430
Antiy-AVL - 20120430
Avast - 20120430
AVG - 20120430
BitDefender - 20120430
ByteHero - 20120424
CAT-QuickHeal - 20120430
ClamAV - 20120430
Commtouch - 20120430
Comodo - 20120430
DrWeb - 20120430
Emsisoft - 20120430
eSafe Win32.Agent.ha 20120430
eTrust-Vet - 20120430
F-Prot - 20120430
F-Secure - 20120430
Fortinet - 20120430
GData - 20120430
Ikarus - 20120430
Jiangmin - 20120430
K7AntiVirus - 20120430
Kaspersky - 20120430
McAfee - 20120430
McAfee-GW-Edition - 20120430
Microsoft - 20120430
NOD32 - 20120430
Norman - 20120430
nProtect - 20120430
Panda - 20120430
PCTools - 20120430
Rising - 20120428
Sophos - 20120430
SUPERAntiSpyware - 20120402
Symantec - 20120430
TheHacker - 20120428
TrendMicro - 20120430
TrendMicro-HouseCall - 20120430
VBA32 - 20120430
VIPRE - 20120430
ViRobot - 20120430
VirusBuster - 20120430
Comments
Votes
Additional information
No comments
File name: winlogon.exe
Detection ratio: 1 / 42
Analysis date: 2012-04-30 21:49:24 UTC ( 1 minuta ago )
00
More details
Antivirus Result Update
AhnLab-V3 - 20120430
AntiVir - 20120430
Antiy-AVL - 20120430
Avast - 20120430
AVG - 20120430
BitDefender - 20120430
ByteHero - 20120424
CAT-QuickHeal - 20120430
ClamAV - 20120430
Commtouch - 20120430
Comodo - 20120430
DrWeb - 20120430
Emsisoft - 20120430
eSafe Win32.Agent.ha 20120430
eTrust-Vet - 20120430
F-Prot - 20120430
F-Secure - 20120430
Fortinet - 20120430
GData - 20120430
Ikarus - 20120430
Jiangmin - 20120430
K7AntiVirus - 20120430
Kaspersky - 20120430
McAfee - 20120430
McAfee-GW-Edition - 20120430
Microsoft - 20120430
NOD32 - 20120430
Norman - 20120430
nProtect - 20120430
Panda - 20120430
PCTools - 20120430
Rising - 20120428
Sophos - 20120430
SUPERAntiSpyware - 20120402
Symantec - 20120430
TheHacker - 20120428
TrendMicro - 20120430
TrendMicro-HouseCall - 20120430
VBA32 - 20120430
VIPRE - 20120430
ViRobot - 20120430
VirusBuster - 20120430
Comments
Votes
Additional information
No comments
Re: Google přesměrování na jiné stránky
############################## | UsbFix 7.059 | [Research]
User: UserXP (Administrator) # PRIVE-8790F49A2 [ ]
Updated 16/09/2011 by El Desaparecido
Started at 23:52:43 | 30/04/2012
Website: http://eldesaparecido.com
Submit your sample: http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com
CPU: Intel(R) Celeron(R) M processor 1.50GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall: Disabled /!\
Antivirus: Symantec Endpoint Protection 11.0.5002.290 [(!) Disabled | Updated]
Firewall: Symantec Endpoint Protection 10.0 [(!) Disabled]
RAM -> 759 Mb
C:\ (%systemdrive%) -> Fixed drive # 37 Gb (10 Mb free - 27%) [Místní disk] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [] # FAT32
F:\ -> Removable drive # 15 Gb (15 Mb free - 100%) [] # FAT32
G:\ -> Removable drive # 2 Gb (695 Mb free - 36%) [CORSAIR] # FAT
################## | Files # Infected Folders |
Found ! C:\Documents and Settings\UserXP\Data aplikací\11.tmp
Found ! C:\Documents and Settings\UserXP\Data aplikací\13.tmp
Found ! C:\Documents and Settings\UserXP\Data aplikací\14.tmp
Found ! C:\Documents and Settings\UserXP\Data aplikací\17.tmp
Found ! C:\Documents and Settings\UserXP\Data aplikací\3E.tmp
Found ! C:\Documents and Settings\UserXP\Data aplikací\Ygsisg.exe
Found ! C:\Documents and Settings\UserXP\t.exe
Found ! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
Found ! C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013
Found ! C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830
################## | Registry |
Found ! HKLM\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecentDocsMenu
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft Driver Setup
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Microsoft Driver Setup
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|zaber0
################## | Mountpoints2 |
################## | Vaccin |
(!) This computer is not vaccinated!
################## | E.O.F |
User: UserXP (Administrator) # PRIVE-8790F49A2 [ ]
Updated 16/09/2011 by El Desaparecido
Started at 23:52:43 | 30/04/2012
Website: http://eldesaparecido.com
Submit your sample: http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com
CPU: Intel(R) Celeron(R) M processor 1.50GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall: Disabled /!\
Antivirus: Symantec Endpoint Protection 11.0.5002.290 [(!) Disabled | Updated]
Firewall: Symantec Endpoint Protection 10.0 [(!) Disabled]
RAM -> 759 Mb
C:\ (%systemdrive%) -> Fixed drive # 37 Gb (10 Mb free - 27%) [Místní disk] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [] # FAT32
F:\ -> Removable drive # 15 Gb (15 Mb free - 100%) [] # FAT32
G:\ -> Removable drive # 2 Gb (695 Mb free - 36%) [CORSAIR] # FAT
################## | Files # Infected Folders |
Found ! C:\Documents and Settings\UserXP\Data aplikací\11.tmp
Found ! C:\Documents and Settings\UserXP\Data aplikací\13.tmp
Found ! C:\Documents and Settings\UserXP\Data aplikací\14.tmp
Found ! C:\Documents and Settings\UserXP\Data aplikací\17.tmp
Found ! C:\Documents and Settings\UserXP\Data aplikací\3E.tmp
Found ! C:\Documents and Settings\UserXP\Data aplikací\Ygsisg.exe
Found ! C:\Documents and Settings\UserXP\t.exe
Found ! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
Found ! C:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013
Found ! C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830
################## | Registry |
Found ! HKLM\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecentDocsMenu
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft Driver Setup
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Microsoft Driver Setup
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|zaber0
################## | Mountpoints2 |
################## | Vaccin |
(!) This computer is not vaccinated!
################## | E.O.F |
Re: Google přesměrování na jiné stránky
Odpojte pc od netu a nechejte zatím odpojené.
SPustte znovu USB fix a dejte volbu deletion
stáhněte http://forum.viry.cz//viewtopic.php?f=29&t=58179
-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky
SPustte znovu USB fix a dejte volbu deletion
stáhněte http://forum.viry.cz//viewtopic.php?f=29&t=58179-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Google přesměrování na jiné stránky
############################## | UsbFix 7.059 | [Deletion]
User: UserXP (Administrator) # PRIVE-8790F49A2 [ ]
Updated 16/09/2011 by El Desaparecido
Started at 09:59:39 | 01/05/2012
Website: http://eldesaparecido.com
Submit your sample: http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com
CPU: Intel(R) Celeron(R) M processor 1.50GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall: Disabled /!\
Antivirus: Symantec Endpoint Protection 11.0.5002.290 [(!) Disabled | Updated]
Firewall: Symantec Endpoint Protection 10.0 [(!) Disabled]
RAM -> 759 Mb
C:\ (%systemdrive%) -> Fixed drive # 37 Gb (10 Mb free - 27%) [Místní disk] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [] # FAT32
F:\ -> Removable drive # 15 Gb (15 Mb free - 100%) [] # FAT32
G:\ -> Removable drive # 2 Gb (695 Mb free - 36%) [CORSAIR] # FAT
################## | Files # Infected Folders |
Deleted ! C:\Documents and Settings\UserXP\Data aplikací\11.tmp
Deleted ! C:\Documents and Settings\UserXP\Data aplikací\13.tmp
Deleted ! C:\Documents and Settings\UserXP\Data aplikací\14.tmp
Deleted ! C:\Documents and Settings\UserXP\Data aplikací\17.tmp
Deleted ! C:\Documents and Settings\UserXP\Data aplikací\3E.tmp
Deleted ! C:\Documents and Settings\UserXP\Data aplikací\Ygsisg.exe
Deleted ! C:\Documents and Settings\UserXP\t.exe
Deleted ! C:\Recycler\R-1-5-21-1482476501-1644491937-682003330-1013
Deleted ! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
Deleted ! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-1830
(!) Temporary files deleted.
################## | Registry |
Deleted ! HKLM\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecentDocsMenu
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft Driver Setup
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Microsoft Driver Setup
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|zaber0
################## | Mountpoints2 |
################## | Listing |
[05/01/2010 - 19:11:58 | | 0] C:\AUTOEXEC.BAT
[05/01/2010 - 19:07:32 | | 211] C:\BOOT.001
[14/04/2008 - 15:00:00 | | 4952] C:\Bootfont.bin
[06/01/2010 - 14:22:43 | D ] C:\CanonMP
[30/04/2012 - 22:54:46 | D ] C:\ComboFix
[30/04/2012 - 22:54:35 | | 14165] C:\ComboFix.txt
[28/04/2012 - 22:47:25 | D ] C:\Config.Msi
[05/01/2010 - 19:11:58 | | 0] C:\CONFIG.SYS
[04/02/2010 - 03:53:57 | D ] C:\Diskeeper
[05/01/2010 - 20:22:07 | D ] C:\Documents and Settings
[05/01/2010 - 23:51:35 | D ] C:\Downloads
[14/04/2010 - 13:00:11 | D ] C:\Egg-TimeCounterWin
[05/09/2001 - 22:00:58 | | 1700352] C:\gdiplus.dll
[05/01/2010 - 19:11:58 | | 0] C:\IO.SYS
[05/01/2010 - 19:11:58 | | 0] C:\MSDOS.SYS
[05/01/2010 - 21:43:20 | RD ] C:\MSOCache
[14/04/2008 - 15:00:00 | N | 47564] C:\NTDETECT.COM
[14/04/2008 - 15:00:00 | N | 250576] C:\ntldr
[23/07/2011 - 17:25:43 | | 262144] C:\ntuser.dat
[18/11/2011 - 09:56:11 | | 1024] C:\ntuser.dat.LOG
[01/05/2012 - 09:44:14 | ASH | 1195376640] C:\pagefile.sys
[30/04/2012 - 10:31:55 | | 512] C:\PhysicalMBR.bin
[28/04/2012 - 20:43:46 | D ] C:\Program Files
[30/04/2012 - 22:54:38 | D ] C:\Qoobox
[01/05/2012 - 10:01:15 | SHD ] C:\RECYCLER
[29/04/2012 - 15:31:33 | D ] C:\rsit
[02/07/2011 - 09:48:28 | SHD ] C:\System Volume Information
[26/08/2010 - 20:31:56 | | 0] C:\t1hg.2
[29/04/2012 - 18:12:33 | | 348] C:\TDSSKiller.2.7.11.0_29.04.2012_18.12.27_log.txt
[29/04/2012 - 18:14:15 | | 348] C:\TDSSKiller.2.7.11.0_29.04.2012_18.14.08_log.txt
[29/04/2012 - 18:18:25 | | 113090] C:\TDSSKiller.2.7.11.0_29.04.2012_18.14.21_log.txt
[29/04/2012 - 18:18:33 | | 348] C:\TDSSKiller.2.7.11.0_29.04.2012_18.18.30_log.txt
[29/04/2012 - 22:20:19 | | 176154] C:\TDSSKiller.2.7.33.0_29.04.2012_21.55.12_log.txt
[18/09/2011 - 11:13:40 | D ] C:\Temp
[05/01/2010 - 22:47:45 | D ] C:\totalcmd
[17/11/2011 - 21:10:02 | D ] C:\USB
[01/05/2012 - 10:01:15 | D ] C:\UsbFix
[01/05/2012 - 10:03:28 | A | 2384] C:\UsbFix.txt
[30/04/2012 - 22:55:03 | D ] C:\WINDOWS
[03/08/2010 - 15:59:23 | D ] C:\Záloha mail adres
[30/04/2012 - 13:39:55 | D ] C:\_OTL
[28/03/2010 - 20:16:02 | D ] G:\DVD5
[28/03/2010 - 20:16:22 | D ] G:\Faktury
[04/05/2010 - 07:04:40 | D ] G:\Lucka
[04/05/2010 - 07:04:50 | D ] G:\Tapety
[04/05/2010 - 07:04:58 | D ] G:\Nová složka (2)
[04/05/2010 - 07:05:22 | D ] G:\Nová složka (3)
[07/01/2011 - 11:06:24 | D ] G:\TP Moto
[06/08/2011 - 15:31:04 | D ] G:\HR-upraveno
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
E:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
F:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
G:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_PRIVE-8790F49A2.zip
http://eldesaparecido.com/support.php
Thank you for your contribution.
