Samovolné vymazání Disku

[vyosek]

Rozdeleni jste zvladla na jednicku

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

• Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
• Spustte a kliknete na Deletion
• Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

Spustte znovu OTL

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :otl
  PRC - [2010.07.24 15:02:35 | 000,046,592 | ---- | M] () -- C:\Users\Martinix\AppData\Local\Temp\~f1d055.tmp
  IE - HKU\S-1-5-21-1079925923-1686804381-88085442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 5F 60 2B B7 FA CA 01 [binary data]
  O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
  O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
  O13 - gopher Prefix: missing
  O13 - gopher Prefix: missing
  O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
  O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
  O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O33 - MountPoints2\{fed2ebc8-5529-11df-8495-0022fa4e80c8}\Shell - "" = AutoRun
  
  :reg
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "EA Core"=-
  
  :files
  C:\WINDOWS\system32\*.tmp.dll /s
  C:\WINDOWS\system32\SET*.tmp /s
  C:\WINDOWS\*.tmp /s
  C:\Users\Martinix\AppData\Local\Temp\
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[Zlocenkova]

Mohu se zeptat kam se mi uložil ten log? Ve složce USBFIX a ten txt tam není.
Když se ten test dokončí, musím restartovat pc, tudíž ten log který mi vyskočí mi zmizí.

[vyosek]

Log z USBFixu je primo na disku C:
Log z OTL by na Vas mel po restaru vyskocit, pripadne je ulozen C:\_OTL\MovedFiles

[Zlocenkova]

############################## | UsbFix 7.017 | [Deletion]

User: Corrinus (Administrator) # CORRINUS [TOSHIBA Satellite A300]
Updated 22/07/10 by El Desaparecido / C_XX
Started at 11:24:50 | 29/07/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
Microsoft Windows 7 Professional (6.1.7600 64-Bit) #
Internet Explorer 8.0.7600.16385

Windows Firewall: Enabled
RAM -> 4094 Mb
C:\ (%systemdrive%) -> Fixed drive # 146 Gb (76 Mb free - 52%) [] # NTFS
D:\ -> Fixed drive # 152 Gb (113 Mb free - 75%) [Data] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Removable drive # 4 Gb (3 Mb free - 75%) [] # FAT32
I:\ -> CD-ROM

################## | Files # Infected Folders |

Deleted ! C:\Users\Martinix\AppData\Local\Temp\AutoRun.exe
Deleted ! C:\Users\Martinix\AppData\Local\Temp\Update.exe
Deleted ! G:\New Folder.lnk

################## | Registry |


################## | Mountpoints2 |


################## | Listing |

[29/07/2010 - 11:30:11 | SHD ] C:\$Recycle.Bin
[19/04/2010 - 19:53:46 | D ] C:\AMD
[19/04/2010 - 19:55:24 | D ] C:\ATI
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[22/07/2010 - 13:35:43 | D ] C:\HD Tune
[28/07/2010 - 13:18:51 | ASH | 3219644416] C:\hiberfil.sys
[30/04/2010 - 15:53:04 | D ] C:\Intel
[07/06/2010 - 14:56:43 | RHD ] C:\MSOCache
[28/07/2010 - 13:18:55 | ASH | 4292861952] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[25/07/2010 - 10:55:31 | RD ] C:\Program Files
[24/07/2010 - 15:23:30 | RD ] C:\Program Files (x86)
[20/07/2010 - 22:49:47 | HD ] C:\ProgramData
[19/04/2010 - 18:58:17 | SHD ] C:\Recovery
[22/07/2010 - 13:18:15 | D ] C:\rsit
[19/04/2010 - 20:18:37 | A | 211] C:\setup.log
[19/04/2010 - 20:05:48 | D ] C:\SWSETUP
[28/07/2010 - 13:18:44 | SHD ] C:\System Volume Information
[19/04/2010 - 20:17:15 | D ] C:\system.sav
[29/07/2010 - 11:30:11 | D ] C:\UsbFix
[29/07/2010 - 11:24:51 | A | 2049] C:\UsbFix.txt
[19/04/2010 - 18:58:27 | RD ] C:\Users
[24/07/2010 - 15:23:38 | D ] C:\Windows
[29/07/2010 - 11:30:11 | SHD ] D:\$RECYCLE.BIN
[22/07/2010 - 21:56:31 | D ] D:\Age of Empires II
[27/07/2010 - 22:27:35 | D ] D:\HAdnD2
[24/07/2010 - 15:26:23 | D ] D:\Mafia
[22/07/2010 - 21:33:48 | D ] D:\Program Files (x86)
[16/03/2001 - 16:59:26 | D ] D:\Support
[28/07/2010 - 13:18:50 | SHD ] D:\System Volume Information
[27/07/2010 - 22:16:07 | D ] D:\The Sims 3
[21/07/2010 - 22:22:58 | D ] D:\Warcraft III
[28/07/2010 - 15:33:55 | D ] D:\wow
[09/05/2010 - 15:17:06 | RD ] G:\Apocalyptica
[09/05/2010 - 15:19:10 | D ] G:\Apocalyptica Alba
[10/04/2011 - 23:59:52 | D ] G:\MICIN.DIR
[10/04/2011 - 23:59:52 | D ] G:\FMIN.DIR
[09/05/2010 - 15:16:52 | RD ] G:\Evanescence
[09/05/2010 - 15:16:54 | RD ] G:\Korn
[09/05/2010 - 15:16:56 | D ] G:\Metallica
[09/05/2010 - 15:17:00 | RD ] G:\System of Down
[24/06/2010 - 12:14:56 | RSHD ] G:\RECYCLER
[24/06/2010 - 12:15:32 | A | 309265] G:\metro1.pdf
[24/06/2010 - 12:23:32 | A | 195473] G:\metro terez.pdf
[23/06/2010 - 23:06:38 | A | 15186] G:\Judaismus.docx
[24/06/2010 - 12:14:56 | A | 328147] G:\metro.pdf

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_CORRINUS.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |

[vyosek]

Tak jeste poprosim o log z OTL po oprave

[Zlocenkova]

Nemam to tu. Mam jen složku USBFIX a v ní nic takového není

[vyosek]

Stahnete tedy OTL z meho podpisu a pak postupujte jak jsem psal

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :otl
  PRC - [2010.07.24 15:02:35 | 000,046,592 | ---- | M] () -- C:\Users\Martinix\AppData\Local\Temp\~f1d055.tmp
  IE - HKU\S-1-5-21-1079925923-1686804381-88085442-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 5F 60 2B B7 FA CA 01 [binary data]
  O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
  O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
  O13 - gopher Prefix: missing
  O13 - gopher Prefix: missing
  O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
  O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
  O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O33 - MountPoints2\{fed2ebc8-5529-11df-8495-0022fa4e80c8}\Shell - "" = AutoRun
  
  :reg
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "EA Core"=-
  
  :files
  C:\WINDOWS\system32\*.tmp.dll /s
  C:\WINDOWS\system32\SET*.tmp /s
  C:\WINDOWS\*.tmp /s
  C:\Users\Martinix\AppData\Local\Temp\
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem