Dobrý den,
při vložení flash disku mi počítač ohlásil vir Worm/Downadup v souboru C:\windows\system32\tjbah.dll.
Prosím o radu a pomoc při odstranění tohoto viru.
Zasílám log, i když si v tomto případě nejsem jistý, zda má nějakou hodnotu, flashka v době kontroly nebyla připojena.
Logfile of random's system information tool 1.08 (written by random/random)
Run by a at 2010-10-01 07:59:00
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 691 GB (97%) free of 715 GB
Total RAM: 2012 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:59:11, on 1.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\a\Plocha\programy\RSIT.exe
C:\Program Files\trend micro\a.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acronis.com/homecomputing/my/oem/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
--
End of file - 9140 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-11 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-08-30 278192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-10 842296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll [2010-01-08 1109504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-08-30 278192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-03 16862720]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-07-03 69632]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe [2008-04-30 1326352]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe [2008-04-30 909248]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008-04-30 140568]
"DiskeeperSystray"=C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-02-24 196709]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-03 61440]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-08-26 2048352]
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2010-01-08 974848]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-08-30 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-04 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-16 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2010-10-01 07:59:00 ----D---- C:\rsit
2010-10-01 07:59:00 ----D---- C:\Program Files\trend micro
2010-09-29 14:26:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-09-15 12:36:29 ----D---- C:\Program Files\Actual Earth 3D
2010-09-15 12:22:07 ----D---- C:\Documents and Settings\a\Data aplikací\skypePM
2010-09-15 12:20:43 ----D---- C:\Documents and Settings\a\Data aplikací\Skype
2010-09-15 12:20:14 ----D---- C:\Program Files\Common Files\Skype
2010-09-15 12:20:13 ----RD---- C:\Program Files\Skype
2010-09-15 12:20:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2010-09-15 07:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-15 07:29:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-15 07:29:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-15 07:29:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-15 07:29:37 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-15 07:29:33 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-15 07:28:23 ----A---- C:\WINDOWS\imsins.BAK
2010-09-15 07:28:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-10 12:06:14 ----D---- C:\Program Files\Microsoft Works
2010-09-10 12:05:47 ----D---- C:\Program Files\Microsoft Visual Studio
2010-09-10 12:05:46 ----D---- C:\Program Files\Common Files\DESIGNER
2010-09-10 12:04:57 ----D---- C:\Program Files\Microsoft.NET
2010-09-10 11:59:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-09-02 08:38:26 ----D---- C:\Program Files\Common Files\DivX Shared
2010-09-02 08:36:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-09-02 08:35:35 ----D---- C:\Documents and Settings\a\Data aplikací\WinRAR
2010-09-02 08:35:24 ----D---- C:\Program Files\WinRAR
======List of files/folders modified in the last 1 months======
2010-10-01 07:59:00 ----RD---- C:\Program Files
2010-10-01 07:49:51 ----D---- C:\WINDOWS\system32
2010-10-01 07:27:00 ----D---- C:\WINDOWS\Temp
2010-10-01 01:34:33 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-09-30 11:41:49 ----HD---- C:\$AVG8.VAULT$
2010-09-30 09:54:08 ----D---- C:\WINDOWS\Prefetch
2010-09-30 06:25:02 ----D---- C:\WINDOWS
2010-09-30 06:25:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg8
2010-09-30 06:24:53 ----SHD---- C:\System Volume Information
2010-09-30 06:24:53 ----D---- C:\WINDOWS\system32\Restore
2010-09-29 14:26:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-29 14:26:49 ----HD---- C:\WINDOWS\inf
2010-09-29 12:09:02 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-23 12:09:15 ----SD---- C:\Documents and Settings\a\Data aplikací\Microsoft
2010-09-15 12:20:33 ----SHD---- C:\WINDOWS\Installer
2010-09-15 12:20:14 ----D---- C:\Program Files\Common Files
2010-09-15 07:29:51 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-15 07:29:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-15 07:28:31 ----D---- C:\WINDOWS\Debug
2010-09-15 07:28:29 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-14 06:43:34 ----D---- C:\Program Files\Opera
2010-09-10 12:09:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-09-10 12:09:05 ----D---- C:\WINDOWS\SHELLNEW
2010-09-10 12:08:46 ----A---- C:\WINDOWS\win.ini
2010-09-10 12:08:41 ----D---- C:\Program Files\Common Files\System
2010-09-10 12:06:50 ----RSD---- C:\WINDOWS\assembly
2010-09-10 12:06:09 ----D---- C:\WINDOWS\WinSxS
2010-09-10 12:05:53 ----D---- C:\Program Files\Microsoft Office
2010-09-10 12:05:13 ----RSD---- C:\WINDOWS\Fonts
2010-09-06 12:59:50 ----D---- C:\Documents and Settings\a\Data aplikací\ICQ
2010-09-06 12:40:18 ----D---- C:\Program Files\ICQ7.0
2010-09-02 08:39:03 ----D---- C:\Program Files\Google
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AvgRkx86;avgrkx86.sys; C:\WINDOWS\System32\Drivers\avgrkx86.sys [2009-09-16 12552]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-08-12 45648]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2009-09-02 129248]
R0 tdrpman;Acronis Try&Decide and Restore Points filter; C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2009-09-02 368480]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2009-09-02 442048]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-16 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-16 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-09-16 108552]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-09-02 43424]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-10-31 93184]
R3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
R3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-07-03 244368]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2008-07-03 40832]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-03 4800000]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-04-30 427288]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-04 602112]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-09-16 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-16 297752]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-03-09 630905]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2007-12-12 65536]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2007-12-12 1531989]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-03 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-30 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-30 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
vir Worm/Downadup
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: vir Worm/Downadup
ahoj
1. odinstaluj pdfforge Toolbar
2. prescanuj PC s MBAM
1. odinstaluj pdfforge Toolbar
2. prescanuj PC s MBAM
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: vir Worm/Downadup
Toolbar odinstalován, MBAMem projeto, zde je jeho log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4726
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
1.10.2010 9:02:07
mbam-log-2010-10-01 (09-02-07).txt
Typ skenu: Rychlý sken
Skenované objekty: 131048
Uplynulý čas: 3 minuta(y), 45 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 1
Infikované klíče registru: 3
Infikované hodnoty registru: 1
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> Delete on reboot.