################## | E.O.F |
User: UserXP (Administrator) # PRIVE-8790F49A2 [ ]
Updated 16/09/2011 by El Desaparecido
Started at 09:59:39 | 01/05/2012
Website: http://eldesaparecido.com
Submit your sample: http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com
CPU: Intel(R) Celeron(R) M processor 1.50GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall: Disabled /!\
Antivirus: Symantec Endpoint Protection 11.0.5002.290 [(!) Disabled | Updated]
Firewall: Symantec Endpoint Protection 10.0 [(!) Disabled]
RAM -> 759 Mb
C:\ (%systemdrive%) -> Fixed drive # 37 Gb (10 Mb free - 27%) [Místní disk] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [] # FAT32
F:\ -> Removable drive # 15 Gb (15 Mb free - 100%) [] # FAT32
G:\ -> Removable drive # 2 Gb (695 Mb free - 36%) [CORSAIR] # FAT
################## | Files # Infected Folders |
Deleted ! C:\Documents and Settings\UserXP\Data aplikací\11.tmp
Deleted ! C:\Documents and Settings\UserXP\Data aplikací\13.tmp
Deleted ! C:\Documents and Settings\UserXP\Data aplikací\14.tmp
Deleted ! C:\Documents and Settings\UserXP\Data aplikací\17.tmp
Deleted ! C:\Documents and Settings\UserXP\Data aplikací\3E.tmp
Deleted ! C:\Documents and Settings\UserXP\Data aplikací\Ygsisg.exe
Deleted ! C:\Documents and Settings\UserXP\t.exe
Deleted ! C:\Recycler\R-1-5-21-1482476501-1644491937-682003330-1013
Deleted ! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
Deleted ! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-1830
(!) Temporary files deleted.
################## | Registry |
Deleted ! HKLM\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecentDocsMenu
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft Driver Setup
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Microsoft Driver Setup
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|zaber0
################## | Mountpoints2 |
################## | Listing |
[05/01/2010 - 19:11:58 | | 0] C:\AUTOEXEC.BAT
[05/01/2010 - 19:07:32 | | 211] C:\BOOT.001
[14/04/2008 - 15:00:00 | | 4952] C:\Bootfont.bin
[06/01/2010 - 14:22:43 | D ] C:\CanonMP
[30/04/2012 - 22:54:46 | D ] C:\ComboFix
[30/04/2012 - 22:54:35 | | 14165] C:\ComboFix.txt
[28/04/2012 - 22:47:25 | D ] C:\Config.Msi
[05/01/2010 - 19:11:58 | | 0] C:\CONFIG.SYS
[04/02/2010 - 03:53:57 | D ] C:\Diskeeper
[05/01/2010 - 20:22:07 | D ] C:\Documents and Settings
[05/01/2010 - 23:51:35 | D ] C:\Downloads
[14/04/2010 - 13:00:11 | D ] C:\Egg-TimeCounterWin
[05/09/2001 - 22:00:58 | | 1700352] C:\gdiplus.dll
[05/01/2010 - 19:11:58 | | 0] C:\IO.SYS
[05/01/2010 - 19:11:58 | | 0] C:\MSDOS.SYS
[05/01/2010 - 21:43:20 | RD ] C:\MSOCache
[14/04/2008 - 15:00:00 | N | 47564] C:\NTDETECT.COM
[14/04/2008 - 15:00:00 | N | 250576] C:\ntldr
[23/07/2011 - 17:25:43 | | 262144] C:\ntuser.dat
[18/11/2011 - 09:56:11 | | 1024] C:\ntuser.dat.LOG
[01/05/2012 - 09:44:14 | ASH | 1195376640] C:\pagefile.sys
[30/04/2012 - 10:31:55 | | 512] C:\PhysicalMBR.bin
[28/04/2012 - 20:43:46 | D ] C:\Program Files
[30/04/2012 - 22:54:38 | D ] C:\Qoobox
[01/05/2012 - 10:01:15 | SHD ] C:\RECYCLER
[29/04/2012 - 15:31:33 | D ] C:\rsit
[02/07/2011 - 09:48:28 | SHD ] C:\System Volume Information
[26/08/2010 - 20:31:56 | | 0] C:\t1hg.2
[29/04/2012 - 18:12:33 | | 348] C:\TDSSKiller.2.7.11.0_29.04.2012_18.12.27_log.txt
[29/04/2012 - 18:14:15 | | 348] C:\TDSSKiller.2.7.11.0_29.04.2012_18.14.08_log.txt
[29/04/2012 - 18:18:25 | | 113090] C:\TDSSKiller.2.7.11.0_29.04.2012_18.14.21_log.txt