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4726
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
1.10.2010 9:02:07
mbam-log-2010-10-01 (09-02-07).txt
Typ skenu: Rychlý sken
Skenované objekty: 131048
Uplynulý čas: 3 minuta(y), 45 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 1
Infikované klíče registru: 3
Infikované hodnoty registru: 1
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> Delete on reboot.
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
Re: vir Worm/Downadup
fajn, mohlo by to byt OK
pozri ci existuje subor C:\windows\system32\tjbah.dll
pozri ci existuje subor C:\windows\system32\tjbah.dll
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: vir Worm/Downadup
nový scan MBAM nic neobjevil a ten soubor jsem nenašel.
Díky moc..
Mám ale ještě dotaz, ten vir se mi tam mohl dostat přes flashku od kolegy: Jak mám zjistit, že má na Flashce vir? normálně ji projet antivirem?
Dík za odpověď.
Díky moc..
Mám ale ještě dotaz, ten vir se mi tam mohl dostat přes flashku od kolegy: Jak mám zjistit, že má na Flashce vir? normálně ji projet antivirem?
Dík za odpověď.
Re: vir Worm/Downadup
ked bude zapojeny kluc pouzi USBFix - vid motji http://www.viry.cz/forum/viewtopic.php? ... ix#p907904
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: vir Worm/Downadup
tady je log z USBFixu. Chtělo to po mě cosi poslat na nějaké španělské stránky, ale to jsem teda neudělal:
############################## | UsbFix 7.027 | [Deletion]
User: a (Administrator) # STANICE4 [ ]
Updated 28/09/10 by El Desaparecido / C_XX
Started at 10:09:07 | 01/10/2010
Website: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
CPU 2: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall: Enabled
Antivirus: AVG Internet Security Network Edition 8.5 [Enabled | Updated]
RAM -> 2012 Mb
C:\ (%systemdrive%) -> Fixed drive # 699 Gb (676 Mb free - 97%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [Transcend] # FAT32
################## | Files # Infected Folders |
################## | Registry |
################## | Mountpoints2 |
################## | Listing |
[30/09/2010 - 11:41:49 | HD ] C:\$AVG8.VAULT$
[02/09/2009 - 12:25:17 | A | 0] C:\AUTOEXEC.BAT
[01/10/2010 - 09:57:58 | RASHD ] C:\Autorun.inf
[02/09/2009 - 12:19:44 | SH | 211] C:\boot.ini
[18/08/2004 - 14:00:00 | RASH | 4952] C:\Bootfont.bin
[02/09/2009 - 12:25:17 | A | 0] C:\CONFIG.SYS
[02/09/2009 - 12:31:55 | D ] C:\Documents and Settings
[14/09/2009 - 14:19:03 | D ] C:\ed8e15f0426d4fb06def477f0f27
[02/09/2009 - 12:33:21 | D ] C:\Intel
[02/09/2009 - 12:25:17 | RASH | 0] C:\IO.SYS
[02/09/2009 - 12:25:17 | RASH | 0] C:\MSDOS.SYS
[04/11/2009 - 14:07:57 | RHD ] C:\MSOCache
[18/08/2004 - 14:00:00 | RASH | 47564] C:\NTDETECT.COM
[09/09/2009 - 08:55:33 | RASH | 250576] C:\ntldr
[01/10/2010 - 09:06:02 | ASH | 2145386496] C:\pagefile.sys
[01/10/2010 - 09:00:33 | RD ] C:\Program Files
[02/09/2009 - 12:35:56 | A | 206] C:\realtek.log
[16/09/2009 - 08:19:23 | SHD ] C:\RECYCLER
[02/09/2009 - 12:35:56 | A | 581] C:\RHDSetup.log
[01/10/2010 - 07:59:12 | D ] C:\rsit
[28/01/2010 - 09:18:58 | D ] C:\SAS6
[24/06/2010 - 13:04:38 | A | 64593791] C:\sb081-05001.pdf
[01/10/2010 - 09:06:22 | SHD ] C:\System Volume Information
[02/09/2009 - 17:19:48 | D ] C:\TempEI4
[24/06/2010 - 13:03:20 | D ] C:\totalcmd
[01/10/2010 - 10:09:18 | D ] C:\UsbFix
[01/10/2010 - 10:09:18 | A | 839] C:\UsbFix.txt
[01/10/2010 - 09:57:15 | A | 165746] C:\UsbFix_Upload_Me_STANICE4.zip
[01/10/2010 - 09:06:32 | D ] C:\WINDOWS
[13/09/2010 - 12:37:48 | D ] E:\ŠVP ZŠS a ZŠS těžké ment. postižení a postižení více vadami
[01/10/2010 - 07:51:20 | D ] E:\ŠVP změny
[01/10/2010 - 09:58:00 | RASHD ] E:\Autorun.inf
[12/03/2010 - 13:07:00 | RSHD ] E:\RECYCLER
[13/09/2010 - 11:07:42 | D ] E:\ŠVP ZŠ a ZŠp
################## | Vaccin |
C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_STANICE4.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.