[29/04/2012 - 18:18:33 | | 348] C:\TDSSKiller.2.7.11.0_29.04.2012_18.18.30_log.txt
[29/04/2012 - 22:20:19 | | 176154] C:\TDSSKiller.2.7.33.0_29.04.2012_21.55.12_log.txt
[18/09/2011 - 11:13:40 | D ] C:\Temp
[05/01/2010 - 22:47:45 | D ] C:\totalcmd
[17/11/2011 - 21:10:02 | D ] C:\USB
[01/05/2012 - 10:01:15 | D ] C:\UsbFix
[01/05/2012 - 10:03:28 | A | 2384] C:\UsbFix.txt
[30/04/2012 - 22:55:03 | D ] C:\WINDOWS
[03/08/2010 - 15:59:23 | D ] C:\Záloha mail adres
[30/04/2012 - 13:39:55 | D ] C:\_OTL
[28/03/2010 - 20:16:02 | D ] G:\DVD5
[28/03/2010 - 20:16:22 | D ] G:\Faktury
[04/05/2010 - 07:04:40 | D ] G:\Lucka
[04/05/2010 - 07:04:50 | D ] G:\Tapety
[04/05/2010 - 07:04:58 | D ] G:\Nová složka (2)
[04/05/2010 - 07:05:22 | D ] G:\Nová složka (3)
[07/01/2011 - 11:06:24 | D ] G:\TP Moto
[06/08/2011 - 15:31:04 | D ] G:\HR-upraveno
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
E:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
F:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
G:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_PRIVE-8790F49A2.zip
http://eldesaparecido.com/support.php
Thank you for your contribution.
################## | E.O.F |
Re: Google přesměrování na jiné stránky
Tuto složku znáte?
C:\t1hg.2
A doufám že jste měl flešku v pc, když byl spuštěný usb fix.
C:\t1hg.2
A doufám že jste měl flešku v pc, když byl spuštěný usb fix.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Google přesměrování na jiné stránky
takovou složku tam nevidím a ani ji neznám
flešky připojeny všechny 3
log hotov
Status: Disinfected (events: 9)
1. 5. 2012 10:42:45 Disinfected Trojan program Trojan-Dropper.Win32.Injector.eufm C:\UsbFix_Upload_Me_PRIVE-8790F49A2.zip High
1. 5. 2012 10:42:45 Disinfected Trojan program Trojan-Dropper.Win32.Injector.eufm C:\UsbFix_Upload_Me_PRIVE-8790F49A2.zip/UsbFix_Upload_Me/C/Documents and Settings/UserXP/Data aplikacÝ/13.tmp.vir High
1. 5. 2012 10:42:45 Disinfected virus Net-Worm.Win32.Kolab.bggt C:\UsbFix_Upload_Me_PRIVE-8790F49A2.zip/UsbFix_Upload_Me/C/Documents and Settings/UserXP/Data aplikacÝ/14.tmp.vir High
1. 5. 2012 10:42:45 Disinfected virus Worm.Win32.AutoRun.dpzw C:\UsbFix_Upload_Me_PRIVE-8790F49A2.zip/UsbFix_Upload_Me/C/Documents and Settings/UserXP/Data aplikacÝ/Ygsisg.exe.vir High
1. 5. 2012 10:42:45 Disinfected virus Worm.Win32.AutoRun.dpzw C:\UsbFix_Upload_Me_PRIVE-8790F49A2.zip/UsbFix_Upload_Me/C/Documents and Settings/UserXP/t.exe.vir High
1. 5. 2012 10:42:45 Disinfected Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\UsbFix_Upload_Me_PRIVE-8790F49A2.zip/UsbFix_Upload_Me/C/Recycler/R-1-5-21-1482476501-1644491937-682003330-1013/ecleaner.exe.vir High
1. 5. 2012 10:42:45 Disinfected Trojan program Trojan-Dropper.Win32.Injector.eufm C:\UsbFix_Upload_Me_PRIVE-8790F49A2.zip/UsbFix_Upload_Me/C/Recycler/S-1-5-21-0243556031-888888379-781863308-1830/zaberg.exe.vir High
1. 5. 2012 11:58:18 Disinfected Trojan program HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\[4]-Submit_2012-04-29_23.08.25.zip High
1. 5. 2012 11:58:18 Disinfected virus Worm.Win32.AutoRun.dpup C:\Qoobox\Quarantine\[4]-Submit_2012-04-29_23.08.25.zip/Ygsisg.exe High
Status: Deleted (events: 31)
1. 5. 2012 11:20:32 Deleted Trojan program Trojan.Win32.Jorik.Tedroo.akj C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec Endpoint Protection\Quarantine\0DA80000.VBN High
1. 5. 2012 11:20:32 Deleted Trojan program Trojan.Win32.Jorik.Tedroo.akj C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec Endpoint Protection\Quarantine\0DA80000.VBN//CryptZ High
1. 5. 2012 11:21:24 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\R2Y558QZ\i[1].exe High
1. 5. 2012 11:32:41 Deleted virus Worm.Win32.AutoRun.dpup C:\Documents and Settings\UserXP\Plocha\RK_Quarantine\Ygsisg.exe.vir High
1. 5. 2012 11:59:48 Deleted Trojan program Trojan-Dropper.Win32.Injector.eufm C:\Qoobox\Quarantine\C\Documents and Settings\UserXP\Data aplikací\10.tmp.vir High
1. 5. 2012 12:00:02 Deleted Trojan program Trojan-Dropper.Win32.Injector.eufm C:\Qoobox\Quarantine\C\Documents and Settings\UserXP\Data aplikací\16.tmp.vir High
1. 5. 2012 11:59:56 Deleted virus Worm.Win32.AutoRun.dpzw C:\Qoobox\Quarantine\C\Documents and Settings\UserXP\t.exe.vir High
1. 5. 2012 12:00:08 Deleted Trojan program Trojan-Dropper.Win32.Injector.eufm C:\Qoobox\Quarantine\C\Documents and Settings\UserXP\Data aplikací\3D.tmp.vir High
1. 5. 2012 12:00:15 Deleted Trojan program Trojan-Dropper.Win32.Injector.eufm C:\Qoobox\Quarantine\C\Documents and Settings\UserXP\Data aplikací\6.tmp.vir High
1. 5. 2012 12:00:21 Deleted virus Net-Worm.Win32.Kolab.bggt C:\Qoobox\Quarantine\C\Documents and Settings\UserXP\Data aplikací\7.tmp.vir High
1. 5. 2012 12:00:27 Deleted virus Net-Worm.Win32.Kolab.bgfv C:\Qoobox\Quarantine\C\Documents and Settings\UserXP\Data aplikací\8.tmp.vir High
1. 5. 2012 12:00:33 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\Qoobox\Quarantine\C\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe.vir High
1. 5. 2012 12:00:39 Deleted virus Net-Worm.Win32.Kolab.bggt C:\Qoobox\Quarantine\C\WINDOWS\csdrive32.exe.vir High
1. 5. 2012 12:00:49 Deleted Trojan program Backdoor.Win32.Floder.ijw C:\Qoobox\Quarantine\C\WINDOWS\system32\14.exe.vir High
1. 5. 2012 12:01:41 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\Qoobox\Quarantine\C\WINDOWS\system32\15.exe.vir High
1. 5. 2012 12:01:58 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\Qoobox\Quarantine\C\WINDOWS\system32\27.exe.vir High
1. 5. 2012 12:01:46 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\Qoobox\Quarantine\C\WINDOWS\system32\51.exe.vir High
1. 5. 2012 12:01:52 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\Qoobox\Quarantine\C\WINDOWS\system32\56.exe.vir High
1. 5. 2012 12:02:04 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\Qoobox\Quarantine\C\WINDOWS\system32\65.exe.vir High
1. 5. 2012 12:02:09 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\Qoobox\Quarantine\C\WINDOWS\system32\67.exe.vir High
1. 5. 2012 12:02:15 Deleted Trojan program Backdoor.Win32.Floder.ijw C:\Qoobox\Quarantine\C\WINDOWS\system32\68.exe.vir High
1. 5. 2012 12:02:32 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\Qoobox\Quarantine\C\WINDOWS\system32\71.exe.vir High
1. 5. 2012 12:02:40 Deleted Trojan program Backdoor.Win32.Floder.ijw C:\Qoobox\Quarantine\C\WINDOWS\system32\74.exe.vir High
1. 5. 2012 12:02:49 Deleted virus Worm.Win32.AutoRun.dpzw C:\UsbFix\Quarantine\C\Documents and Settings\UserXP\t.exe.vir High
1. 5. 2012 12:03:22 Deleted Trojan program Trojan-Dropper.Win32.Injector.eufm C:\UsbFix\Quarantine\C\Documents and Settings\UserXP\Data aplikací\13.tmp.vir High
1. 5. 2012 12:03:33 Deleted virus Net-Worm.Win32.Kolab.bggt C:\UsbFix\Quarantine\C\Documents and Settings\UserXP\Data aplikací\14.tmp.vir High
1. 5. 2012 12:03:28 Deleted virus Worm.Win32.AutoRun.dpzw C:\UsbFix\Quarantine\C\Documents and Settings\UserXP\Data aplikací\Ygsisg.exe.vir High