################## | E.O.F |
############################## | UsbFix 7.027 | [Deletion]
User: a (Administrator) # STANICE4 [ ]
Updated 28/09/10 by El Desaparecido / C_XX
Started at 10:09:07 | 01/10/2010
Website: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
CPU 2: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall: Enabled
Antivirus: AVG Internet Security Network Edition 8.5 [Enabled | Updated]
RAM -> 2012 Mb
C:\ (%systemdrive%) -> Fixed drive # 699 Gb (676 Mb free - 97%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [Transcend] # FAT32
################## | Files # Infected Folders |
################## | Registry |
################## | Mountpoints2 |
################## | Listing |
[30/09/2010 - 11:41:49 | HD ] C:\$AVG8.VAULT$
[02/09/2009 - 12:25:17 | A | 0] C:\AUTOEXEC.BAT
[01/10/2010 - 09:57:58 | RASHD ] C:\Autorun.inf
[02/09/2009 - 12:19:44 | SH | 211] C:\boot.ini
[18/08/2004 - 14:00:00 | RASH | 4952] C:\Bootfont.bin
[02/09/2009 - 12:25:17 | A | 0] C:\CONFIG.SYS
[02/09/2009 - 12:31:55 | D ] C:\Documents and Settings
[14/09/2009 - 14:19:03 | D ] C:\ed8e15f0426d4fb06def477f0f27
[02/09/2009 - 12:33:21 | D ] C:\Intel
[02/09/2009 - 12:25:17 | RASH | 0] C:\IO.SYS
[02/09/2009 - 12:25:17 | RASH | 0] C:\MSDOS.SYS
[04/11/2009 - 14:07:57 | RHD ] C:\MSOCache
[18/08/2004 - 14:00:00 | RASH | 47564] C:\NTDETECT.COM
[09/09/2009 - 08:55:33 | RASH | 250576] C:\ntldr
[01/10/2010 - 09:06:02 | ASH | 2145386496] C:\pagefile.sys
[01/10/2010 - 09:00:33 | RD ] C:\Program Files
[02/09/2009 - 12:35:56 | A | 206] C:\realtek.log
[16/09/2009 - 08:19:23 | SHD ] C:\RECYCLER
[02/09/2009 - 12:35:56 | A | 581] C:\RHDSetup.log
[01/10/2010 - 07:59:12 | D ] C:\rsit
[28/01/2010 - 09:18:58 | D ] C:\SAS6
[24/06/2010 - 13:04:38 | A | 64593791] C:\sb081-05001.pdf
[01/10/2010 - 09:06:22 | SHD ] C:\System Volume Information
[02/09/2009 - 17:19:48 | D ] C:\TempEI4
[24/06/2010 - 13:03:20 | D ] C:\totalcmd
[01/10/2010 - 10:09:18 | D ] C:\UsbFix
[01/10/2010 - 10:09:18 | A | 839] C:\UsbFix.txt
[01/10/2010 - 09:57:15 | A | 165746] C:\UsbFix_Upload_Me_STANICE4.zip
[01/10/2010 - 09:06:32 | D ] C:\WINDOWS
[13/09/2010 - 12:37:48 | D ] E:\ŠVP ZŠS a ZŠS těžké ment. postižení a postižení více vadami
[01/10/2010 - 07:51:20 | D ] E:\ŠVP změny
[01/10/2010 - 09:58:00 | RASHD ] E:\Autorun.inf
[12/03/2010 - 13:07:00 | RSHD ] E:\RECYCLER
[13/09/2010 - 11:07:42 | D ] E:\ŠVP ZŠ a ZŠp
################## | Vaccin |
C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_STANICE4.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.
################## | E.O.F |
Re: vir Worm/Downadup
OKi - nic sa nenaslo, navyse prebehla vakcinacia, takze mozes pracovat bez obav 
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: vir Worm/Downadup
Tak snad už to bude v pořádku..děkuji moc.
Re: vir Worm/Downadup
rado sa stalo
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Přispějete na provoz fóra?