1. 5. 2012 12:03:41 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\UsbFix\Quarantine\C\Recycler\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe.vir High
1. 5. 2012 12:03:53 Deleted Trojan program Trojan-Dropper.Win32.Injector.eufm C:\UsbFix\Quarantine\C\Recycler\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe.vir High
1. 5. 2012 12:04:08 Deleted virus Net-Worm.Win32.Kolab.bggt C:\WINDOWS\csdrive32.exe High
1. 5. 2012 12:15:48 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\WINDOWS\system32\35.exe High
Status: Quarantined (events: 1)
1. 5. 2012 11:58:09 Quarantined Trojan program HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\[4]-Submit_2012-04-29_23.08.25.zip/diactfrmy.dll High
flešky připojeny všechny 3
log hotov
Status: Disinfected (events: 9)
1. 5. 2012 10:42:45 Disinfected Trojan program Trojan-Dropper.Win32.Injector.eufm C:\UsbFix_Upload_Me_PRIVE-8790F49A2.zip High
1. 5. 2012 10:42:45 Disinfected Trojan program Trojan-Dropper.Win32.Injector.eufm C:\UsbFix_Upload_Me_PRIVE-8790F49A2.zip/UsbFix_Upload_Me/C/Documents and Settings/UserXP/Data aplikacÝ/13.tmp.vir High
1. 5. 2012 10:42:45 Disinfected virus Net-Worm.Win32.Kolab.bggt C:\UsbFix_Upload_Me_PRIVE-8790F49A2.zip/UsbFix_Upload_Me/C/Documents and Settings/UserXP/Data aplikacÝ/14.tmp.vir High
1. 5. 2012 10:42:45 Disinfected virus Worm.Win32.AutoRun.dpzw C:\UsbFix_Upload_Me_PRIVE-8790F49A2.zip/UsbFix_Upload_Me/C/Documents and Settings/UserXP/Data aplikacÝ/Ygsisg.exe.vir High
1. 5. 2012 10:42:45 Disinfected virus Worm.Win32.AutoRun.dpzw C:\UsbFix_Upload_Me_PRIVE-8790F49A2.zip/UsbFix_Upload_Me/C/Documents and Settings/UserXP/t.exe.vir High
1. 5. 2012 10:42:45 Disinfected Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\UsbFix_Upload_Me_PRIVE-8790F49A2.zip/UsbFix_Upload_Me/C/Recycler/R-1-5-21-1482476501-1644491937-682003330-1013/ecleaner.exe.vir High
1. 5. 2012 10:42:45 Disinfected Trojan program Trojan-Dropper.Win32.Injector.eufm C:\UsbFix_Upload_Me_PRIVE-8790F49A2.zip/UsbFix_Upload_Me/C/Recycler/S-1-5-21-0243556031-888888379-781863308-1830/zaberg.exe.vir High
1. 5. 2012 11:58:18 Disinfected Trojan program HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\[4]-Submit_2012-04-29_23.08.25.zip High
1. 5. 2012 11:58:18 Disinfected virus Worm.Win32.AutoRun.dpup C:\Qoobox\Quarantine\[4]-Submit_2012-04-29_23.08.25.zip/Ygsisg.exe High
Status: Deleted (events: 31)
1. 5. 2012 11:20:32 Deleted Trojan program Trojan.Win32.Jorik.Tedroo.akj C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec Endpoint Protection\Quarantine\0DA80000.VBN High
1. 5. 2012 11:20:32 Deleted Trojan program Trojan.Win32.Jorik.Tedroo.akj C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec Endpoint Protection\Quarantine\0DA80000.VBN//CryptZ High
1. 5. 2012 11:21:24 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\R2Y558QZ\i[1].exe High
1. 5. 2012 11:32:41 Deleted virus Worm.Win32.AutoRun.dpup C:\Documents and Settings\UserXP\Plocha\RK_Quarantine\Ygsisg.exe.vir High
1. 5. 2012 11:59:48 Deleted Trojan program Trojan-Dropper.Win32.Injector.eufm C:\Qoobox\Quarantine\C\Documents and Settings\UserXP\Data aplikací\10.tmp.vir High
1. 5. 2012 12:00:02 Deleted Trojan program Trojan-Dropper.Win32.Injector.eufm C:\Qoobox\Quarantine\C\Documents and Settings\UserXP\Data aplikací\16.tmp.vir High
1. 5. 2012 11:59:56 Deleted virus Worm.Win32.AutoRun.dpzw C:\Qoobox\Quarantine\C\Documents and Settings\UserXP\t.exe.vir High
1. 5. 2012 12:00:08 Deleted Trojan program Trojan-Dropper.Win32.Injector.eufm C:\Qoobox\Quarantine\C\Documents and Settings\UserXP\Data aplikací\3D.tmp.vir High
1. 5. 2012 12:00:15 Deleted Trojan program Trojan-Dropper.Win32.Injector.eufm C:\Qoobox\Quarantine\C\Documents and Settings\UserXP\Data aplikací\6.tmp.vir High
1. 5. 2012 12:00:21 Deleted virus Net-Worm.Win32.Kolab.bggt C:\Qoobox\Quarantine\C\Documents and Settings\UserXP\Data aplikací\7.tmp.vir High
1. 5. 2012 12:00:27 Deleted virus Net-Worm.Win32.Kolab.bgfv C:\Qoobox\Quarantine\C\Documents and Settings\UserXP\Data aplikací\8.tmp.vir High
1. 5. 2012 12:00:33 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\Qoobox\Quarantine\C\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe.vir High
1. 5. 2012 12:00:39 Deleted virus Net-Worm.Win32.Kolab.bggt C:\Qoobox\Quarantine\C\WINDOWS\csdrive32.exe.vir High
1. 5. 2012 12:00:49 Deleted Trojan program Backdoor.Win32.Floder.ijw C:\Qoobox\Quarantine\C\WINDOWS\system32\14.exe.vir High
1. 5. 2012 12:01:41 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\Qoobox\Quarantine\C\WINDOWS\system32\15.exe.vir High
1. 5. 2012 12:01:58 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\Qoobox\Quarantine\C\WINDOWS\system32\27.exe.vir High
1. 5. 2012 12:01:46 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\Qoobox\Quarantine\C\WINDOWS\system32\51.exe.vir High
1. 5. 2012 12:01:52 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\Qoobox\Quarantine\C\WINDOWS\system32\56.exe.vir High
1. 5. 2012 12:02:04 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\Qoobox\Quarantine\C\WINDOWS\system32\65.exe.vir High
1. 5. 2012 12:02:09 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\Qoobox\Quarantine\C\WINDOWS\system32\67.exe.vir High
1. 5. 2012 12:02:15 Deleted Trojan program Backdoor.Win32.Floder.ijw C:\Qoobox\Quarantine\C\WINDOWS\system32\68.exe.vir High
1. 5. 2012 12:02:32 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\Qoobox\Quarantine\C\WINDOWS\system32\71.exe.vir High
1. 5. 2012 12:02:40 Deleted Trojan program Backdoor.Win32.Floder.ijw C:\Qoobox\Quarantine\C\WINDOWS\system32\74.exe.vir High
1. 5. 2012 12:02:49 Deleted virus Worm.Win32.AutoRun.dpzw C:\UsbFix\Quarantine\C\Documents and Settings\UserXP\t.exe.vir High
1. 5. 2012 12:03:22 Deleted Trojan program Trojan-Dropper.Win32.Injector.eufm C:\UsbFix\Quarantine\C\Documents and Settings\UserXP\Data aplikací\13.tmp.vir High
1. 5. 2012 12:03:33 Deleted virus Net-Worm.Win32.Kolab.bggt C:\UsbFix\Quarantine\C\Documents and Settings\UserXP\Data aplikací\14.tmp.vir High
1. 5. 2012 12:03:28 Deleted virus Worm.Win32.AutoRun.dpzw C:\UsbFix\Quarantine\C\Documents and Settings\UserXP\Data aplikací\Ygsisg.exe.vir High
1. 5. 2012 12:03:41 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\UsbFix\Quarantine\C\Recycler\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe.vir High
1. 5. 2012 12:03:53 Deleted Trojan program Trojan-Dropper.Win32.Injector.eufm C:\UsbFix\Quarantine\C\Recycler\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe.vir High
1. 5. 2012 12:04:08 Deleted virus Net-Worm.Win32.Kolab.bggt C:\WINDOWS\csdrive32.exe High
1. 5. 2012 12:15:48 Deleted Trojan program Trojan.Win32.Jorik.IRCbot.kgb C:\WINDOWS\system32\35.exe High
Status: Quarantined (events: 1)
1. 5. 2012 11:58:09 Quarantined Trojan program HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine\[4]-Submit_2012-04-29_23.08.25.zip/diactfrmy.dll High
Přispějete na provoz fóra?